CVE-2023-26556
Description
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
io.finnet tss-lib before 2.0.0 leaks secret keys via timing side-channel due to non-constant-time scalar multiplication in Go's crypto/elliptic library.
Vulnerability
Description CVE-2023-26556 is a timing side-channel vulnerability in io.finnet tss-lib before version 2.0.0. The root cause is the use of Go's crypto/elliptic library for scalar multiplication, which is not implemented in constant time due to an if statement inside a loop [1][2]. This non-constant-time implementation allows an attacker to observe timing variations during key generation, specifically in the ecdsa/keygen/round_2.go file [2].
Exploitation
An attacker who can precisely measure the time taken by the key generation process can exploit this side-channel to recover the secret key. The attack does not require network access to the signing operations, as the leakage occurs during key generation itself. No authentication is needed if the attacker can observe the timing remotely (e.g., via network latency analysis) or locally [2].
Impact
Successful exploitation leads to the complete disclosure of the secret key, compromising the threshold signature scheme. This means an attacker can produce valid signatures on behalf of the group or recover the private key. The vulnerability also affects forks like bnb-chain/tss-lib and thorchain/tss [2].
Mitigation
The fix is available in tss-lib version 2.0.0 and later. Users are strongly advised to upgrade immediately. The vulnerability is also tracked as GO-2023-1732 in the Go vulnerability database [4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/bnb-chain/tss-libGo | < 2.0.0 | 2.0.0 |
github.com/binance-chain/tss-libGo | < 2.0.0 | 2.0.0 |
Affected products
3- io.finnet/tss-libdescription
- ghsa-coords2 versions
< 2.0.0+ 1 more
- (no CPE)range: < 2.0.0
- (no CPE)range: < 2.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- github.com/advisories/GHSA-3w84-4mjc-rjw7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26556ghsaADVISORY
- github.com/IoFinnet/tss-lib/releases/tag/v2.0.0ghsaWEB
- github.com/bnb-chain/tss-lib/issues/44ghsaWEB
- github.com/bnb-chain/tss-lib/releases/tag/v2.0.0ghsaWEB
- github.com/bnb-chain/tss-lib/tree/v1.3.5ghsaWEB
- gitlab.com/thorchain/tss/tss-lib/-/tags/v0.1.3ghsaWEB
- medium.com/@iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155bghsaWEB
- pkg.go.dev/vuln/GO-2023-1732ghsaWEB
- medium.com/%40iofinnet/security-disclosure-for-ecdsa-and-eddsa-threshold-signature-schemes-4e969af7155bmitre
News mentions
0No linked articles in our index yet.