Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MI-04 Undocumented Cryptographic Key Derivation #76

Open
xoloki opened this issue May 15, 2024 · 0 comments
Open

MI-04 Undocumented Cryptographic Key Derivation #76

xoloki opened this issue May 15, 2024 · 0 comments
Assignees
@xoloki
Labels
audit

Comments

@xoloki
Copy link
Collaborator

xoloki commented May 15, 2024

During the private shares step, all signers will compute a private share representing the evaluation of their polynomial f(X) at a scalar i and then encrypt it for another signer. This is done by first computing a shared secret using elliptic curve Diffie-Hellman and then using a custom key derivation scheme to derive a key to be used by the symmetric encryption scheme. However, this protocol is not documented and appears to be a custom creation. Since this key-exchange, key derivation and encryption protocol has not been analyzed, and other protocols using very similar elements have been analyzed and provide security guarantees, there is an unnecessary risk being taken that could be eliminated.
@xoloki xoloki added the audit label May 15, 2024
@xoloki xoloki self-assigned this May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xoloki xoloki

Labels
audit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xoloki