📅 Original date posted:2020-03-23
📝 Original message:Excellent write up, thanks for putting it together.
On Tue, Mar 3, 2020 at 1:47 PM Pieter Wuille wrote:
> When both the HW and the SW are compromised, clearly no security is
> possible,
> as all entities are controlled by the same party in that case.
>
While all SW being compromised can’t be stopped, splitting the SW over two
stages can dramatically increase your security if both HW & SW are
compromised. You can do that by:
1) When you setup your storage solution (whatever it may be), export the
xpub(s) and verify the receiving addresses match xpubs with external
software before receiving.
2) Generate and export withdrawal transactions offline
3) Verify transactions against the same xpub(s) using external software
4) Upload transactions
This mitigates, I believe, all leak vectors besides k/R hacking and
prechosen entropy.
I made an external tool to just that here:
https://github.com/koinkeep/gatekeeper
Would love to add k commitments when (if?) we settle on best practices for
it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200323/114914d9/attachment.html>;
Dustin Dettmer [ARCHIVE] /
npub1x5…kqsqu
2023-06-07 18:23:13
in reply to nevent1q…gjkp
Author Public Key
npub1x54n25utwk7dzwzvk2v0aknptez5gxdwcyrxx2wgc0lnhgvwu72qmkqsquPublished at
2023-06-07 18:23:13Event JSON
{
"id": "08b29e533d10317c4f5599e7ceb00bdaab17051830c1cbf933aeff876ef2a72c",
"pubkey": "352b35538b75bcd1384cb298feda615e454419aec1066329c8c3ff3ba18ee794",
"created_at": 1686162193,
"kind": 1,
"tags": [
[
"e",
"dc57ed046dd17bfbde2b48ae5c93b4197f33cb78e8d235e283ed60bfa1fc7219",
"",
"root"
],
[
"e",
"ad6d42922b6a8e3525d250b7e364863e2885e3d2cf2fb2dae5333ac153477cab",
"",
"reply"
],
[
"p",
"76803de1899114cb31a268e4422537c1566847c7cc1704166a517a557a913e59"
]
],
"content": "📅 Original date posted:2020-03-23\n📝 Original message:Excellent write up, thanks for putting it together.\n\nOn Tue, Mar 3, 2020 at 1:47 PM Pieter Wuille wrote:\n\n\u003e When both the HW and the SW are compromised, clearly no security is\n\u003e possible,\n\u003e as all entities are controlled by the same party in that case.\n\u003e\nWhile all SW being compromised can’t be stopped, splitting the SW over two\nstages can dramatically increase your security if both HW \u0026 SW are\ncompromised. You can do that by:\n\n1) When you setup your storage solution (whatever it may be), export the\nxpub(s) and verify the receiving addresses match xpubs with external\nsoftware before receiving.\n2) Generate and export withdrawal transactions offline\n3) Verify transactions against the same xpub(s) using external software\n4) Upload transactions\n\nThis mitigates, I believe, all leak vectors besides k/R hacking and\nprechosen entropy.\n\nI made an external tool to just that here:\nhttps://github.com/koinkeep/gatekeeper\n\nWould love to add k commitments when (if?) we settle on best practices for\nit.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200323/114914d9/attachment.html\u003e",
"sig": "b97195743a400e9476b5fccec574f2d2bc0259413aec01c2f07c367493557e868b58e159a75e6ac4c33eac5d0fa2d16bb3f619038aad9a77c3b5ca461160646b"
}