Tweet
Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets
Nikolaos Makriyannis, Cryptography Research Lead at Fireblocks, He/Him
Oren Yomtov, Blockchain Research Lead at Fireblocks, He/Him
Demo, Tool, Exploit
20
Multi-Party Computation (MPC) has become a common cryptographic technique for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC algorithms are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintechs/banks servicing hundreds of millions of consumers and thousands of financial institutions.
This presentation examines the most common MPC protocols and implementations and shows that securing MPC remains a challenge for most companies.
We show practical key-exfiltration attacks requiring no more than a couple of hundred signatures. Namely, we show three different attacks on different protocols/implementations requiring 256, 16, and *one* signature, respectively.
Oren Yomtov:
Oren Yomtov (@orenyomtov), Blockchain Research Lead at Fireblocks, is a security researcher with over a decade of experience. In the past year, focusing on the blockchain space, he disclosed a critical vulnerability in a blockchain with a market cap of $100 million and created the first open-source, trustless Bitcoin NFT marketplace, OpenOrdex.
@orenyomtov
Nikolaos Makriyannis:
Nikolaos Makriyannis (Nikos), Cryptography Research Lead at Fireblocks, is a cryptography PhD, specializing in the areas of multiparty computation (MPC). Nikos is the co-inventor of the CMP20 and CGGMP21 protocols published in ACM CCS'20 and used by multiple wallet providers.
@nik_mak_
REFERENCES:
Rosario Gennaro and Steven Goldfeder. "One Round Threshold ECDSA with Identifiable Abort." Cryptology ePrint Archive, Paper 2020/540, 2020.
Yehuda Lindell. "Fast Secure Two-Party ECDSA Signing." Journal of Cryptology, vol. 34, no. 4, 2021, pp. 44.
Rosario Gennaro and Steven Goldfeder. "Fast Multiparty Threshold ECDSA with Fast Trustless Setup." Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 1179-1194.