'Wagner attack' in Monero multisig #7830
Comments
|
Still no one solved it ? Digital Envelopes , signatures implementation along with MRL-009 , check the internet engineering task force latest rfc9101 to have a sufficient knowledge of how a secure communication channel should be specially in form of secure implementation of apis. |
|
@AAH20 We already have a solution (MRL-0009), it just requires someone to implement it. Transmitting data between multisig participants securely is out-of-scope for this issue. |
This was referenced Sep 8, 2021
|
given #8149 has been merged , believe this one has been fixed, correct? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Monero's multisignature implementation is vulnerable to a Wagner attack: if multiple signatures are constructed for a given address, and the wagner attack is executed, then the attacker can learn the private key shares of other participants.
We (Haveno) had talks with @luigi1111, @SarangNoether, @moneromooo-monero and @UkoeHB about it. Looks like the change needed to fix the vulnerability would be quite invasive so a deeper look into the problem is needed.
@SarangNoether suggests to implement MRL-0009. @moneromooo-monero gave his availability for the coding part if somebody provide him with python code to refactor into C++. We need a cryptographer willing to look into the issue and provide mooo with the info he needs.
Haveno is happy to provide resources to fix the vulnerability and we already opened an issue to keep track of progresses: haveno-dex/haveno#103. As you can see, the issue has a bounty, but we could provide more resources if necessary.
The text was updated successfully, but these errors were encountered: