This release includes the fix for a vulnerability reported by Omer Shlomovits of KZen Networks (ZenGo). We would like to extend our thanks to KZen for their expert analysis and timely reporting of this issue.

Overview

The vulnerability applies to the re-sharing protocol only.

It allows for a malicious actor to cause a new committee member to abort the protocol, unable to write a valid share to disk. The other participants would continue as normal and overwrite their share data.

The Fix

With the fix, all participants will fail to complete the protocol when this attack is attempted.

To achieve this, a final round has been added to the re-sharing protocol where the new committee members send ack messages to members of both the old and new committees. Each participant must receive ack messages from n members of the new committee (excluding themselves) before they save any data to disk.

API Changes

The isToOldCommittee boolean has been removed from the signature of UpdateFromBytes.