Bitcoin Forum
July 25, 2024, 10:38:14 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: Potential Side Channel attack to extract private keys?  (Read 1028 times)
BiggestFish (OP)
Offline Offline

Activity: 10
Merit: 0

View Profile
October 19, 2014, 04:14:02 PM

How practical is this in the wild?
Offline Offline

Activity: 1512
Merit: 1036

View Profile WWW
October 19, 2014, 11:02:14 PM

Impractical. The minimum criteria are that the attacker must be running their attack analysis program on the same CPU core as the one signing hundreds of signatures with the same key, and also must capture the data of each signature and correlate them with the signing execution.

A scenario would be if I got a virtual host on the same single-core box as is running a service like a mixer or an exchange, and was allowed to send the service's wallet thousands of transactions to the same address and then was also able to force that service to spend them in a way that I could monitor and correlate in isolation from the other signatures they would likely to be doing. Just the fact that the service is running Bitcoin and a web interface that also use CPU and resources might be enough to obfuscate this OpenSSL analysis... this is for the most part academic, but it does demonstrate at least in a clean environment a way of recovering a key through side channels where an algorithm should not present a cryptanalysis attack surface.
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!