THREAT - Denial of Service, Dkg public key will always return false if an adversary compromise one device.

[chenchanglew]

Scenario

During the node initialization phase, the master node will run dkg init and collect all the dkgPubKeys to make sure all the keys are the same or the process will fail. However, a malicious node can just always return a false key then will always let the dkg initialization process fail. And right now there is not a monitor system or log to determine which node has the different output thus we are not able to track malicious users.

Source

“services/dkg/pedersen/mod.go” function setup()
The code here will check that all the dkgPubKeys returned from the nodes are the same, and will output false if any of those fails.

Breaking Property

Availability

Risk

CVSS Score: 4.4/10

Mitigation

The DKG server will proceed to the next phase once it receives more than ⅔ of the correct dkg pubkey.
The DKG server will also report the nodes that return fake keys and raise an alarm to notify there exist some malicious node.

Target

All unit test should have pass.
Add one unit test to test if dkg receives the false dkg public key