Impact
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key.
Patches
cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check- However, we recommend upgrading to
cggmp24 v0.7.0-alpha.2 in which we've introduced many other security check as a precaution. Follow migration guideline to upgrade.
Workarounds
Update at least to cggmp21 v0.6.3, a patch (minor) release that contains minimal security patch.
However, for full mitigation, you'll need to upgrade to cggmp24 v0.7.0-alpha.2 as it contains many more security checks implemented.
References
Read our blog post to learn more.
Impact
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key.
Patches
cggmp21 v0.6.3is a patch release that contains a fix that introduces this specific missing checkcggmp24 v0.7.0-alpha.2in which we've introduced many other security check as a precaution. Follow migration guideline to upgrade.Workarounds
Update at least to
cggmp21 v0.6.3, a patch (minor) release that contains minimal security patch.However, for full mitigation, you'll need to upgrade to
cggmp24 v0.7.0-alpha.2as it contains many more security checks implemented.References
Read our blog post to learn more.