Hey guys, sorry again for my lack of communication recently, this family get-together has lasted a lot longer than I thought!
I'm not sure if you've heard
but a side-channel attack for ECDSA has been published, to be specific the ECDSA variant used in Bitcoin/Litecoin/TiPS/etccoin.
It allows an attacker to recover the private key for a given address/publickey, but only under certain circumstances. (in non-techie terms, it allows someone to make a wallet key mold from your wallet lock and unlock your wallet with it)
I tried looking around to see if any other coin devs talked about this yet but I haven't found anything (it's hard to search on a phone though, if you've heard anything a link would be appreciated!)
Maybe it's just not a priority to them, seeing as the attack depends on the factors below (might be incorrect, based on what I could understand from the paper and what others have said):
- Attacker knows target address/publickey
- Attacker can execute code on the same machine as the target (eg. attacker owns a VPS on the same machine as the targets VPS)
- Target has signed 200+ transaction/inputs from the target address
If all of these conditions are met then recovering the targets private key is only a matter of time, and while the probability of all of these being met is pretty slim it still leaves a possibility.
Maybe other coin developers already have it marked down as WONTFIX, but I won't stand by and allow the coin I develop to contain any public exploits.
A mitigation technique (aka: semi-fix) is already described in the paper, although it sounds like it might take some work to implement. I'll start looking into it as soon as I get back but that might not be until March 9th or so.
PS. sorry if this post reads a bit weird, had to rewrite it because my phone randomly skipped back a page and I lost the post before I could send it -.-
Thanks for the info! Great to hear from you