1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
Return-Path: <crypto@timruffing.de>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id B6848C0177
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 24 Mar 2020 07:49:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id A4E618773E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 24 Mar 2020 07:49:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Sg845PpZAygA
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 24 Mar 2020 07:49:47 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172])
by whitealder.osuosl.org (Postfix) with ESMTPS id 72D9B8704C
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 24 Mar 2020 07:49:47 +0000 (UTC)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241])
(using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits))
(No client certificate requested)
by mout-p-202.mailbox.org (Postfix) with ESMTPS id 48mk1304YFzQlGg;
Tue, 24 Mar 2020 08:49:43 +0100 (CET)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp2.mailbox.org ([80.241.60.241])
by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de
[80.241.56.117]) (amavisd-new, port 10030)
with ESMTP id bCUImSWmvIhn; Tue, 24 Mar 2020 08:49:39 +0100 (CET)
Message-ID: <c182227876c47f476000b0b54618dac73e45a03f.camel@timruffing.de>
From: Tim Ruffing <crypto@timruffing.de>
To: Dustin Dettmer <dustinpaystaxes@gmail.com>, Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>, Pieter Wuille
<bitcoin-dev@wuille.net>
Date: Tue, 24 Mar 2020 08:49:38 +0100
In-Reply-To: <CABLeJxQsse99aw35DxSDOyVTruFCgi0hmZntvgbYtPLSRGQ+xA@mail.gmail.com>
References: <VZTbLR9RlkkyNg6mOOIxedh7H0g8NGlaCmgBfCVXZ4RNfW3axefgoTqZGXjAQZFEuekujVGjRMv8SifDIodZ6tRGaaXQ_R63rFa03SGS6rg=@wuille.net>
<CABLeJxQsse99aw35DxSDOyVTruFCgi0hmZntvgbYtPLSRGQ+xA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 24 Mar 2020 08:32:40 +0000
Subject: Re: [bitcoin-dev] Overview of anti-covert-channel signing techniques
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2020 07:49:49 -0000
Hi Dustin,
That sounds interesting but I can't follow your email to be honest.
On Mon, 2020-03-23 at 07:38 -0700, Dustin Dettmer via bitcoin-dev
wrote:
> This mitigates, I believe, all leak vectors besides k/R hacking and
> prechosen entropy.
Hm, so what vectors is this supposed to mitigate? Leaking through the
generated public keys? Anything else?
Here are a few questions:
- What are you trying to achieve? You seem to describe how you get
from the setup to the goal in four steps but I don't understand what
the setup is or what the goal is. (What's a storage solution?)
- "all SW being compromised" do you mean "SW and HW compromised"? Note
that SW and HW are parties in Pieter's writeup, not just abbreviations
for software and hardware.
- Where are the two stages? You mention four steps.
- Where do you run the external software? On a second SW? Is this the
second stage?
- Do you use unhardened derivation?
- What's a k commitment?
Best,
Tim
|
