CVE-2023-26557: 
vulnerability analysis and mitigation

io.finnet tss-lib before 2.0.0 contains a timing side-channel vulnerability that can leak the lambda value of a private key. The vulnerability exists because the library relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse operations. The vulnerability affects multiple implementations including bnb-chain/tss-lib and thorchain/tss, with an example leak occurring in crypto/paillier/paillier.go (IoFinnet Release).

The vulnerability stems from the use of Go's big.Int arithmetic operations which are not constant-time, making the implementation susceptible to timing side-channel attacks. The issue specifically affects operations like Cmp, modular exponentiation, and modular inverse calculations. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) (NVD).

An attacker could potentially exploit this timing side-channel vulnerability to extract the lambda value of a private key. This could lead to the compromise of the cryptographic security of the system, potentially exposing sensitive cryptographic operations (IoFinnet Blog).

The issue has been fixed in tss-lib version 2.0.0. The fix involves implementing constant-time arithmetic operations or using third-party libraries that provide constant-time arithmetic for big integers. Users are advised to upgrade to version 2.0.0 or later (IoFinnet Release).

The vulnerability was discovered during an audit by Kudelski Security and was publicly disclosed in collaboration with the MPC Alliance. The disclosure has led to increased awareness about the importance of constant-time operations in cryptographic implementations (IoFinnet Blog).