Skip to content

CB-MPC v0.2.1

Latest

Choose a tag to compare

@github-actions github-actions released this 31 Mar 20:49
99ecc49

Security & Bug Fixes

  • Harden Paillier validation: create_pub now validates the modulus (odd, >1, within bit_size) and returns error_t, preventing acceptance of malicious moduli from counterparties.
  • Enforce Paillier modulus size bounds in ECDSA 2PC keygen/refresh to prevent potential buffer overflows in constant-time decryption.
  • Fix use-after-free in buf_t: operator= and operator+= with an aliasing mem_t view would read zeroed/freed memory.
  • Fix out-of-bounds write in HD key derivation: resize derived_keys inside derive_keys() rather than relying on caller pre-allocation.
  • Fix const-correctness in secp256k1 point conversion to avoid undefined behavior from casting away const on Jacobian coordinates.

Other

  • Add vartime_scope_t to paillier_t::verify_cipher for correct side-channel annotation.
  • Add bits_t::ref_t copy assignment operator for correct value semantics.