This project is a proof-of-concept for the missing range proof attack on threshold ECDSA protocols GG18 and GG20. The details of this attack are presented in our paper, section 2.2.
The value of M used in the code is 2^16, leading to key leakage in 16 signatures, which can be improved upon by choosing larger values of M.
For M=2^29 and key leakage in 8 signatures, my laptop would have to work for about 2 days, i.e. it's completely possible, as most of the
computation is done before the attack and no computation is needed during or between signatures.
Presented vulnerability was fixed in this commit.
To run the project, gmp is required. After cloning, run
cargo test large_k_attack -- --nocapture