Bitcoin Forum
June 17, 2024, 05:05:29 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Potential Side Channel attack to extract private keys?  (Read 1023 times)
BiggestFish (OP)
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
October 19, 2014, 04:14:02 PM
 #1

https://eprint.iacr.org/2014/161.pdf

How practical is this in the wild?
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1032



View Profile WWW
October 19, 2014, 11:02:14 PM
 #2

Impractical. The minimum criteria are that the attacker must be running their attack analysis program on the same CPU core as the one signing hundreds of signatures with the same key, and also must capture the data of each signature and correlate them with the signing execution.

A scenario would be if I got a virtual host on the same single-core box as is running a service like a mixer or an exchange, and was allowed to send the service's wallet thousands of transactions to the same address and then was also able to force that service to spend them in a way that I could monitor and correlate in isolation from the other signatures they would likely to be doing. Just the fact that the service is running Bitcoin and a web interface that also use CPU and resources might be enough to obfuscate this OpenSSL analysis... this is for the most part academic, but it does demonstrate at least in a clean environment a way of recovering a key through side channels where an algorithm should not present a cryptanalysis attack surface.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!