tiny-secp256k1 Private Key Extraction Vulnerability via Malicious JSON-Stringifiable Objects

A vulnerability in tiny-secp256k1 prior to version 1.1.7 allows for private key extraction when signing a malicious JSON-stringifiable object, but only in environments where the NPM buffer package is used. The vulnerability arises because the Buffer.isBuffer check can be bypassed, leading to the reuse of the 'k' value for different messages. This k reuse can be exploited to extract the private key by signing one invalid message and then using a second message-signature pair, such as a previously known valid one.

Impact

Exploitation of this vulnerability results in the full extraction of the private key used in the signing process.

Reproduction

To reproduce this vulnerability, use tiny-secp256k1 version 1.1.6 or earlier in an environment that includes the NPM buffer package. Sign a malicious message that can be controlled by an attacker. The Buffer.isBuffer check will be bypassed, allowing the same 'k' value to be reused for signing different messages. After signing, the extracted 'k' value can be used to recover the private key.

Remediation

Users can upgrade to tiny-secp256k1 version 1.1.7 or later, where this vulnerability has been patched.