GHSA-7f6p-phw2-8253: Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws
(updated )
Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer (OT) based protocol DKLS:
References
- eprint.iacr.org/2018/499.pdf
- github.com/advisories/GHSA-7f6p-phw2-8253
- github.com/taurushq-io/multi-party-sig
- github.com/taurushq-io/multi-party-sig/blob/4d84aafb57b437da1b933db9a265fb7ce4e7c138/internal/ot/extended.go
- github.com/taurushq-io/multi-party-sig/blob/9e4400fccee89be6195d0a12dd0ed052288d5040/internal/ot/extended.go
- github.com/taurushq-io/multi-party-sig/security/advisories/GHSA-7f6p-phw2-8253
- github.com/taurushq-io/multi-party-sig/tree/otfix
Detect and mitigate GHSA-7f6p-phw2-8253 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →