This project is a proof-of-concept for the small Paillier attack on threshold ECDSA protocols GG18 and GG20. The details of this attack are presented in our paper, section 2.3.
We stress that the library we are using to demonstrate the attack, is not susceptible to it, as Paillier size check is present in the code. We commented out the check to show that without it the implementation would be vulnerable.
As described in the paper, we were able to choose Paillier N close to q and successfully completed signatures by reconstructing
correct values after MtA.
To run the project, gmp is required. After cloning, run
cargo test small_paillier_attack -- --nocapture