Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Practical key-extraction attacks in leading MPC wallets

September 27, 2023


Nikolaos Makriyannis - Fireblocks


Abstract. Multi-Party Computation (MPC) has become a major tool for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC protocols are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintech companies servicing thousands of financial institutions and hundreds of millions of end-user consumers. In this talk, we present four novel key-extraction attacks on popular MPC signing protocols showing how a single corruptedparty may extract the secret in full during the MPC signing process. Our attacks are highly practical (the practicality of the attackdepends on the number of signature-generation ceremonies the attacker participates in before extracting the key). Namely, weshow key-extraction attacks against different threshold-ECDSA protocols/implementations requiring 10$^6$, 256, 16, and *onesignature*, respectively. In addition, we provide proof-of-concept code that implements our attacks. In the interest of drafting specifications for threshold schemes, this talk offers key insights into the considerations and potential pitfalls when utilizing Paillier encryption in an MPC setting.

[Slides] [Video]

Presented at

MPTS 2023: NIST Workshop (virtual) on Multi-Party Threshold Schemes 2023

Event Details



Related Topics

Security and Privacy: cryptography

Created September 21, 2023, Updated October 25, 2023