Issue C: Missing VSS Commitment Verification by Participants in Trusted Dealer #472
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Location
frost-client/src/trusted_dealer.rs#L64Synopsis
The FROST demo implementation deviates from RFC 9591 by omitting the verifi cation of the VSS (Verifi able Secret Sharing) commitment. According to RFC 9591 (Appendix C), after receiving shares from the trusted dealer, participants must verify that they received the same VSS commitment.
Impact
Without the check, a compromised dealer could introduce inconsistent secret shares. This could undermine the integrity of the generated keys and, by extension, the security of the signing protocol.
While the demo’s context does not pose any risks, a production-level adaptation relying on this approach would be vulnerable to subtle but critical misconfigurations and attacks.
Severity
Medium.
Technical Details
The FROST specification in RFC 9591 (see Appendix C) requires that each participant, upon receiving their share, verify the accompanying VSS commitment. In the current implementation, the trusted dealer does not send individual messages but rather embeds the share and commitment data in the configuration files of each participant. This is acceptable in a demo setting. Nevertheless, the participant’s check should be included for demonstration purposes.
Remediation
We recommend implementing a check to verify that each participant receives the same VSS commitment in the function
trusted_dealer_for_ciphersuite, after line L65. In addition, we recommend adding a code comment highlighting that this check should be performed by each participant in a production-ready application.The text was updated successfully, but these errors were encountered: