This repo contains working exploit code that exfiltrates the private key share from a victim using the GG20 MPC protocol.
SafeHeron-GG20-Exploit-Development-Explainer.pdf contains a detailed explanation of the exploit development process.
Before you can run the exploit, you need to first install the prerequisites described below, and then compile the code by running the following commands:
git clone https://github.com/orenyomtov/safeheron-gg20-exploit-poc.git
cd safeheron-gg20-exploit-poc
git submodule update --recursive --init
mkdir build && cd build
cmake .. -DENABLE_TESTS=ON
# Add the path to the LD_LIBRARY_PATH environment variable on Mac OS; Ignore it on Linux
export LIBRARY_PATH=$LIBRARY_PATH:/usr/local/lib/
make
ctest --verbose
The library was patched :
Note: This repository includes a fork of the original library as part of the POC, so we include the original README.md of the project at README.original.md: