io.finnet Company Unaffected by Fireblocks’ Vulnerability Report on GG18 and GG20

September 12, 2023
3 min

In a recent vulnerability report published by Fireblocks’ research team, a significant security flaw has been uncovered in two widely adopted threshold signature schemes (TSS): GG18 and GG20. These schemes play a pivotal role in the MPC-wallet industry, making it imperative to address the concerns raised about their vulnerabilities. In light of this, io.finnet distinguishes itself by using more recent and more advanced schemes that supersede GG18 and GG20. Consequently, io.finnet remains completely impervious to the vulnerabilities underscored by Fireblocks’ comprehensive report.

According to the detailed findings presented in Fireblocks’ report, the vulnerabilities were detected in the pseudocode, primarily affecting vendors who have implemented the specification from the GG18 and GG20 papers. The root cause of these vulnerabilities stems from the failure to conduct thorough checks on the Paillier modulus, denoted as N, subsequently leading to the presence of small factors and biprimality. The exploitation of this vulnerability may provide malicious actors with a foothold to exfiltrate crucial key information and potentially gain unwarranted access to digital assets.

However, io.finnet stands on the vanguard, as they have never incorporated the GG18 or GG20 threshold signature schemes into their systems. This strategic decision renders them immune to the vulnerabilities highlighted and scrutinized in Fireblocks’ report. Consequently, the sensitive information and well-guarded secrets within io.finnet remain secure, unassailable, and impervious to any unauthorized intrusion.

While Fireblocks’ report undoubtedly serves as a clarion call for all companies relying on GG18 and GG20, it is vital to understand the unparalleled measures proactively adopted by io.finnet to fortify the safety of their systems. The company has implemented an airtight key-generation process, capable of diligently identifying and uncovering any subverted Paillier moduli, thereby effectively curtailing the risk of potential attacks. Moreover, io.finnet has implemented the cutting-edge CGGMP21 paper, which contains thorough security analyses and formal proofs. In particular, CGGMP21 avoids the vulnerability referenced in the GG18 and GG20 findings by employing zero-knowledge proofs that exclude moduli with factors smaller than 2**256.

In the realm of unparalleled security, io.finnet emerges as a champion, remaining utterly unaffected by the vulnerabilities unearthed and meticulously elucidated in Fireblocks’ vulnerability report on GG18 and GG20. io.finnet’s unwavering commitment to prioritizing the security and safeguarding the sensitive information of their esteemed clientele remains unrivaled. With each passing day, io.finnet solidifies its steadfast position as a trusted guardian in the dynamic and ever-evolving realm of the MPC industry.

In conclusion, io.finnet’s steadfast stance of using the CGGMP21 instead of the vulnerable GG18 and GG20 signature schemes is a testament to their unwavering dedication to providing the utmost protection for their clients. Through the adoption of advanced key-generation processes seamlessly integrated with detection mechanisms, io.finnet champions a culture of excellence, reinforcing trust and security in an industry fraught with uncertainty. As the industry continues to face new challenges and threats, io.finnet remains firmly committed to pioneering innovative solutions and assuring the safety of their clients’ sensitive information. With their proactive approach, io.finnet is poised to stay ahead of the curve and continue instilling confidence in their valued clientele in the volatile landscape of the MPC industry.

To learn more about digital security, visit io.finnet is a cutting-edge software company that specializes in blockchain-based solutions for digital asset custody and instant settlement.