* [Bitcoin-development] New side channel attack that can recover Bitcoin keys
@ 2014-03-05 12:49 Mike Hearn
2014-03-05 12:56 ` Pieter Wuille
` (2 more replies)
0 siblings, 3 replies; 24+ messages in thread
From: Mike Hearn @ 2014-03-05 12:49 UTC (permalink / raw)
To: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1477 bytes --]
A new practical technique has been published that can recover secp256k1
private keys after observing OpenSSL calculate as little as 200 signatures:
http://eprint.iacr.org/2014/161.pdf
This attack is based on the FLUSH+RELOAD technique published last year. It
works by observing L3 CPU cache timings and forcing cache line flushes
using the clflush opcode. As a result, it is applicable to any x86
environment where an attacker may be able to run on the same hardware i.e.
virtualised hosting environments where keys are being reused.
I am not currently aware of any efforts to make OpenSSL's secp256k1
implementation completely side channel free in all aspects. Also,
unfortunately many people have reimplemented ECDSA themselves and even if
OpenSSL gets fixed, the custom implementations probably won't.
So, IMHO this is a sign for hot wallet users to start walking (but not
running) towards the exits of these shared cloud services: it doesn't feel
safe to sign transactions on these platforms, so hot wallets should be
managed by dedicated hardware. Of course other parts of the service, like
the website, are less sensitive and can still run in the cloud. I doubt the
researchers will release their code to do the side channel attack and it's
rather complex to reimplement, so this gives some time for mitigation.
Unfortunately the huge sums being held in some "bitbank" style hot wallets
mean that attackers are well motivated to pull off even quite complex
attacks.
[-- Attachment #2: Type: text/html, Size: 1686 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 12:49 [Bitcoin-development] New side channel attack that can recover Bitcoin keys Mike Hearn
@ 2014-03-05 12:56 ` Pieter Wuille
2014-03-05 13:18 ` Jean-Paul Kogelman
2014-03-05 16:21 ` Kevin
2014-03-05 21:31 ` Eric Lombrozo
2 siblings, 1 reply; 24+ messages in thread
From: Pieter Wuille @ 2014-03-05 12:56 UTC (permalink / raw)
To: Mike Hearn; +Cc: Bitcoin Dev
On Wed, Mar 5, 2014 at 1:49 PM, Mike Hearn <mike@plan99•net> wrote:
> I am not currently aware of any efforts to make OpenSSL's secp256k1
> implementation completely side channel free in all aspects. Also,
> unfortunately many people have reimplemented ECDSA themselves and even if
> OpenSSL gets fixed, the custom implementations probably won't.
As far as I know, judging from the implementation, there is hardly any
effort to try to prevent timing attacks.
--
Pieter
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 12:56 ` Pieter Wuille
@ 2014-03-05 13:18 ` Jean-Paul Kogelman
2014-03-05 14:04 ` Pieter Wuille
0 siblings, 1 reply; 24+ messages in thread
From: Jean-Paul Kogelman @ 2014-03-05 13:18 UTC (permalink / raw)
To: Pieter Wuille; +Cc: Bitcoin Dev
> On Mar 5, 2014, at 8:56 PM, Pieter Wuille <pieter.wuille@gmail•com> wrote:
>
>> On Wed, Mar 5, 2014 at 1:49 PM, Mike Hearn <mike@plan99•net> wrote:
>> I am not currently aware of any efforts to make OpenSSL's secp256k1
>> implementation completely side channel free in all aspects. Also,
>> unfortunately many people have reimplemented ECDSA themselves and even if
>> OpenSSL gets fixed, the custom implementations probably won't.
>
> As far as I know, judging from the implementation, there is hardly any
> effort to try to prevent timing attacks.
>
Is it safe to assume that this is also true for your secp256k1 implementation?
jp
> --
> Pieter
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 13:18 ` Jean-Paul Kogelman
@ 2014-03-05 14:04 ` Pieter Wuille
0 siblings, 0 replies; 24+ messages in thread
From: Pieter Wuille @ 2014-03-05 14:04 UTC (permalink / raw)
To: Jean-Paul Kogelman; +Cc: Bitcoin Dev
On Wed, Mar 5, 2014 at 2:18 PM, Jean-Paul Kogelman
<jeanpaulkogelman@me•com> wrote:
>> As far as I know, judging from the implementation, there is hardly any
>> effort to try to prevent timing attacks.
>>
>
> Is it safe to assume that this is also true for your secp256k1 implementation?
I've done some preliminary work on making it leak less, but it's by no
means guaranteed to be constant time either (so better assume it is
not).
--
Pieter
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 12:49 [Bitcoin-development] New side channel attack that can recover Bitcoin keys Mike Hearn
2014-03-05 12:56 ` Pieter Wuille
@ 2014-03-05 16:21 ` Kevin
2014-03-05 19:39 ` Peter Todd
2014-03-08 19:34 ` Luke-Jr
2014-03-05 21:31 ` Eric Lombrozo
2 siblings, 2 replies; 24+ messages in thread
From: Kevin @ 2014-03-05 16:21 UTC (permalink / raw)
To: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 2296 bytes --]
On 3/5/2014 7:49 AM, Mike Hearn wrote:
> A new practical technique has been published that can recover
> secp256k1 private keys after observing OpenSSL calculate as little as
> 200 signatures:
>
> http://eprint.iacr.org/2014/161.pdf
>
> This attack is based on the FLUSH+RELOAD technique published last
> year. It works by observing L3 CPU cache timings and forcing cache
> line flushes using the clflush opcode. As a result, it is applicable
> to any x86 environment where an attacker may be able to run on the
> same hardware i.e. virtualised hosting environments where keys are
> being reused.
>
> I am not currently aware of any efforts to make OpenSSL's secp256k1
> implementation completely side channel free in all aspects. Also,
> unfortunately many people have reimplemented ECDSA themselves and even
> if OpenSSL gets fixed, the custom implementations probably won't.
>
> So, IMHO this is a sign for hot wallet users to start walking (but not
> running) towards the exits of these shared cloud services: it doesn't
> feel safe to sign transactions on these platforms, so hot wallets
> should be managed by dedicated hardware. Of course other parts of the
> service, like the website, are less sensitive and can still run in the
> cloud. I doubt the researchers will release their code to do the side
> channel attack and it's rather complex to reimplement, so this gives
> some time for mitigation. Unfortunately the huge sums being held in
> some "bitbank" style hot wallets mean that attackers are well
> motivated to pull off even quite complex attacks.
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
How can we patch this issue?
--
Kevin
[-- Attachment #2: Type: text/html, Size: 3727 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 16:21 ` Kevin
@ 2014-03-05 19:39 ` Peter Todd
2014-03-05 19:51 ` Gregory Maxwell
` (2 more replies)
2014-03-08 19:34 ` Luke-Jr
1 sibling, 3 replies; 24+ messages in thread
From: Peter Todd @ 2014-03-05 19:39 UTC (permalink / raw)
To: Kevin; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 2437 bytes --]
On Wed, Mar 05, 2014 at 11:21:52AM -0500, Kevin wrote:
> On 3/5/2014 7:49 AM, Mike Hearn wrote:
> >A new practical technique has been published that can recover
> >secp256k1 private keys after observing OpenSSL calculate as little
> >as 200 signatures:
>
> How can we patch this issue?
If you're following good practices you're not particularly vulneable to
it, if at all, even if you make use of shared hosting. First of all you
shouldn't be re-using addresses, which means you won't be passing that
~200 sig threshold.
More important though is you shouldn't be using single factor Bitcoin
addresses. Use n-of-m multisig instead and architect your system such
that that every transaction that happens in your service has to be
authorized by both the "online" server(s) that host your website as well
as a second "hardened" server with an extremely limited interface
between it and the online server. The hardened second factor *should*
use a separate codebase, ideally even a second language, to authenticate
actions that withdraw funds or generate new addresses based on data
given to it by the online server. In the best case your customers are
PGP-signing requests so you can verify their intent independently and
cryptographically on both servers. Mircea Popescu's MPEx exchange is an
example of this model, although I don't think they're doing any multisig
stuff. Failing that you can at least use the second server to do things
like limit losses by flagging higher-than-expected withdrawl volumes and
unusual events.
Since this second-factor server only deals with business logic - not the
website - you can certainly find a secure hosting arrangement for it
with physical control. I recommend you stick the machine in your
apartment and use tor + hidden services to connect to it from your VM
instances.
Note too that even if all you're doing is accepting Bitcoins from
customers, perhaps in exchange for goods, all of the above *still*
applies modulo the fact that the payment protocol is very incomplete.
With P2SH (finally!) supported in all the major Bitcoin wallets there
simply is no excuse not to have such an architecture other than lazyness
and transaction fees; if you fall into the latter category you're
business may very well be wiped out anyway by increased fees.
--
'peter'[:-1]@petertodd.org
000000000000000f9102d27cfd61ea9e8bb324593593ca3ce6ba53153ff251b3
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 19:39 ` Peter Todd
@ 2014-03-05 19:51 ` Gregory Maxwell
2014-03-05 20:32 ` Peter Todd
2014-03-05 22:17 ` James Hartig
2014-03-06 7:02 ` Odinn Cyberguerrilla
2 siblings, 1 reply; 24+ messages in thread
From: Gregory Maxwell @ 2014-03-05 19:51 UTC (permalink / raw)
To: Peter Todd; +Cc: Bitcoin Development
On Wed, Mar 5, 2014 at 11:39 AM, Peter Todd <pete@petertodd•org> wrote:
> If you're following good practices you're not particularly vulneable to
> it, if at all, even if you make use of shared hosting. First of all you
> shouldn't be re-using addresses, which means you won't be passing that
> ~200 sig threshold.
>
> More important though is you shouldn't be using single factor Bitcoin
> addresses. Use n-of-m multisig instead and architect your system such
Both of these things have long been promoted as virtuous in part
because they increase robustness against this sort of thing.
But while I don't disagree with these things the reality is that many
people do not follow either of these piece of advice and following
them requires behavioral changes that will not be adopted quickly...
so I don't think that advice is especially useful.
And even if it were—, good security involves defense in depth, so
adding on top of them things like side-channel resistant signing is
important.
I haven't had a chance to sit down and think through it completely but
I believe oleganza's recent blind signature scheme for ECDSA may be
helpful (http://oleganza.com/blind-ecdsa-draft-v2.pdf):
The idea is that instead of (or in addition to— belt and suspenders)
making the signing constant time, you use the blinding scheme to first
locally blind the private key and point being signed, then sign, then
unblind. This way even if you are reusing a key every signing
operation is handling different private data... and the only point
where unblinded private data is handled is a simple scalar addition.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 19:51 ` Gregory Maxwell
@ 2014-03-05 20:32 ` Peter Todd
2014-03-05 20:54 ` Gregory Maxwell
0 siblings, 1 reply; 24+ messages in thread
From: Peter Todd @ 2014-03-05 20:32 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: Bitcoin Development
[-- Attachment #1: Type: text/plain, Size: 2485 bytes --]
On Wed, Mar 05, 2014 at 11:51:25AM -0800, Gregory Maxwell wrote:
> On Wed, Mar 5, 2014 at 11:39 AM, Peter Todd <pete@petertodd•org> wrote:
> > If you're following good practices you're not particularly vulneable to
> > it, if at all, even if you make use of shared hosting. First of all you
> > shouldn't be re-using addresses, which means you won't be passing that
> > ~200 sig threshold.
> >
> > More important though is you shouldn't be using single factor Bitcoin
> > addresses. Use n-of-m multisig instead and architect your system such
>
> Both of these things have long been promoted as virtuous in part
> because they increase robustness against this sort of thing.
>
> But while I don't disagree with these things the reality is that many
> people do not follow either of these piece of advice and following
> them requires behavioral changes that will not be adopted quickly...
> so I don't think that advice is especially useful.
>
> And even if it were—, good security involves defense in depth, so
> adding on top of them things like side-channel resistant signing is
> important.
>
> I haven't had a chance to sit down and think through it completely but
> I believe oleganza's recent blind signature scheme for ECDSA may be
> helpful (http://oleganza.com/blind-ecdsa-draft-v2.pdf):
>
> The idea is that instead of (or in addition to— belt and suspenders)
> making the signing constant time, you use the blinding scheme to first
> locally blind the private key and point being signed, then sign, then
> unblind. This way even if you are reusing a key every signing
> operation is handling different private data... and the only point
> where unblinded private data is handled is a simple scalar addition.
That's nice, but I wrote my advice to show people how even if they don't
know any crypto beyond what the "black boxes" do - the absolute minimum
you need to know to write any Bitcoin software - you can still defend
yourself against that attack and many others.
Point is you can architect systems that remain secure even when parts of
them fail, and you don't need any special cryptographic background to do
so - any competent programmer can.
Meanwhile, if you're not willing to take those simple steps, the Bitcoin
community damn well should look down on your amateur efforts, e.g.
Coinbase and EasyWallet.
--
'peter'[:-1]@petertodd.org
000000000000000f9102d27cfd61ea9e8bb324593593ca3ce6ba53153ff251b3
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 20:32 ` Peter Todd
@ 2014-03-05 20:54 ` Gregory Maxwell
2014-03-12 9:44 ` Peter Todd
0 siblings, 1 reply; 24+ messages in thread
From: Gregory Maxwell @ 2014-03-05 20:54 UTC (permalink / raw)
To: Peter Todd; +Cc: Bitcoin Development
On Wed, Mar 5, 2014 at 12:32 PM, Peter Todd <pete@petertodd•org> wrote:
> That's nice, but I wrote my advice to show people how even if they don't
> know any crypto beyond what the "black boxes" do - the absolute minimum
> you need to know to write any Bitcoin software - you can still defend
> yourself against that attack and many others.
But it's still incomplete.
Say you have an address— used only once!— with a txout with a lot of value.
Someone starts paying you small amounts to that address over and over
again. You haven't asked them to, they're just doing it.
Do you ignore the funds?— maybe tell some customer that was ignorantly
paying you over and over again to a single address "sorry, those are
my rules: I only acknowledge the first payment, those funds are
lost!".
No, of course not. You spend the darn coins and if you're on a shared
host perhaps you disclose a private key.
The probability of an attack actually going on is low enough compared
to the cost of spending the coins in that case that even someone with
good knoweldge of the risks will choose to do so.
So absolutely, not reusing addresses massively increases your safety
and limits losses when there is theft. But it isn't enough alone. (Nor
is smarter signing, considering complex software like this has bugs
and its hard to be confident that something is side channel free— esp
when you allow attacker interference).
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 12:49 [Bitcoin-development] New side channel attack that can recover Bitcoin keys Mike Hearn
2014-03-05 12:56 ` Pieter Wuille
2014-03-05 16:21 ` Kevin
@ 2014-03-05 21:31 ` Eric Lombrozo
2014-03-05 21:44 ` Gregory Maxwell
2 siblings, 1 reply; 24+ messages in thread
From: Eric Lombrozo @ 2014-03-05 21:31 UTC (permalink / raw)
To: Peter Todd; +Cc: Bitcoin Development
[-- Attachment #1.1: Type: text/plain, Size: 4188 bytes --]
If we don't mind sacrificing some performance when signing, there's a fairly simple way to implement a constant-time constant-cache-access-pattern secp256k1.
It is based on the idea of branchless implementations of the field and group operations.
Multiprecision arithmetic can be implemented branch-free by assuming fixed sized limbs and always performing dummy carry operations even when they aren't needed.
The most critical field operation that could potentially leak data is the modular inverse. Again, if we don't mind a slow implementation, a simple constant-time implementation involves exponentiation by the field modulus minus two - which is a known constant.
As for group operations in secp256k1, the main sources of leaks are the branchings that exist in typical implementations as well as optimizations for special inputs,
i.e. http://en.wikibooks.org/wiki/Cryptography/Prime_Curve/Jacobian_Coordinates
To avoid leaking any information, we can use the most general operation, Point Addition, in the following way:
Always carry through the full point addition algorithm even if we get POINT_AT_INFINITY. Also, always carry through the POINT_DOUBLE operation even on unequal inputs. Store the three possible results (POINT_ADDITION, POINT_AT_INFINITY, and POINT_DOUBLE) and then do a branchless conditional swap with the output location as a final step.
Branchless swaps can be performed using bitwise operations such as the examples here: https://github.com/CodeShark/cmp/blob/master/src/constant-time.h
--------------
In the case of bitcoin, signature verification is where performance optimization is really helpful - and here there are no risks of sidechannel leaks, so we can go ahead and use the most optimal implementations. But for signing, the amount of throughput required is generally not that large and constant-time implementations will be more than adequate on typical hardware.
-Eric Lombrozo
On Mar 5, 2014, at 4:49 AM, Mike Hearn <mike@plan99•net> wrote:
> A new practical technique has been published that can recover secp256k1 private keys after observing OpenSSL calculate as little as 200 signatures:
>
> http://eprint.iacr.org/2014/161.pdf
>
> This attack is based on the FLUSH+RELOAD technique published last year. It works by observing L3 CPU cache timings and forcing cache line flushes using the clflush opcode. As a result, it is applicable to any x86 environment where an attacker may be able to run on the same hardware i.e. virtualised hosting environments where keys are being reused.
>
> I am not currently aware of any efforts to make OpenSSL's secp256k1 implementation completely side channel free in all aspects. Also, unfortunately many people have reimplemented ECDSA themselves and even if OpenSSL gets fixed, the custom implementations probably won't.
>
> So, IMHO this is a sign for hot wallet users to start walking (but not running) towards the exits of these shared cloud services: it doesn't feel safe to sign transactions on these platforms, so hot wallets should be managed by dedicated hardware. Of course other parts of the service, like the website, are less sensitive and can still run in the cloud. I doubt the researchers will release their code to do the side channel attack and it's rather complex to reimplement, so this gives some time for mitigation. Unfortunately the huge sums being held in some "bitbank" style hot wallets mean that attackers are well motivated to pull off even quite complex attacks.
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk_______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[-- Attachment #1.2: Type: text/html, Size: 5252 bytes --]
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 21:31 ` Eric Lombrozo
@ 2014-03-05 21:44 ` Gregory Maxwell
2014-03-05 22:14 ` Eric Lombrozo
0 siblings, 1 reply; 24+ messages in thread
From: Gregory Maxwell @ 2014-03-05 21:44 UTC (permalink / raw)
To: Eric Lombrozo; +Cc: Bitcoin Development
On Wed, Mar 5, 2014 at 1:31 PM, Eric Lombrozo <elombrozo@gmail•com> wrote:
> If we don't mind sacrificing some performance when signing, there's a fairly
> simple way to implement a constant-time constant-cache-access-pattern
> secp256k1.
> It is based on the idea of branchless implementations of the field and group
> operations.
Do take care that branchless doesn't mean side-channel free: On
non-trivial hardware you must have uniform memory accesses too.
(and that itself isn't enough for sidechannel freeness against an
attacker that can do power analysis... then you star worrying about
the internal structure your primitive adders and the hamming weight of
your numbers, and needing to build hardware that uses differential
logic, and yuck yuck yuck: This is why you still shouldn't reuse
addresses, and why a blinding approach may still be sensible, even if
you believe your implementation is hardened against side-channels)
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 21:44 ` Gregory Maxwell
@ 2014-03-05 22:14 ` Eric Lombrozo
2014-03-05 22:25 ` Gregory Maxwell
0 siblings, 1 reply; 24+ messages in thread
From: Eric Lombrozo @ 2014-03-05 22:14 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: Bitcoin Development
[-- Attachment #1: Type: text/plain, Size: 2635 bytes --]
Everything you say is true.
However, branchless does reduce the attack surface considerably - if nothing else, it significantly ups the difficulty of an attack for a relatively low cost in program complexity, and that might still make it worth doing.
As for uniform memory access, if we avoided any kind of heap allocation, wouldn't we avoid such issues?
Anyhow, without having gone into the full details of this particular attack, it seems the main attack point is differences in how squaring and multiplication (in the case of field exponentiation) or doubling and point addition (in the case of ECDSA) are performed. I believe using a branchless implementation where each phase of the operation executes the exact same code and accesses the exact same stack frames would not be vulnerable to FLUSH+RELOAD.
"To be able to recover the sequence of point additions and doublings, the spy program should distinguish
between consecutive doubling operations and must be able to order them with respect to point additions.
Our spy program achieves this by setting the time slot to less than half the length of the group operations.
With the selected curve, group add operations take 7,928 cycles on average, while group double operation
take 7,601 cycles. Setting the time slot to 3,000 cycles ensures that there is an empty time slot within any
group operation, allowing our spy to correctly distinguish consecutive doubles"
The approach I've suggested makes doubling operations indistinguishable from point additions from the perspective of cache access.
On Mar 5, 2014, at 1:44 PM, Gregory Maxwell <gmaxwell@gmail•com> wrote:
> On Wed, Mar 5, 2014 at 1:31 PM, Eric Lombrozo <elombrozo@gmail•com> wrote:
>> If we don't mind sacrificing some performance when signing, there's a fairly
>> simple way to implement a constant-time constant-cache-access-pattern
>> secp256k1.
>> It is based on the idea of branchless implementations of the field and group
>> operations.
>
> Do take care that branchless doesn't mean side-channel free: On
> non-trivial hardware you must have uniform memory accesses too.
>
> (and that itself isn't enough for sidechannel freeness against an
> attacker that can do power analysis... then you star worrying about
> the internal structure your primitive adders and the hamming weight of
> your numbers, and needing to build hardware that uses differential
> logic, and yuck yuck yuck: This is why you still shouldn't reuse
> addresses, and why a blinding approach may still be sensible, even if
> you believe your implementation is hardened against side-channels)
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 19:39 ` Peter Todd
2014-03-05 19:51 ` Gregory Maxwell
@ 2014-03-05 22:17 ` James Hartig
2014-03-05 22:26 ` Eric Lombrozo
2014-03-06 7:02 ` Odinn Cyberguerrilla
2 siblings, 1 reply; 24+ messages in thread
From: James Hartig @ 2014-03-05 22:17 UTC (permalink / raw)
To: Peter Todd; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 1660 bytes --]
On Wed, Mar 5, 2014 at 2:39 PM, Peter Todd <pete@petertodd•org> wrote:
> More important though is you shouldn't be using single factor Bitcoin
> addresses. Use n-of-m multisig instead and architect your system such
> that that every transaction that happens in your service has to be
> authorized by both the "online" server(s) that host your website as well
> as a second "hardened" server with an extremely limited interface
> between it and the online server.
This adds a very minor amount of security, if any, if someone manages to
hack into your "hot wallet" server they can just initiate a non-multisig
transaction and still steal all your bitcoins in that wallet. You can't
give the argument that the RPC API is password protected because the
password is stored in plain-text in the config so all someone has to do is
first grep for the file. There doesn't appear to be a way to force ALL
outgoing transactions to be multisig and even if there was one, would you
be able to force one of the addresses to be the "hardened" server? That
still wouldn't prevent anyone from just stopping bitcoind, changing the
config, then restarting it.
Unless you're using your own custom wallet software there doesn't seem to
be any sufficient way to prevent someone from stealing all your money once
they have access to your server. Other software, like MySQL has access
controls so I can prevent ALTERs, DROPs, DELETEs, etc for all "live"
accounts limiting the scope of any attack if they manage to get into the
server. Maybe this is beyond the scope of bitcoind, not sure.
Thanks,
--
James Hartig
Software Engineer @ Grooveshark.com
http://twitter.com/jameshartig
[-- Attachment #2: Type: text/html, Size: 2230 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 22:14 ` Eric Lombrozo
@ 2014-03-05 22:25 ` Gregory Maxwell
2014-03-06 8:38 ` Mike Hearn
0 siblings, 1 reply; 24+ messages in thread
From: Gregory Maxwell @ 2014-03-05 22:25 UTC (permalink / raw)
To: Eric Lombrozo; +Cc: Bitcoin Development
On Wed, Mar 5, 2014 at 2:14 PM, Eric Lombrozo <elombrozo@gmail•com> wrote:
> Everything you say is true.
>
> However, branchless does reduce the attack surface considerably - if nothing else, it significantly ups the difficulty of an attack for a relatively low cost in program complexity, and that might still make it worth doing.
Absolutely. I believe these things are worth doing.
My comment on it being insufficient was only that "my signer is
branchless" doesn't make other defense measures (avoiding reuse,
multsig with multiple devices, not sharing hardware, etc.)
unimportant.
> As for uniform memory access, if we avoided any kind of heap allocation, wouldn't we avoid such issues?
No. At a minimum to hide a memory timing side-channel you must perform
no data dependent loads (e.g. no operation where an offset into memory
is calculated). A strategy for this is to always load the same values,
but then mask out the ones you didn't intend to read... even that I'd
worry about on sufficiently advanced hardware, since I would very much
not be surprised if the processor was able to determine that the load
had no effect and eliminate it! :) )
Maybe in practice if your data dependencies end up only picking around
in the same cache-line it doesn't actually matter... but it's hard to
be sure, and unclear when a future optimization in the rest of the
system might leave it exposed again.
(In particular, you can't generally write timing sign-channel immune
code in C (or other high level language) because the compiler is
freely permitted to optimize things in a way that break the property.
... It may be _unlikely_ for it to do this, but its permitted— and
will actually do so in some cases—, so you cannot be completely sure
unless you check and freeze the toolchain)
> Anyhow, without having gone into the full details of this particular attack, it seems the main attack point is differences in how squaring and multiplication (in the case of field exponentiation) or doubling and point addition (in the case of ECDSA) are performed. I believe using a branchless implementation where each phase of the operation executes the exact same code and accesses the exact same stack frames would not be vulnerable to FLUSH+RELOAD.
I wouldn't be surprised.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 22:17 ` James Hartig
@ 2014-03-05 22:26 ` Eric Lombrozo
0 siblings, 0 replies; 24+ messages in thread
From: Eric Lombrozo @ 2014-03-05 22:26 UTC (permalink / raw)
To: James Hartig; +Cc: Bitcoin Dev
[-- Attachment #1.1: Type: text/plain, Size: 2928 bytes --]
Oh, I absolutely agree that this type of attack is NOT the weakest link in security. There are MANY far easier targets in bitcoind and typical use scenarios of it. If we want to dramatically improve the security of a typical bitcoin wallet, the FLUSH+RELOAD attack is probably not where our efforts would be best rewarded trying to prevent.
However, this thread IS about this particular attack vector - and my suggestion IS specific to this thread.
-Eric Lombrozo
On Mar 5, 2014, at 2:17 PM, James Hartig <fastest963@gmail•com> wrote:
> On Wed, Mar 5, 2014 at 2:39 PM, Peter Todd <pete@petertodd•org> wrote:
> > More important though is you shouldn't be using single factor Bitcoin
> > addresses. Use n-of-m multisig instead and architect your system such
> > that that every transaction that happens in your service has to be
> > authorized by both the "online" server(s) that host your website as well
> > as a second "hardened" server with an extremely limited interface
> > between it and the online server.
>
> This adds a very minor amount of security, if any, if someone manages to hack into your "hot wallet" server they can just initiate a non-multisig transaction and still steal all your bitcoins in that wallet. You can't give the argument that the RPC API is password protected because the password is stored in plain-text in the config so all someone has to do is first grep for the file. There doesn't appear to be a way to force ALL outgoing transactions to be multisig and even if there was one, would you be able to force one of the addresses to be the "hardened" server? That still wouldn't prevent anyone from just stopping bitcoind, changing the config, then restarting it.
>
> Unless you're using your own custom wallet software there doesn't seem to be any sufficient way to prevent someone from stealing all your money once they have access to your server. Other software, like MySQL has access controls so I can prevent ALTERs, DROPs, DELETEs, etc for all "live" accounts limiting the scope of any attack if they manage to get into the server. Maybe this is beyond the scope of bitcoind, not sure.
>
> Thanks,
> --
> James Hartig
> Software Engineer @ Grooveshark.com
> http://twitter.com/jameshartig
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk_______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
[-- Attachment #1.2: Type: text/html, Size: 4000 bytes --]
[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 801 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 19:39 ` Peter Todd
2014-03-05 19:51 ` Gregory Maxwell
2014-03-05 22:17 ` James Hartig
@ 2014-03-06 7:02 ` Odinn Cyberguerrilla
2 siblings, 0 replies; 24+ messages in thread
From: Odinn Cyberguerrilla @ 2014-03-06 7:02 UTC (permalink / raw)
To: Peter Todd; +Cc: bitcoin-development
One wonders also re. bitmessage, though that may not be relevant to this
particular list.
> On Wed, Mar 05, 2014 at 11:21:52AM -0500, Kevin wrote:
>> On 3/5/2014 7:49 AM, Mike Hearn wrote:
>> >A new practical technique has been published that can recover
>> >secp256k1 private keys after observing OpenSSL calculate as little
>> >as 200 signatures:
>>
>> How can we patch this issue?
>
> If you're following good practices you're not particularly vulneable to
> it, if at all, even if you make use of shared hosting. First of all you
> shouldn't be re-using addresses, which means you won't be passing that
> ~200 sig threshold.
>
> More important though is you shouldn't be using single factor Bitcoin
> addresses. Use n-of-m multisig instead and architect your system such
> that that every transaction that happens in your service has to be
> authorized by both the "online" server(s) that host your website as well
> as a second "hardened" server with an extremely limited interface
> between it and the online server. The hardened second factor *should*
> use a separate codebase, ideally even a second language, to authenticate
> actions that withdraw funds or generate new addresses based on data
> given to it by the online server. In the best case your customers are
> PGP-signing requests so you can verify their intent independently and
> cryptographically on both servers. Mircea Popescu's MPEx exchange is an
> example of this model, although I don't think they're doing any multisig
> stuff. Failing that you can at least use the second server to do things
> like limit losses by flagging higher-than-expected withdrawl volumes and
> unusual events.
>
> Since this second-factor server only deals with business logic - not the
> website - you can certainly find a secure hosting arrangement for it
> with physical control. I recommend you stick the machine in your
> apartment and use tor + hidden services to connect to it from your VM
> instances.
>
> Note too that even if all you're doing is accepting Bitcoins from
> customers, perhaps in exchange for goods, all of the above *still*
> applies modulo the fact that the payment protocol is very incomplete.
>
>
> With P2SH (finally!) supported in all the major Bitcoin wallets there
> simply is no excuse not to have such an architecture other than lazyness
> and transaction fees; if you fall into the latter category you're
> business may very well be wiped out anyway by increased fees.
>
> --
> 'peter'[:-1]@petertodd.org
> 000000000000000f9102d27cfd61ea9e8bb324593593ca3ce6ba53153ff251b3
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk_______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 22:25 ` Gregory Maxwell
@ 2014-03-06 8:38 ` Mike Hearn
2014-03-06 10:00 ` Natanael
2014-03-08 19:29 ` Gustav Simonsson
0 siblings, 2 replies; 24+ messages in thread
From: Mike Hearn @ 2014-03-06 8:38 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: Bitcoin Development
[-- Attachment #1: Type: text/plain, Size: 3658 bytes --]
I'm wondering about whether (don't laugh) moving signing into the kernel
and then using the MTRRs to disable caching entirely for a small scratch
region of memory would also work. You could then disable pre-emption and
prevent anything on the same core from interrupting or timing the signing
operation.
However I suspect just making a hardened secp256k1 signer implementation in
userspace would be of similar difficulty, in which case it would naturally
be preferable.
On Wed, Mar 5, 2014 at 11:25 PM, Gregory Maxwell <gmaxwell@gmail•com> wrote:
> On Wed, Mar 5, 2014 at 2:14 PM, Eric Lombrozo <elombrozo@gmail•com> wrote:
> > Everything you say is true.
> >
> > However, branchless does reduce the attack surface considerably - if
> nothing else, it significantly ups the difficulty of an attack for a
> relatively low cost in program complexity, and that might still make it
> worth doing.
>
> Absolutely. I believe these things are worth doing.
>
> My comment on it being insufficient was only that "my signer is
> branchless" doesn't make other defense measures (avoiding reuse,
> multsig with multiple devices, not sharing hardware, etc.)
> unimportant.
>
> > As for uniform memory access, if we avoided any kind of heap allocation,
> wouldn't we avoid such issues?
>
> No. At a minimum to hide a memory timing side-channel you must perform
> no data dependent loads (e.g. no operation where an offset into memory
> is calculated). A strategy for this is to always load the same values,
> but then mask out the ones you didn't intend to read... even that I'd
> worry about on sufficiently advanced hardware, since I would very much
> not be surprised if the processor was able to determine that the load
> had no effect and eliminate it! :) )
>
> Maybe in practice if your data dependencies end up only picking around
> in the same cache-line it doesn't actually matter... but it's hard to
> be sure, and unclear when a future optimization in the rest of the
> system might leave it exposed again.
>
> (In particular, you can't generally write timing sign-channel immune
> code in C (or other high level language) because the compiler is
> freely permitted to optimize things in a way that break the property.
> ... It may be _unlikely_ for it to do this, but its permitted— and
> will actually do so in some cases—, so you cannot be completely sure
> unless you check and freeze the toolchain)
>
> > Anyhow, without having gone into the full details of this particular
> attack, it seems the main attack point is differences in how squaring and
> multiplication (in the case of field exponentiation) or doubling and point
> addition (in the case of ECDSA) are performed. I believe using a branchless
> implementation where each phase of the operation executes the exact same
> code and accesses the exact same stack frames would not be vulnerable to
> FLUSH+RELOAD.
>
> I wouldn't be surprised.
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
[-- Attachment #2: Type: text/html, Size: 4534 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-06 8:38 ` Mike Hearn
@ 2014-03-06 10:00 ` Natanael
2014-03-25 13:39 ` Troy Benjegerdes
2014-03-08 19:29 ` Gustav Simonsson
1 sibling, 1 reply; 24+ messages in thread
From: Natanael @ 2014-03-06 10:00 UTC (permalink / raw)
To: Mike Hearn; +Cc: bitcoin-development
[-- Attachment #1: Type: text/plain, Size: 4654 bytes --]
You've heard of TRESOR?
No, not Trezor.
https://en.wikipedia.org/wiki/TRESOR
Signing on the CPU, without touching RAM.
- Sent from my phone
Den 6 mar 2014 09:41 skrev "Mike Hearn" <mike@plan99•net>:
> I'm wondering about whether (don't laugh) moving signing into the kernel
> and then using the MTRRs to disable caching entirely for a small scratch
> region of memory would also work. You could then disable pre-emption and
> prevent anything on the same core from interrupting or timing the signing
> operation.
>
> However I suspect just making a hardened secp256k1 signer implementation
> in userspace would be of similar difficulty, in which case it would
> naturally be preferable.
>
>
> On Wed, Mar 5, 2014 at 11:25 PM, Gregory Maxwell <gmaxwell@gmail•com>wrote:
>
>> On Wed, Mar 5, 2014 at 2:14 PM, Eric Lombrozo <elombrozo@gmail•com>
>> wrote:
>> > Everything you say is true.
>> >
>> > However, branchless does reduce the attack surface considerably - if
>> nothing else, it significantly ups the difficulty of an attack for a
>> relatively low cost in program complexity, and that might still make it
>> worth doing.
>>
>> Absolutely. I believe these things are worth doing.
>>
>> My comment on it being insufficient was only that "my signer is
>> branchless" doesn't make other defense measures (avoiding reuse,
>> multsig with multiple devices, not sharing hardware, etc.)
>> unimportant.
>>
>> > As for uniform memory access, if we avoided any kind of heap
>> allocation, wouldn't we avoid such issues?
>>
>> No. At a minimum to hide a memory timing side-channel you must perform
>> no data dependent loads (e.g. no operation where an offset into memory
>> is calculated). A strategy for this is to always load the same values,
>> but then mask out the ones you didn't intend to read... even that I'd
>> worry about on sufficiently advanced hardware, since I would very much
>> not be surprised if the processor was able to determine that the load
>> had no effect and eliminate it! :) )
>>
>> Maybe in practice if your data dependencies end up only picking around
>> in the same cache-line it doesn't actually matter... but it's hard to
>> be sure, and unclear when a future optimization in the rest of the
>> system might leave it exposed again.
>>
>> (In particular, you can't generally write timing sign-channel immune
>> code in C (or other high level language) because the compiler is
>> freely permitted to optimize things in a way that break the property.
>> ... It may be _unlikely_ for it to do this, but its permitted— and
>> will actually do so in some cases—, so you cannot be completely sure
>> unless you check and freeze the toolchain)
>>
>> > Anyhow, without having gone into the full details of this particular
>> attack, it seems the main attack point is differences in how squaring and
>> multiplication (in the case of field exponentiation) or doubling and point
>> addition (in the case of ECDSA) are performed. I believe using a branchless
>> implementation where each phase of the operation executes the exact same
>> code and accesses the exact same stack frames would not be vulnerable to
>> FLUSH+RELOAD.
>>
>> I wouldn't be surprised.
>>
>>
>> ------------------------------------------------------------------------------
>> Subversion Kills Productivity. Get off Subversion & Make the Move to
>> Perforce.
>> With Perforce, you get hassle-free workflows. Merge that actually works.
>> Faster operations. Version large binaries. Built-in WAN optimization and
>> the
>> freedom to use Git, Perforce or both. Make the move to Perforce.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists•sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 6070 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-06 8:38 ` Mike Hearn
2014-03-06 10:00 ` Natanael
@ 2014-03-08 19:29 ` Gustav Simonsson
1 sibling, 0 replies; 24+ messages in thread
From: Gustav Simonsson @ 2014-03-08 19:29 UTC (permalink / raw)
To: Mike Hearn; +Cc: Bitcoin Development
[-- Attachment #1: Type: text/plain, Size: 7887 bytes --]
While there is no mention of virtualization in the side-channel article,
the FLUSH+RELOAD paper [1] mentions virtualization and claims the clflush
instruction works not only towards processes on the same OS, but also
against processes in a separate guest OS if executed on the host OS (type 2
hypervisor) [2]. It also works if executed from within another guest OS
(though that reduces the efficiency of the attack) [3].
Both the authors [4] and Vulnerability Note VU#976534 [5] claim disabling
hypervisor memory page de-duplication prevents the attack. This could
perhaps be a first step for bitcoin companies running their software on
shared hosts; demand their allocated instances to be on hosts with this
disabled. Question is how common it is for virtualization providers to
offer that as an option.
TRESOR is is only applicable if running in a non-virtualized OS [6].
While TRESOR only implements AES, it seems it could work for ECDSA as well,
as they use the four x86 debug registers to fit a 256 bit privkey [7] for
the entire machine uptime, and then use other registers when doing the
actual AES ops. They use the Intel AES-NI instruction set though, and since
there is no corresponding instruction set for EC extra work would be
required to manually implement EC math in assembler.
They actually do what Mike Hearn mentioned and disable preemption in Linux
(their code runs in kernel space; they patched the kernel) to ensure
atomicity. Not only do they manage to protect against memory attacks (and
RAM/cache timing attacks) from other processes running on the same host,
but even from root on the same host (from userland, the debug registers are
only accessible through ptrace, which they patched, and they also disabled
LKM & KMEM).
One could imagine different levels of TRESOR-like ECDSA with different
tradeoffs of complexity vs security. For example, if one is fine with
keeping the privkey(s) in RAM but want to avoid cache timing attacks, the
signing could be implemented as a userspace program holding key(s) in RAM
together with a kernel module providing a syscall for signing. Signing is
then run with preemption using only x86 registers for intermediate data and
then using e.g. movntps [8] to write to RAM without data being cached. The
benefit of this compared with the full TRESOR approach is that it would not
require a patched kernel, only a kernel module. It would also be simpler to
implement compared to keeping the privkey in the debug registers for the
entire machine uptime, especially if multiple privkeys are used. It would
not protect against root though, since an adversary getting root could load
their own kernel module and read the registers.
To handle multiple keys (maybe as one-time-use) and get full TRESOR
benefits, one could perhaps (with the original TRESOR approach, i.e. with
patched kernel) store a BIP 0032 starting string / seed + counter in the
debug registers and have the atomic kernel code generate new keys and do
the signing.
Cheers,
Gustav Simonsson
1. http://eprint.iacr.org/2013/448.pdf
2. Page 1 of [1]
3. page 5 of [1]
4. page 8 (end of conclusions section) of [1]
5. http://www.kb.cert.org/vuls/id/976534
6. page 8, "3.2 Hardware compatibility",
https://www.usenix.org/legacy/event/sec11/tech/full_papers/Muller.pdf
7. page 3, "2.2 Key Management" of [6]
8. page 1041 of
http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf
On Thu, Mar 6, 2014 at 9:38 AM, Mike Hearn <mike@plan99•net> wrote:
> I'm wondering about whether (don't laugh) moving signing into the kernel
> and then using the MTRRs to disable caching entirely for a small scratch
> region of memory would also work. You could then disable pre-emption and
> prevent anything on the same core from interrupting or timing the signing
> operation.
>
> However I suspect just making a hardened secp256k1 signer implementation
> in userspace would be of similar difficulty, in which case it would
> naturally be preferable.
>
>
> On Wed, Mar 5, 2014 at 11:25 PM, Gregory Maxwell <gmaxwell@gmail•com>wrote:
>
>> On Wed, Mar 5, 2014 at 2:14 PM, Eric Lombrozo <elombrozo@gmail•com>
>> wrote:
>> > Everything you say is true.
>> >
>> > However, branchless does reduce the attack surface considerably - if
>> nothing else, it significantly ups the difficulty of an attack for a
>> relatively low cost in program complexity, and that might still make it
>> worth doing.
>>
>> Absolutely. I believe these things are worth doing.
>>
>> My comment on it being insufficient was only that "my signer is
>> branchless" doesn't make other defense measures (avoiding reuse,
>> multsig with multiple devices, not sharing hardware, etc.)
>> unimportant.
>>
>> > As for uniform memory access, if we avoided any kind of heap
>> allocation, wouldn't we avoid such issues?
