CVE-2023-26557

CVE-2023-26557 describes a timing side-channel vulnerability in io.finnet tss-lib, a threshold signature scheme library, prior to version 2.0.0. The library relies on Go's big.Int for cryptographic operations such as comparison, modular exponentiation, and modular inverse, which are not constant-time. This non-constant-time behavior can leak the lambda value (a private key component) to an attacker capable of measuring operation timings. The affected code is located in crypto/paillier/paillier.go and also impacts forks like bnb-chain/tss-lib and thorchain/tss [1][2].

To exploit this vulnerability, an attacker needs the ability to observe timing variations during cryptographic operations. This could be achieved through local execution on the same system or via network timing analysis if the attacker can trigger operations remotely. No authentication is required beyond the ability to interact with the TSS library [2]. The timing leakage specifically affects the Cmp, modular exponentiation, and modular inverse functions in Go's big.Int package.

Successful exploitation allows an attacker to recover the lambda value, which is a secret share in the threshold signature scheme. This can lead to compromise of the private key, enabling signature forgery and potentially theft of funds or unauthorized transactions in cryptocurrency wallets that use the vulnerable library [2].

The vulnerability is fixed in version 2.0.0 of the library. Users are strongly advised to upgrade to the latest version. The issue is also tracked as GO-2023-1733 in the Go vulnerability database [4]. No workarounds are available; updating the library is the recommended mitigation [1][3].