At ZenGo, our research group (ZenGo X) has been committed to pushing the boundaries of cryptography and blockchain from the very beginning.
In recognition of our continued commitment and experience with real-world MPC systems, we were recently approached by the Ethereum Foundation and the VDF Alliance to help review and secure a key element of the Ethereum 2.0 design.
Over the past 3 months, our research team has been hard at work to evaluate and review the “Diogenes” RSA MPC design and implementation.
In this post, we’ll provide details about this partnership, including our mission and initial results.
Designing the world’s largest MPC ceremony
The Ethereum Foundation and the VDF Alliance (which also includes Protocol Labs, the Interchain Foundation, and the Tezos Foundation) are leading efforts to build new cryptographic infrastructure that helps scale blockchains.
One of the focus points of these efforts is a “ceremony” to generate an RSA modulus by way of Multiparty Computation (MPC). Once completed, the generated modulus will be incorporated in a VDF protocol, which will be used as part of an unbiased randomness beacon in the Ethereum (specifically, Eth2.0) blockchain.
Performing end-to-end cryptanalysis to identify critical attacks
ZenGo X was tasked to provide a comprehensive review of the relevant code and paper. Our goal is to identify concrete and high severity attacks on the system, a task in which our team has significant experience. ZenGo X has designed and implemented several open-source, production-grade libraries for advanced cryptography and found bugs in many other such crypto-systems in the past.
However, this project presented us with a broad and unique set of challenges requiring a multi-disciplinary approach. So, we assembled a team with expertise in cryptographic engineering and subject matter experts in several fields.
Our initial findings
So far, several revisions of the paper and accordingly of the code, were produced as a result of the discoveries made by our team. The authors and code developers have also produced seven versions of a specification document. These revisions were carried out based on our findings and according to our team’s needs, to enable us to deliver a comprehensive review .
Our work is still on-going, but we have some important initial findings to share.
We identified one critical attack, found several potentially significant attacks, and outlined a number of minor security and efficiency-related improvements. We published a write-up about the first attack we discovered in a recent blog post. More to follow.
Overall, we found the code to be of high quality, well documented, and sufficiently tested. We are satisfied with the latest commit f21f, given some parts are acknowledged to be missing and set to be updated in a future release. Our team found no open security issues with the latest version of the paper.
A quick note to our partners
We extend our gratitude to the Ethereum Foundation and the VDF Alliance for placing their faith in us as partners in this exciting and vitally important project. We would specifically like to thank Dmitry Khovratovich, Bernardo David, Riad Wahby, Mary Maller, Claudio Orlandi, and Peter Scholl for sharing valuable insights and techniques.