>>
>> No. At a minimum to hide a memory timing side-channel you must perform
>> no data dependent loads (e.g. no operation where an offset into memory
>> is calculated). A strategy for this is to always load the same values,
>> but then mask out the ones you didn't intend to read... even that I'd
>> worry about on sufficiently advanced hardware, since I would very much
>> not be surprised if the processor was able to determine that the load
>> had no effect and eliminate it! :) )
>>
>> Maybe in practice if your data dependencies end up only picking around
>> in the same cache-line it doesn't actually matter... but it's hard to
>> be sure, and unclear when a future optimization in the rest of the
>> system might leave it exposed again.
>>
>> (In particular, you can't generally write timing sign-channel immune
>> code in C (or other high level language) because the compiler is
>> freely permitted to optimize things in a way that break the property.
>> ... It may be _unlikely_ for it to do this, but its permitted-- and
>> will actually do so in some cases--, so you cannot be completely sure
>> unless you check and freeze the toolchain)
>>
>> > Anyhow, without having gone into the full details of this particular
>> attack, it seems the main attack point is differences in how squaring and
>> multiplication (in the case of field exponentiation) or doubling and point
>> addition (in the case of ECDSA) are performed. I believe using a branchless
>> implementation where each phase of the operation executes the exact same
>> code and accesses the exact same stack frames would not be vulnerable to
>> FLUSH+RELOAD.
>>
>> I wouldn't be surprised.
>>
>>
>> ------------------------------------------------------------------------------
>> Subversion Kills Productivity. Get off Subversion & Make the Move to
>> Perforce.
>> With Perforce, you get hassle-free workflows. Merge that actually works.
>> Faster operations. Version large binaries. Built-in WAN optimization and
>> the
>> freedom to use Git, Perforce or both. Make the move to Perforce.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists•sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to
> Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and
> the
> freedom to use Git, Perforce or both. Make the move to Perforce.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
[-- Attachment #2: Type: text/html, Size: 9855 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 16:21 ` Kevin
2014-03-05 19:39 ` Peter Todd
@ 2014-03-08 19:34 ` Luke-Jr
2014-03-09 1:57 ` Gregory Maxwell
1 sibling, 1 reply; 24+ messages in thread
From: Luke-Jr @ 2014-03-08 19:34 UTC (permalink / raw)
To: bitcoin-development
On Wednesday, March 05, 2014 4:21:52 PM Kevin wrote:
> How can we patch this issue?
No need, it is not an issue for Bitcoin.
Properly used, there is only ever one signature per public key.
Luke
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-08 19:34 ` Luke-Jr
@ 2014-03-09 1:57 ` Gregory Maxwell
0 siblings, 0 replies; 24+ messages in thread
From: Gregory Maxwell @ 2014-03-09 1:57 UTC (permalink / raw)
To: Luke-Jr; +Cc: Bitcoin Development
On Sat, Mar 8, 2014 at 11:34 AM, Luke-Jr <luke@dashjr•org> wrote:
> On Wednesday, March 05, 2014 4:21:52 PM Kevin wrote:
>> How can we patch this issue?
> No need, it is not an issue for Bitcoin.
> Properly used, there is only ever one signature per public key.
Security shouldn't depend on perfect use. There are many things that
result in multiple key use: Bitcoin address authentication (something
which the pool you created uses!), someone spamming you with multiple
payments to a common address which you didn't solicit (what, are you
just going to ignore the extra coins?), ... or just practical
considerations— I note the mining pool you founded continually pays a
single address for 'fall back' payments when it can't pay in the
coinbase transact, I know you consider that a bug, but its the reality
today.
Most security issues aren't the result of one problem but several
problems combined, so it's important to make each layer strong even if
the strength shouldn't be important due to proper use in other layers.
Fortunately, libsecp256k1 has a nearly constant time/constant memory
access multiply for signing which should reduce exposure substantially
(and is generally built in a way that reduces vulnerabilities).
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-05 20:54 ` Gregory Maxwell
@ 2014-03-12 9:44 ` Peter Todd
0 siblings, 0 replies; 24+ messages in thread
From: Peter Todd @ 2014-03-12 9:44 UTC (permalink / raw)
To: Gregory Maxwell; +Cc: Bitcoin Development
[-- Attachment #1: Type: text/plain, Size: 2031 bytes --]
On Wed, Mar 05, 2014 at 12:54:04PM -0800, Gregory Maxwell wrote:
> On Wed, Mar 5, 2014 at 12:32 PM, Peter Todd <pete@petertodd•org> wrote:
> > That's nice, but I wrote my advice to show people how even if they don't
> > know any crypto beyond what the "black boxes" do - the absolute minimum
> > you need to know to write any Bitcoin software - you can still defend
> > yourself against that attack and many others.
>
> But it's still incomplete.
>
> Say you have an address— used only once!— with a txout with a lot of value.
>
> Someone starts paying you small amounts to that address over and over
> again. You haven't asked them to, they're just doing it.
>
> Do you ignore the funds?— maybe tell some customer that was ignorantly
> paying you over and over again to a single address "sorry, those are
> my rules: I only acknowledge the first payment, those funds are
> lost!".
>
> No, of course not. You spend the darn coins and if you're on a shared
> host perhaps you disclose a private key.
>
> The probability of an attack actually going on is low enough compared
> to the cost of spending the coins in that case that even someone with
> good knoweldge of the risks will choose to do so.
>
> So absolutely, not reusing addresses massively increases your safety
> and limits losses when there is theft. But it isn't enough alone. (Nor
> is smarter signing, considering complex software like this has bugs
> and its hard to be confident that something is side channel free— esp
> when you allow attacker interference).
I think you're misunderstanding me: I'm assuming one of the n parties
signing transactions in my multi-factor authentication scheme is
uncompromised - much easier to do when it's a low-bandwidth box sitting
in a secure location.
Not re-using keys is nice too of course, and while not perfect - your
above scenario - certainely helps limit losses.
--
'peter'[:-1]@petertodd.org
0000000000000000afcad9265e8b44bf1171a08165c09b329fab2893bf13ec69
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 685 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-06 10:00 ` Natanael
@ 2014-03-25 13:39 ` Troy Benjegerdes
2014-03-25 13:50 ` Gavin Andresen
0 siblings, 1 reply; 24+ messages in thread
From: Troy Benjegerdes @ 2014-03-25 13:39 UTC (permalink / raw)
To: Natanael; +Cc: bitcoin-development
This *could* be a useful feature, but only if it's generalizable to
other processor architectures, and **in particular** has an implementation
using dedicated silicon that has a **public** open-source hardware layout,
so you can X-ray the chip, and confirm with a thermal imager that yes, the
encryption code is actually running where you think it's running.
I was *almost* convinced that the 'new key per address' was a good idea
to mitigate ECDSA side channel attacks. Now, however, I find it quite
plausible that intelligence agencies are promoting 'new key per transaction'
as a way to make sure all your keys are leaked all over RAM and the nearby
electromagnetic spectrum with side channels intentionally embedded in
commodity hardware.
If you want to convince me otherwise, then help me crowdfund an open-source
hardware Bitcoin ASIC that does the crypto and stores your private keys.
I expect the 'new key per transaction' crowd will be in for a rude awakening
when they finally understand the silicon area cost to do this securely.
