SECURITY UPDATE

io.finnet Company Unaffected by Fireblocks’ Vulnerability Report on GG18 and GG20

September 12, 2023
3 min
read
Blog
Arrow
SECURITY UPDATE

In a recent vulnerability report published by Fireblocks’ research team, a significant security flaw has been uncovered in two widely adopted threshold signature schemes (TSS): GG18 and GG20. These schemes play a pivotal role in the MPC-wallet industry, making it imperative to address the concerns raised about their vulnerabilities. In light of this, io.finnet distinguishes itself by using more recent and more advanced schemes that supersede GG18 and GG20. Consequently, io.finnet remains completely impervious to the vulnerabilities underscored by Fireblocks’ comprehensive report.

According to the detailed findings presented in Fireblocks’ report, the vulnerabilities were detected in the pseudocode, primarily affecting vendors who have implemented the specification from the GG18 and GG20 papers. The root cause of these vulnerabilities stems from the failure to conduct thorough checks on the Paillier modulus, denoted as N, subsequently leading to the presence of small factors and biprimality. The exploitation of this vulnerability may provide malicious actors with a foothold to exfiltrate crucial key information and potentially gain unwarranted access to digital assets.

However, io.finnet stands on the vanguard, as they have never incorporated the GG18 or GG20 threshold signature schemes into their systems. This strategic decision renders them immune to the vulnerabilities highlighted and scrutinized in Fireblocks’ report. Consequently, the sensitive information and well-guarded secrets within io.finnet remain secure, unassailable, and impervious to any unauthorized intrusion.

While Fireblocks’ report undoubtedly serves as a clarion call for all companies relying on GG18 and GG20, it is vital to understand the unparalleled measures proactively adopted by io.finnet to fortify the safety of their systems. The company has implemented an airtight key-generation process, capable of diligently identifying and uncovering any subverted Paillier moduli, thereby effectively curtailing the risk of potential attacks. Moreover, io.finnet has implemented the cutting-edge CGGMP21 paper, which contains thorough security analyses and formal proofs. In particular, CGGMP21 avoids the vulnerability referenced in the GG18 and GG20 findings by employing zero-knowledge proofs that exclude moduli with factors smaller than 2**256.

In the realm of unparalleled security, io.finnet emerges as a champion, remaining utterly unaffected by the vulnerabilities unearthed and meticulously elucidated in Fireblocks’ vulnerability report on GG18 and GG20. io.finnet’s unwavering commitment to prioritizing the security and safeguarding the sensitive information of their esteemed clientele remains unrivaled. With each passing day, io.finnet solidifies its steadfast position as a trusted guardian in the dynamic and ever-evolving realm of the MPC industry.

In conclusion, io.finnet’s steadfast stance of using the CGGMP21 instead of the vulnerable GG18 and GG20 signature schemes is a testament to their unwavering dedication to providing the utmost protection for their clients. Through the adoption of advanced key-generation processes seamlessly integrated with detection mechanisms, io.finnet champions a culture of excellence, reinforcing trust and security in an industry fraught with uncertainty. As the industry continues to face new challenges and threats, io.finnet remains firmly committed to pioneering innovative solutions and assuring the safety of their clients’ sensitive information. With their proactive approach, io.finnet is poised to stay ahead of the curve and continue instilling confidence in their valued clientele in the volatile landscape of the MPC industry.

To learn more about digital security, visit iofinnet.com. io.finnet is a cutting-edge software company that specializes in blockchain-based solutions for digital asset custody and instant settlement.

Learn more
Thumbnail
NAVIGATE THE NEWS
4 min
read
io.finnet Achieves SOC 2 Type 1 Compliance, Demonstrating Commitment to Transparency and Data Security
io.finnet, a pioneering tech firm at the forefront of digital security, is thrilled to announce the successful completion of its SOC 2 Type 1 audit.
Read more
Arrow
Thumbnail
LEARN
3 min
read
Enhancing Security in the Digital Landscape: The Power of MPC-TSS
In today’s digital landscape, security is of utmost importance. Cryptography plays a crucial role in securing sensitive information to protect us online, safeguarding our access to financial infrastructure like e-banking.
Read more
Arrow
Thumbnail
LEARN
3 min
read
Why Self-Custody is the Key to Secure Settlements
In the world of digital assets, security is a top priority. Given the growing number of financial service providers entering the digital asset market, recognizing the importance of self-custody in achieving secure settlements is crucial.
Read more
Arrow
Contact Us
website Privacy PolicyWEBSITE TERMS OF USECOOKIE POLICYBRAND MEDIA KITPRESSBLOG
Copyright © 2024 • io.finnet.
About us
Careers
Our solution
Developers
Member Of