CVE-2022-47931: 
vulnerability analysis and mitigation

IO FinNet tss-lib before 2.0.0 allows a collision of hash values. The vulnerability was discovered and disclosed on December 23, 2022, affecting the SHA256 hash function implementation in the library (CISA Bulletin).

The vulnerability stems from the SHA256 hash function (also known as SHA512256) and its variants that concatenate input values with a "$" separator, which can also appear in the input values, resulting in hash collisions. This issue is particularly evident in the computation of Vi in Round 1 of the "Auxiliary Info & Key Refresh in Three Rounds". The vulnerability has been assigned a CVSS score of 9.1, indicating critical severity (CISA Bulletin, IoFinnet Blog).

The vulnerability compromises the security of the system as the hash functions should behave like random oracles, making it difficult to find collisions. An adversary could exploit these hash collisions to craft malicious parameters that affect key computation, potentially leading to the compromise of shared secrets. This could allow attackers to gain unauthorized access to sensitive data or manipulate transactions, ultimately disrupting the integrity and trustworthiness of the system (IoFinnet Blog).

The issue has been fixed in version 2.0.0 of the tss-lib. The fix involves modifying the hash function to use a more robust method to concatenate input values, such as length-prefixed encoding or a Merkle tree. The recommended implementation includes using a fixed-size integer to represent the byte length of the data and incorporating this into the hash calculation. The fix has been merged into the upstream bnb-chain/tss-lib as of pull request #233 (IoFinnet Blog).