At the core of modern Multi-Party Computation (MPC) wallets and digital asset custody solutions of major blockchains is a cryptographic protocol named Threshold Signature Scheme (TSS). Today, many institutions, including banks, exchanges, and wallets, rely on TSS to enable a group of parties to authorize transactions by generating signatures without having to reveal their individual secret keys. Consequently, the security of TSS is of utmost importance to many digital asset financial ecosystems.
In this talk, we will share our BlackHat USA 2023 presentation on TSSHOCK, our new key extraction attacks and demonstrate the attacks so the audience can witness how the attacker could steal asset vaults in seconds.
Most TSS implementations rely on Gennaro & Goldfeder’s papers, which use homomorphic encryption and zero-knowledge proofs to secure digital assets worth billions of USD. Unfortunately, despite having undergone multiple security audits, these implementations – including the de-facto open-source TSS frameworks in Golang and Rust – are vulnerable to three new key extraction attacks that our team at Verichains has discovered.
