Open froyobin opened 4 years ago
This issue is affecting me as well. I can't move to round 2 if node x receives round 2 Message before round 1 message.
Hey @froyobin. As mentioned in the readme, in the transport layer sitting above tss-lib you should be using a 'session ID' in messages to differentiate the keygen sessions. The effect of this is that a message for a prior session should not even be able to reach tss-lib.
@notatestuser Thank you for your reply, that make sense. I was thinking bout the scenario that the malicious nodes tamper the share and trying to send incorrect tss share to the victim with the session ID
of this round.
@froyobin yeah. I think what you are looking for is covered in section 4.1 of the 2020 paper. The paper from 2018 that this lib implements does not provide identifiable aborts in keygen.
@notatestuser Thank you. I will have a try with that one.
We have 3 nodes, A,B,C that involved in the keygen.
after successfully run the first keygen , node A saved the
wiredBytes
from the previous keygen for the roundbinance.tss-lib.ecdsa.keygen.KGRound2Message2
.They run the keygen with same parties again.
in the round
"binance.tss-lib.ecdsa.keygen.KGRound2Message2"
node A broadcasts thewiredBytes
that from the previous keygen request to the peers, and the peers accept this incorrectwiredBytes
aspartyInfo.Party.UpdateFromBytes
return nil error. Since the peers applied the incorrect share, theiroutChannel
cannot produce thewiredMsg
for the round"binance.tss-lib.ecdsa.keygen.KGRound3Message"
, finally, the Tss process stuck there.