Important
Please note that under responsible disclosure, this information is not for public consumption. The details of the attacks will be made public during their presentation at Black Hat USA on August 10, 2023.
On March 27, Verichains, a blockchain security firm based out of Singapore and Vietnam, published a press release about its discovery of key extraction attacks in certain implementations of MPC. Upon reviewing the documentation shared with us by the Verichains team on March 30, Fireblocks’ cryptography research team has confirmed that Fireblocks’ MPC-CMP implementation is not vulnerable to the attacks described by Verichains.
The Verichains report identifies three ways an attacker can generate a bad ZK proof, all relating to injecting faulty Pedersen parameters. Fireblocks’ cryptography research team has confirmed that we are not vulnerable to any of the three attacks mentioned in the report.
The attacks identified target bad implementations of the GG/CMP family of protocols. Fireblocks’ implementation does not fall within any of these bad implementations.