Conclusion: Not only is 'de-prioritizing address re-use' BAD privacy, it
provides a social engineering/key leakage attack vector where someone can
track you down from the EMF generated by your bitcoin wallet when they send
you money.
If you think otherwise, let's build some ficking open-source hardware and
find out how much silicon this will cost.
Although it's probably more profitable to just build a bitcoin wallet
detector and keep your mouth shut.
On Thu, Mar 06, 2014 at 11:00:14AM +0100, Natanael wrote:
> You've heard of TRESOR?
>
> No, not Trezor.
>
> https://en.wikipedia.org/wiki/TRESOR
>
> Signing on the CPU, without touching RAM.
>
> - Sent from my phone
> Den 6 mar 2014 09:41 skrev "Mike Hearn" <mike@plan99•net>:
>
> > I'm wondering about whether (don't laugh) moving signing into the kernel
> > and then using the MTRRs to disable caching entirely for a small scratch
> > region of memory would also work. You could then disable pre-emption and
> > prevent anything on the same core from interrupting or timing the signing
> > operation.
> >
> > However I suspect just making a hardened secp256k1 signer implementation
> > in userspace would be of similar difficulty, in which case it would
> > naturally be preferable.
> >
> >
> > On Wed, Mar 5, 2014 at 11:25 PM, Gregory Maxwell <gmaxwell@gmail•com>wrote:
> >
> >> On Wed, Mar 5, 2014 at 2:14 PM, Eric Lombrozo <elombrozo@gmail•com>
> >> wrote:
> >> > Everything you say is true.
> >> >
> >> > However, branchless does reduce the attack surface considerably - if
> >> nothing else, it significantly ups the difficulty of an attack for a
> >> relatively low cost in program complexity, and that might still make it
> >> worth doing.
> >>
> >> Absolutely. I believe these things are worth doing.
> >>
> >> My comment on it being insufficient was only that "my signer is
> >> branchless" doesn't make other defense measures (avoiding reuse,
> >> multsig with multiple devices, not sharing hardware, etc.)
> >> unimportant.
> >>
> >> > As for uniform memory access, if we avoided any kind of heap
> >> allocation, wouldn't we avoid such issues?
> >>
> >> No. At a minimum to hide a memory timing side-channel you must perform
> >> no data dependent loads (e.g. no operation where an offset into memory
> >> is calculated). A strategy for this is to always load the same values,
> >> but then mask out the ones you didn't intend to read... even that I'd
> >> worry about on sufficiently advanced hardware, since I would very much
> >> not be surprised if the processor was able to determine that the load
> >> had no effect and eliminate it! :) )
> >>
> >> Maybe in practice if your data dependencies end up only picking around
> >> in the same cache-line it doesn't actually matter... but it's hard to
> >> be sure, and unclear when a future optimization in the rest of the
> >> system might leave it exposed again.
> >>
> >> (In particular, you can't generally write timing sign-channel immune
> >> code in C (or other high level language) because the compiler is
> >> freely permitted to optimize things in a way that break the property.
> >> ... It may be _unlikely_ for it to do this, but its permitted— and
> >> will actually do so in some cases—, so you cannot be completely sure
> >> unless you check and freeze the toolchain)
> >>
> >> > Anyhow, without having gone into the full details of this particular
> >> attack, it seems the main attack point is differences in how squaring and
> >> multiplication (in the case of field exponentiation) or doubling and point
> >> addition (in the case of ECDSA) are performed. I believe using a branchless
> >> implementation where each phase of the operation executes the exact same
> >> code and accesses the exact same stack frames would not be vulnerable to
> >> FLUSH+RELOAD.
> >>
> >> I wouldn't be surprised.
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> Subversion Kills Productivity. Get off Subversion & Make the Move to
> >> Perforce.
> >> With Perforce, you get hassle-free workflows. Merge that actually works.
> >> Faster operations. Version large binaries. Built-in WAN optimization and
> >> the
> >> freedom to use Git, Perforce or both. Make the move to Perforce.
> >>
> >> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> >> _______________________________________________
> >> Bitcoin-development mailing list
> >> Bitcoin-development@lists•sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >>
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Subversion Kills Productivity. Get off Subversion & Make the Move to
> > Perforce.
> > With Perforce, you get hassle-free workflows. Merge that actually works.
> > Faster operations. Version large binaries. Built-in WAN optimization and
> > the
> > freedom to use Git, Perforce or both. Make the move to Perforce.
> >
> > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists•sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >
> >
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries. Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
--
----------------------------------------------------------------------------
Troy Benjegerdes 'da hozer' hozer@hozed•org
7 elements earth::water::air::fire::mind::spirit::soul grid.coop
Never pick a fight with someone who buys ink by the barrel,
nor try buy a hacker who makes money by the megahash
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [Bitcoin-development] New side channel attack that can recover Bitcoin keys
2014-03-25 13:39 ` Troy Benjegerdes
@ 2014-03-25 13:50 ` Gavin Andresen
0 siblings, 0 replies; 24+ messages in thread
From: Gavin Andresen @ 2014-03-25 13:50 UTC (permalink / raw)
To: Troy Benjegerdes; +Cc: Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 722 bytes --]
Y'all are getting deep into tinfoil-wearing-hat-conspiracy-theory territory.
If you are worried about the NSA compromising your hardware or software,
then use multisig transactions and
sign on diverse hardware/software stacks. Generate the multiple private
keys on different hardware/software
stacks, too.
Or, in other words, eliminate the single point of failure and you will
mitigate whole families of possible attacks,
from "NSA compromised the hardware random number generator in my CPU" to
"NSA is listening to EMF
radiation coming from my dedicated server in my data center" to the much
more likely "data center employee
is tricked into letting somebody have access to my dedicated server."
--
--
Gavin Andresen
[-- Attachment #2: Type: text/html, Size: 1136 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2014-03-25 13:50 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-05 12:49 [Bitcoin-development] New side channel attack that can recover Bitcoin keys Mike Hearn
2014-03-05 12:56 ` Pieter Wuille
2014-03-05 13:18 ` Jean-Paul Kogelman
2014-03-05 14:04 ` Pieter Wuille
2014-03-05 16:21 ` Kevin
2014-03-05 19:39 ` Peter Todd
2014-03-05 19:51 ` Gregory Maxwell
2014-03-05 20:32 ` Peter Todd
2014-03-05 20:54 ` Gregory Maxwell
2014-03-12 9:44 ` Peter Todd
2014-03-05 22:17 ` James Hartig
2014-03-05 22:26 ` Eric Lombrozo
2014-03-06 7:02 ` Odinn Cyberguerrilla
2014-03-08 19:34 ` Luke-Jr
2014-03-09 1:57 ` Gregory Maxwell
2014-03-05 21:31 ` Eric Lombrozo
2014-03-05 21:44 ` Gregory Maxwell
2014-03-05 22:14 ` Eric Lombrozo
2014-03-05 22:25 ` Gregory Maxwell
2014-03-06 8:38 ` Mike Hearn
2014-03-06 10:00 ` Natanael
2014-03-25 13:39 ` Troy Benjegerdes
2014-03-25 13:50 ` Gavin Andresen
2014-03-08 19:29 ` Gustav Simonsson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox