all InfoSec news
Don’t overextend your Oblivious Transfer
Malware Analysis, News and Indicators - Latest topics malware.news
By Joop van de Pol
We found a vulnerability in a threshold signature scheme that allows an attacker to recover the signing key of threshold ECDSA implementations that are based on Oblivious Transfer (OT). A malicious participant of the threshold signing protocols could perform selective abort attacks during the OT extension subprotocol, recover the secret values of other parties, and eventually recover the signing key. Using this key, the attacker could assume the identities of users, gain control over critical …
attacker attacks don ecdsa extension found key malicious oblivious protocols recover secret signature signing signing key threshold transfer van vulnerability