Binance created an open source software library available on Github implementing a threshold ECDSA signature scheme (TSS), and hired Kudelski Security to perform a security assessment of this library. The report is available on Binance’s blog, or can be downloaded below.
• 7 security issues of medium severity
• 3 security issues of low severity
• 20 observations related to general code safety
all of which have already been fixed by the Binance team, and the respective patches reviewed by us.
Working on this audit has been really interesting. A threshold signature scheme is a particular kind of secure multiparty computation scheme used to jointly generate a signature by a subset of signing parties. A trivial way to accomplish this task would be:
- generate a public/private signature keypair;
- split the signing key into M-out-of-N key secret shares using, e.g., Shamir’s secret sharing scheme
- When necessary to sign a document, recollect at least M shares among N authorized parties and use them to recover the signing key and perform the signature.
However, this would have the clear disadvantage that, at some point, some party would be able to reconstruct the whole signing key. In a TSS instead, the signing parties engage in an interactive protocol such that nobody ever obtains knowledge of someone else’s secret share, yet at the end, a valid signature for the input message is generated. This complicated scheme involves many protocols as subcomponents, such as commitment schemes, Paillier encryption, trusted randomness generation, range proofs, Schnorr proofs, and verifiable secret-sharing.
We would like to thank again the Binance team for trusting us and for their constant availability to answer our questions and to provide feedback about our findings.
Download the full report: