Bitcoin Forum

Bitcoin => Press => Topic started by: DuckDodgers on March 06, 2014, 03:21:50 PM



Title: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: DuckDodgers on March 06, 2014, 03:21:50 PM
Apparently, a design flaw in some Intel processors can leak private keys:
Quote
The attack relies on "side channel analysis," in which attackers extract a secret decryption key based on clues leaked by electromagnetic emanations, data caches, or other manifestations of a targeted cryptographic system. In this case, cryptographers can retrieve the private key needed to take control of bitcoins by taking minute measurements of the CPU as it makes transactions using the digital currency. Specifically, by observing the last-level (L3) CPU cache of an Intel processor as it executes as few as 200 signatures, an attacker in many cases has enough data to completely reconstruct the secret key needed to take ownership. The attack exploits the way OpenSSL implements the elliptic curve digital signature algorithm (ECDSA) based on a specific curve known as secp265k1 found in Bitcoin.

"It should be noted that irrespective of the weakness in the Intel processors, cryptographic algorithms are not supposed to leak information," he wrote in an e-mail. "Hence, the fact that we can get data out of the OpenSSL implementation is a weakness in OpenSSL and should be fixed."

Indeed, experts have long recommended a Bitcoin key be used only once, but this advice is routinely ignored. Another measure is to avoid the use of Intel processors, since the attack doesn't work on modern CPUs made by AMD, Yarom said.
Source (http://arstechnica.com/security/2014/03/scientist-devised-crypto-attack-could-one-day-steal-secret-bitcoin-keys/)

Still not a reason for panic, just another good reminder not to hold all your eggs in one basket.


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: ebliever on March 06, 2014, 05:35:04 PM
Wouldn't this require the hackers have physical access to the CPU?


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: eldentyrell on March 07, 2014, 02:28:45 AM
Wouldn't this require the hackers have physical access to the CPU?

Yes.

Side channel attacks are extremely powerful, but require physical access (with a VERY few exceptions like the clever audio analysis paper, but that still requires the ability to hear the computer).

Side channel attacks are why you can't build hardware that's invulnerable to compromise by its owner.

Cache-based side channel attacks like this one are incredibly sensitive to the exact hardware, OS, CPU, and silicon stepping, and even the ambient temperature.  That's why they don't get published often -- they usually only work in totally contrived laboratory scenarios.

Article writer is confused about the application of this technology.

Also, not peer reviewed:

Quote
The Cryptology ePrint Archive provides rapid access to recent research in cryptology. Papers have been placed here by the authors and did not undergo any refereeing process other than verifying that the work seems to be within the scope of cryptology and meets some minimal acceptance criteria and publishing conditions.


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: dave111223 on March 07, 2014, 03:02:00 AM
So in short; if there is a nerdy looking scientist standing next to your computer with all kinds of probes hooked up...it's probably not a good idea to start signing 200 transactions using the same key.


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: PA992 on March 07, 2014, 01:57:05 PM
So in short; if there is a nerdy looking scientist standing next to your computer with all kinds of probes hooked up...it's probably not a good idea to start signing 200 transactions using the same key.

lol!


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: DeathAndTaxes on March 07, 2014, 01:59:35 PM
So in short; if there is a nerdy looking scientist standing next to your computer with all kinds of probes hooked up...it's probably not a good idea to start signing 200 transactions using the same key.

Or your exchange or eWallet operator is clueless about information security and is running it on a VPS and the datacenter admin is extracting keys from the hypervisor.  Still there are much more probable attack vectors from using a VPS.

It is a good general reminder that information security begins with physical security.


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: jimhsu on March 08, 2014, 03:01:07 AM
If physical access is required, I think it would probably be significantly easier just to take a dump of memory and try to extract keys from that.

Of course, far easier would be an unscrupulous VPS admin gaining console access (which is trivial) and dumping/deleting/whatever your VPS instance. It's elementary to log input into a console terminal, or run a process that looks for a "walletpassphrase" command, or any of several dozen other attack vectors that don't involve cache or memory sniffing. Do you trust your VPS provider?


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: Bit_Happy on March 08, 2014, 08:08:09 AM
Uses too much VPS cpu even when not mining.


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: Swordsoffreedom on March 08, 2014, 08:24:30 AM
So in short; if there is a nerdy looking scientist standing next to your computer with all kinds of probes hooked up...it's probably not a good idea to start signing 200 transactions using the same key.

Looks to the left looks to the right
Looks at self
OH MY  ;)
But still an interesting theory of how to break into a computer the patient virus it takes way to long to really be a practical attack
On the other hand those type of caching attacks might be able to go a long time without being detected so it is interesting
Assuming all the above scenarios are met haha


Title: Re: [2014-03-06] Ars - Crypto attack could one day steal secret Bitcoin keys
Post by: DeathAndTaxes on March 08, 2014, 02:36:47 PM
Of course, far easier would be an unscrupulous VPS admin gaining console access (which is trivial) and dumping/deleting/whatever your VPS instance. It's elementary to log input into a console terminal, or run a process that looks for a "walletpassphrase" command, or any of several dozen other attack vectors that don't involve cache or memory sniffing.

Agreed.   It is just another attack vector but VPS are already swiss cheese when it comes to security.  They shouldn't be used for storing and processing irreversible money.

Quote
Do you trust your VPS provider?

The answer should be no.  Anyone stupid enough to think otherwise WILL (it is a matter of when not if) lose bitcoins.