Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-33242 PoC — Lindell17 TSS Abort Mishandling

Source
https://github.com/d0rb/CVE-2023-33242
Associated Vulnerability
Title:Lindell17 TSS Abort Mishandling (CVE-2023-33242)
Description:Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.
Description
CVE-2023-33242  PoC
Readme
# CVE-2023-33242
CVE-2023-33242  PoC
The simulated Lindell17 protocol is vulnerable to a bit extraction exploit, allowing an attacker to recover the private key by iteratively extracting individual bits of the key. The protocol is designed to generate ECDSA signatures in a client-server model, with each party holding a share of the ECDSA secret key. The vulnerability lies in the mishandling of aborts during signature attempts, enabling the attacker to extract bits of the secret key over multiple iterations.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →