Описание
cggmp21 has a missing check in the ZK proof used in CGGMP21
Impact
cggmp21 concerns a missing check in the ZK proof that enables an attack in which a single malicious signer can reconstruct full private key.
Patches
cggmp21 v0.6.3is a patch release that contains a fix that introduces this specific missing check- However, cggmp21 recommends upgrading to
cggmp24 v0.7.0-alpha.2which contains many other security checks as a precaution. Follow migration guideline to upgrade.
Workarounds
Update to cggmp21 v0.6.3, a minor release that contains a minimal security patch.
However, for full mitigation, users will need to upgrade to cggmp24 v0.7.0-alpha.2 as it contains many more security check implementations.
Resources
Read this blog post to learn more.
Ссылки
- https://github.com/LFDT-Lockness/cggmp21/security/advisories/GHSA-m95p-425x-x889
- https://nvd.nist.gov/vuln/detail/CVE-2025-66016
- https://github.com/LFDT-Lockness/cggmp21/commit/60e0ada5291e771d5649793329d99edd32285e72
- https://rustsec.org/advisories/RUSTSEC-2025-0129.html
- https://rustsec.org/advisories/RUSTSEC-2025-0130.html
- https://www.dfns.co/article/cggmp21-vulnerabilities-patched-and-explained
Пакеты
cggmp21
< 0.6.3
0.6.3
cggmp24
< 0.7.0-alpha.2
0.7.0-alpha.2
Связанные уязвимости
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing (requires 3 preprocessing rounds), identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. This issue has been patched in version 0.6.3, for full mitigation it is recommended to upgrade to cggmp24 version 0.7.0-alpha.2 as it contains more security checks.