Privy's Key Reconstitution Process Exposes Millions of Wallets to Cache Side-Channel Attacks
Privy's key reconstitution process has been identified as a potential risk for over 120 million wallets, exposing users to possible cache side-channel attacks.
The company uses Shamir's Secret Sharing and AWS Nitro Enclaves to protect user private keys. However, this approach requires the reassembly of key fragments during signing, creating a window for attackers to exploit.
A 2023 security audit flagged potential vulnerabilities in Privy's implementation, but no confirmed end-to-end attacks have been publicly documented.
The issue highlights the need for more robust cryptographic methods, such as multi-party computation (MPC), which can eliminate the reconstitution window entirely.




