Trail of Bits
Audit Open Original ↗

Silence Laboratories Silent Shard

Type

Security review

Client

Silence Laboratories

Date

2024-02

Domain

Crypto

Effort

5 wks

Section

Cryptography Reviews

Trail of Bits's security review of Silence Laboratories (Feb 2024) identified 15 issues: 2 high, 5 medium, 2 low, and 6 informational.

Findings · 15

  1. 1 DKG implementation does not enforce length check of committed polynomials Medium
  2. 2 DKG implementation does not enforce zero-knowledge proof verification Medium
  3. 3 Malicious participant can cause panic in targeted participants during DKG Low
  4. 4 Proactive security model is not specified Informational
  5. 5 Parties use same session ID for all-but-one-OT Informational
  6. 6 Communication channels between parties can reuse nonces High
  7. 7 Parties may not agree on root chain code after DKG Medium
  8. 8 Inconsistent DSG session ID causes honest parties to denylist each other Medium
  9. 9 Messages from previous signing sessions can be replayed Medium
  10. 10 Distributed signature generation session ID is not tied to key generation Informational
  11. 11 Additional domain separation can improve defense in depth Informational
  12. 12 Implementation mishandles selective abort attacks High
  13. 13 Combining aspects of different protocols has unclear security implications Informational
  14. 14 Participants abort when receiving inauthentic messages Low
  15. 15 DSG setup validation does not verify threshold Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related