This article is a follow-up of the excellent blog post written last year by Pascal Junod. This explains the strange title. The former post was
Category: TSS
Multiple CVEs in threshold cryptography implementations
Introduction io.finnet hired us to perform a code audit of their threshold ECDSA signature implementation called tss-lib based on the paper UC Non-Interactive, Proactive, Threshold
Audit of ING’s Threshold ECDSA Library – And a dangerous vulnerability in existing Gennaro-Goldfeder’18 implementations
ING (Dutch bank) recently released their own implementation of the popular Gennaro-Goldfeder’18 Threshold ECDSA signature scheme in the form of a library written in Rust.
Audit of AMIS’ Hierarchical Threshold Signature Scheme
AMIS implemented a hierarchical variant of threshold signatures, using different levels/ranks in its distributed key generation (DKG) and signing logic, based on a previous research paper.
Audit of Binance TSS-lib
Binance created an open source software library available on Github implementing a threshold ECDSA signature scheme (TSS), and hired Kudelski Security to perform a security
Audit of KZen’s Multi-party ECDSA
KZen hired Kudelski Security to perform a security assessment of their Multi-party ECDSA library and provided us access to their source code and associated documentation.