Zcash Foundation FROST Library Min_Signers Parameter Vulnerability in Versions 2.0.0 Through 2.1.0

A vulnerability exists in the Zcash Foundation FROST library, specifically in the refresh share functionality of the 'frost_core::keys::refresh' module', in versions 2.0.0 prior to 2.2.0. The issue arises from the lack of validation for the 'min_signers' parameter, which determines the signing threshold. Users were not informed that reducing this parameter could compromise the security of the group. While attempts to sign with a lower threshold would fail, it remained possible to sign with the original threshold, potentially leading to a security loss for the participant's shares. This vulnerability has been addressed in version 2.2.0, which includes the necessary validation for the 'min_signers' parameter.

Impact

The vulnerability could lead to a reduction in the security of the group by allowing participants to refresh their shares with a lower signing threshold, without properly communicating the risks involved. This could result in a security loss to the participant's shares.

Reproduction

To reproduce the vulnerability, refresh shares can be updated with a smaller 'min_signers' value, which will not decrease the signing threshold but could cause a security loss to the participant's shares. After refreshing with a smaller threshold, it is still possible to sign with the original threshold, which could lead to further security implications.

Remediation

Users should update to version 2.2.0, which includes validation for the 'min_signers' parameter. However, for groups that have been refreshed with a smaller 'min_signers' value, it is strongly recommended to migrate to a new key.