Practical key-extraction attacks in leading MPC wallets

Abstract. Multi-Party Computation (MPC) has become a major tool for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC protocols are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintech companies servicing thousands of financial institutions and hundreds of millions of end-user consumers.

In this talk, we present four novel key-extraction attacks on popular MPC signing protocols showing how a single corruptedparty may extract the secret in full during the MPC signing process. Our attacks are highly practical (the practicality of the attackdepends on the number of signature-generation ceremonies the attacker participates in before extracting the key). Namely, weshow key-extraction attacks against different threshold-ECDSA protocols/implementations requiring 10$^6$, 256, 16, and *onesignature*, respectively. In addition, we provide proof-of-concept code that implements our attacks.

In the interest of drafting specifications for threshold schemes, this talk offers key insights into the considerations and potential pitfalls when utilizing Paillier encryption in an MPC setting.