Panicked or ambivalent about nonce key exfiltration? Don’t be - Focus effort into adding anti-klepto to a new version of PSBT instead of taking shots at each other or dismissing concerns.
What is the nonce key exfiltration attack?
When signing a bitcoin transaction a number is used to generate the signature, this number is used once, and is therefore called the nonce.
This should be a cryptographically secure random number, which is never reused.
Suppose an attacker compromises your signing device, and can get it to use a particular nonce, rather than a random number.
If they use part of your private key as the nonce, they can leak part of your private key out of your signing device with each transaction you sign and broadcast.
If you make enough transactions, they can reconstruct your whole private key, and steal your bitcoin, just by watching the bitcoin transactions being made and decoding each part of the private key. They don't need to compromise your computer, or physically access your device, and all the while your signing device appears to be working correctly, up until all your bitcoin is stolen.
There have recently been two new papers expanding on this attack.
- Dark Skippy by Lloyd Fournier, Nick Farrow of FrostsnapTech and Robin Linus of ZeroSync and BitVM.
- Engineering a backdoored bitcoin wallet by Adam Scott and Sean Andersen at block
I think it's great that these researchers have raised attention to this previously known attack vector.
Now, there are two types of reaction in my x feed on this issue, panic and ambivalence.
⚠️ Reaction 1 - Panicked
Nonce key exfil would enable theft at a distance, on all devices that update to malicious firmware & make 12 transactions. The attack doesn't require compromising the online device the signer talks to. The attack is not mitigated on most signing devices, and therefore large amounts of bitcoin are potentially vulnerable. The attack would be undetectable until the thieving begins
🤷♂️ Reaction 2 - Ambivalent
This attack requires getting malicious firmware onto a device. Competent signing device firmware devs secure firmware signing key(s) appropriately. Provided the firmware signing keys are not compromised this attack is mitigated because most signing devices check new firmware signatures before upgrading. Malicious firmware would enable many other attacks like generation of compromised wallets or exfiltration of keys in other ways (via screen, microSD or USB).
I think both Panic and Ambivalence are extreme.
❌ Panicked - Most hardware wallets verify firmware signatures so this attack requires either malicious firmware or a compromised firmware signing key / build pipeline and for many transactions to be signed with that firmware. Anti-klepto requires the online wallet to participate and adoption is limited. Creating panic leads uninformed users to rush to move their bitcoin to a new setup and this is when mistakes happen.
❌ Ambivalent - This attack is particularly nefarious because it can be done at a distance without needing to compromise any other user devices which makes it very scalable. If any firmware release is compromised all devices that run that version will be compromised. How secure is your signing key? How secure is your build pipeline? If anti-klepto was widely supported you would probably use it, so let's get it widely supported.
💡 Constructive - Focus effort into adding anti-klepto to a new version of PSBT instead of taking shots at each other or dismissing concerns.
OrangeSurf /
npub18h…3ws8m
2024-08-17 18:01:04
Author Public Key
npub18h0w55nsp839ezxnggf00jd2xc6yl0ht62mf5p8wwllu8s80wdcs83ws8mPublished at
2024-08-17 18:01:04Event JSON
{
"id": "1cc08327eddb0a55bcc34ef302d2b490325214d7271ae4492d75fae0906d1b1d",
"pubkey": "3ddeea527009e25c88d34212f7c9aa36344fbeebd2b69a04ee77ffc3c0ef7371",
"created_at": 1723917664,
"kind": 1,
"tags": [],
"content": "Panicked or ambivalent about nonce key exfiltration? Don’t be - Focus effort into adding anti-klepto to a new version of PSBT instead of taking shots at each other or dismissing concerns.\n\nWhat is the nonce key exfiltration attack?\n\nWhen signing a bitcoin transaction a number is used to generate the signature, this number is used once, and is therefore called the nonce.\n\nThis should be a cryptographically secure random number, which is never reused.\n\nSuppose an attacker compromises your signing device, and can get it to use a particular nonce, rather than a random number.\n\nIf they use part of your private key as the nonce, they can leak part of your private key out of your signing device with each transaction you sign and broadcast.\n\nIf you make enough transactions, they can reconstruct your whole private key, and steal your bitcoin, just by watching the bitcoin transactions being made and decoding each part of the private key. They don't need to compromise your computer, or physically access your device, and all the while your signing device appears to be working correctly, up until all your bitcoin is stolen.\n\nThere have recently been two new papers expanding on this attack.\n- Dark Skippy by Lloyd Fournier, Nick Farrow of FrostsnapTech and Robin Linus of ZeroSync and BitVM.\n- Engineering a backdoored bitcoin wallet by Adam Scott and Sean Andersen at block\n\nI think it's great that these researchers have raised attention to this previously known attack vector.\n\nNow, there are two types of reaction in my x feed on this issue, panic and ambivalence.\n\n⚠️ Reaction 1 - Panicked\nNonce key exfil would enable theft at a distance, on all devices that update to malicious firmware \u0026 make 12 transactions. The attack doesn't require compromising the online device the signer talks to. The attack is not mitigated on most signing devices, and therefore large amounts of bitcoin are potentially vulnerable. The attack would be undetectable until the thieving begins\n\n🤷♂️ Reaction 2 - Ambivalent\nThis attack requires getting malicious firmware onto a device. Competent signing device firmware devs secure firmware signing key(s) appropriately. Provided the firmware signing keys are not compromised this attack is mitigated because most signing devices check new firmware signatures before upgrading. Malicious firmware would enable many other attacks like generation of compromised wallets or exfiltration of keys in other ways (via screen, microSD or USB).\n\nI think both Panic and Ambivalence are extreme.\n\n❌ Panicked - Most hardware wallets verify firmware signatures so this attack requires either malicious firmware or a compromised firmware signing key / build pipeline and for many transactions to be signed with that firmware. Anti-klepto requires the online wallet to participate and adoption is limited. Creating panic leads uninformed users to rush to move their bitcoin to a new setup and this is when mistakes happen.\n\n❌ Ambivalent - This attack is particularly nefarious because it can be done at a distance without needing to compromise any other user devices which makes it very scalable. If any firmware release is compromised all devices that run that version will be compromised. How secure is your signing key? How secure is your build pipeline? If anti-klepto was widely supported you would probably use it, so let's get it widely supported.\n\n💡 Constructive - Focus effort into adding anti-klepto to a new version of PSBT instead of taking shots at each other or dismissing concerns.",
"sig": "fc9c24505fdca888c464204a7a405d6c9b9fa19b53a7124f30944715a5a46ba0b6675cbc1e31ca30fd4edd09940b3b6ca69d56c6ebc6de0bffe36e464c526997"
}