mantlenetworkio/mantle

[tss][cs-20]: Malleable Keysign/Keygen MsgId

Opened this issue · 0 comments

The keyAccumulation loop concatenates the dynamic length strings to one big byte sequence. The original array-item structure is not preserved, introducing an ambiguity where different input arrays will produce the same compressed byte sequence and, therefore, msgId.

For example,["112233","44"] yields the same sequence as ["11", "223344"]. This msgId is malleable because a requester can force the same msgId on different input parameters, potentially confusing and sabotaging the keygen/keysign ceremony.