 |
October 19, 2014, 11:02:14 PM |
|
Impractical. The minimum criteria are that the attacker must be running their attack analysis program on the same CPU core as the one signing hundreds of signatures with the same key, and also must capture the data of each signature and correlate them with the signing execution.
A scenario would be if I got a virtual host on the same single-core box as is running a service like a mixer or an exchange, and was allowed to send the service's wallet thousands of transactions to the same address and then was also able to force that service to spend them in a way that I could monitor and correlate in isolation from the other signatures they would likely to be doing. Just the fact that the service is running Bitcoin and a web interface that also use CPU and resources might be enough to obfuscate this OpenSSL analysis... this is for the most part academic, but it does demonstrate at least in a clean environment a way of recovering a key through side channels where an algorithm should not present a cryptanalysis attack surface.
|
