diff options
| author | Gregory Maxwell <gmaxwell@gmail.com> | 2014-03-08 17:57:46 -0800 |
|---|---|---|
| committer | bitcoindev <bitcoindev@gnusha.org> | 2014-03-09 01:57:53 +0000 |
| commit | 4f89be70ed804388fe4c0233792760d9b2dec97a (patch) | |
| tree | f87aeb6c62dbbc015b78c6091b904971d91209f8 | |
| parent | f4f6beb7305ab91bbf9e1e4dfb221d70be5ab7df (diff) | |
| download | pi-bitcoindev-4f89be70ed804388fe4c0233792760d9b2dec97a.tar.gz pi-bitcoindev-4f89be70ed804388fe4c0233792760d9b2dec97a.zip | |
Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
| -rw-r--r-- | 5f/4131ff76cdda7f84eb0dad282dfc354bbb6982 | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/5f/4131ff76cdda7f84eb0dad282dfc354bbb6982 b/5f/4131ff76cdda7f84eb0dad282dfc354bbb6982 new file mode 100644 index 000000000..1b9f88c8f --- /dev/null +++ b/5f/4131ff76cdda7f84eb0dad282dfc354bbb6982 @@ -0,0 +1,87 @@ +Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] + helo=mx.sourceforge.net) + by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <gmaxwell@gmail.com>) id 1WMSzx-0005mp-PI + for bitcoin-development@lists.sourceforge.net; + Sun, 09 Mar 2014 01:57:53 +0000 +Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com + designates 209.85.215.53 as permitted sender) + client-ip=209.85.215.53; envelope-from=gmaxwell@gmail.com; + helo=mail-la0-f53.google.com; +Received: from mail-la0-f53.google.com ([209.85.215.53]) + by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) + (Exim 4.76) id 1WMSzw-0005jL-Tz + for bitcoin-development@lists.sourceforge.net; + Sun, 09 Mar 2014 01:57:53 +0000 +Received: by mail-la0-f53.google.com with SMTP id b8so3744421lan.26 + for <bitcoin-development@lists.sourceforge.net>; + Sat, 08 Mar 2014 17:57:46 -0800 (PST) +MIME-Version: 1.0 +X-Received: by 10.152.4.68 with SMTP id i4mr17493553lai.8.1394330266352; Sat, + 08 Mar 2014 17:57:46 -0800 (PST) +Received: by 10.112.189.164 with HTTP; Sat, 8 Mar 2014 17:57:46 -0800 (PST) +In-Reply-To: <201403081934.12035.luke@dashjr.org> +References: <CANEZrP25N7W_MeZin_pyVQP5pC8bt5yqJzTXt_tN1P6kWb5i2w@mail.gmail.com> + <53174F20.10207@gmail.com> <201403081934.12035.luke@dashjr.org> +Date: Sat, 8 Mar 2014 17:57:46 -0800 +Message-ID: <CAAS2fgTAwsXBZ-guU32KC4RL0ZKwmqW-TqqDS=qswSb88mgRMA@mail.gmail.com> +From: Gregory Maxwell <gmaxwell@gmail.com> +To: Luke-Jr <luke@dashjr.org> +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable +X-Spam-Score: -1.6 (-) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for + sender-domain + 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider + (gmaxwell[at]gmail.com) + -0.0 SPF_PASS SPF: sender matches SPF record + -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from + author's domain + 0.1 DKIM_SIGNED Message has a DKIM or DK signature, + not necessarily valid + -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature +X-Headers-End: 1WMSzw-0005jL-Tz +Cc: Bitcoin Development <bitcoin-development@lists.sourceforge.net> +Subject: Re: [Bitcoin-development] New side channel attack that can recover + Bitcoin keys +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Sun, 09 Mar 2014 01:57:53 -0000 + +On Sat, Mar 8, 2014 at 11:34 AM, Luke-Jr <luke@dashjr.org> wrote: +> On Wednesday, March 05, 2014 4:21:52 PM Kevin wrote: +>> How can we patch this issue? +> No need, it is not an issue for Bitcoin. +> Properly used, there is only ever one signature per public key. + +Security shouldn't depend on perfect use. There are many things that +result in multiple key use: Bitcoin address authentication (something +which the pool you created uses!), someone spamming you with multiple +payments to a common address which you didn't solicit (what, are you +just going to ignore the extra coins?), ... or just practical +considerations=E2=80=94 I note the mining pool you founded continually pays= + a +single address for 'fall back' payments when it can't pay in the +coinbase transact, I know you consider that a bug, but its the reality +today. + +Most security issues aren't the result of one problem but several +problems combined, so it's important to make each layer strong even if +the strength shouldn't be important due to proper use in other layers. + +Fortunately, libsecp256k1 has a nearly constant time/constant memory +access multiply for signing which should reduce exposure substantially +(and is generally built in a way that reduces vulnerabilities). + + |