CVE-2023-26556: 
vulnerability analysis and mitigation

io.finnet tss-lib before 2.0.0 contains a timing side-channel vulnerability that affects the scalar-multiplication implementation in Go crypto/elliptic. The vulnerability exists because the implementation is not constant time, containing an if statement in a loop, which can lead to the leakage of a secret key. One example of this vulnerability can be found in ecdsa/keygen/round_2.go. This issue also affects bnb-chain/tss-lib and thorchain/tss implementations (NVD, IoFinnet Blog).

The vulnerability stems from the non-constant time implementation of scalar multiplication for the secp256k1 curve in the Go crypto/elliptic package. The presence of conditional statements (if statement) within a loop in the implementation creates timing variations that can be measured by attackers. This timing side-channel could potentially be exploited to extract information about the secret key. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.1 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (NVD).

The vulnerability could allow attackers to leak secret key information through timing analysis of the scalar multiplication operations. This could potentially lead to the compromise of the cryptographic system's security, enabling unauthorized access to sensitive data or the ability to forge signatures (IoFinnet Blog).

The issue has been fixed in tss-lib version 2.0.0. Users are advised to upgrade to this version or later. For those implementing their own solutions, it is recommended to use constant-time scalar multiplication functions, such as the Montgomery Ladder Point Multiplication algorithm, which avoids conditional statements that could lead to variable execution times (IoFinnet Blog).