Show Posts
Quote
The attack relies on "side channel analysis," in which attackers extract a secret decryption key based on clues leaked by electromagnetic emanations, data caches, or other manifestations of a targeted cryptographic system. In this case, cryptographers can retrieve the private key needed to take control of bitcoins by taking minute measurements of the CPU as it makes transactions using the digital currency. Specifically, by observing the last-level (L3) CPU cache of an Intel processor as it executes as few as 200 signatures, an attacker in many cases has enough data to completely reconstruct the secret key needed to take ownership. The attack exploits the way OpenSSL implements the elliptic curve digital signature algorithm (ECDSA) based on a specific curve known as secp265k1 found in Bitcoin.
"It should be noted that irrespective of the weakness in the Intel processors, cryptographic algorithms are not supposed to leak information," he wrote in an e-mail. "Hence, the fact that we can get data out of the OpenSSL implementation is a weakness in OpenSSL and should be fixed."
Indeed, experts have long recommended a Bitcoin key be used only once, but this advice is routinely ignored. Another measure is to avoid the use of Intel processors, since the attack doesn't work on modern CPUs made by AMD, Yarom said.
Source"It should be noted that irrespective of the weakness in the Intel processors, cryptographic algorithms are not supposed to leak information," he wrote in an e-mail. "Hence, the fact that we can get data out of the OpenSSL implementation is a weakness in OpenSSL and should be fixed."
Indeed, experts have long recommended a Bitcoin key be used only once, but this advice is routinely ignored. Another measure is to avoid the use of Intel processors, since the attack doesn't work on modern CPUs made by AMD, Yarom said.
Still not a reason for panic, just another good reminder not to hold all your eggs in one basket.
