Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id B6848C0177 for ; Tue, 24 Mar 2020 07:49:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id A4E618773E for ; Tue, 24 Mar 2020 07:49:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sg845PpZAygA for ; Tue, 24 Mar 2020 07:49:47 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) by whitealder.osuosl.org (Postfix) with ESMTPS id 72D9B8704C for ; Tue, 24 Mar 2020 07:49:47 +0000 (UTC) Received: from smtp2.mailbox.org (smtp2.mailbox.org [80.241.60.241]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 48mk1304YFzQlGg; Tue, 24 Mar 2020 08:49:43 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp2.mailbox.org ([80.241.60.241]) by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030) with ESMTP id bCUImSWmvIhn; Tue, 24 Mar 2020 08:49:39 +0100 (CET) Message-ID: From: Tim Ruffing To: Dustin Dettmer , Bitcoin Protocol Discussion , Pieter Wuille Date: Tue, 24 Mar 2020 08:49:38 +0100 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 24 Mar 2020 08:32:40 +0000 Subject: Re: [bitcoin-dev] Overview of anti-covert-channel signing techniques X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2020 07:49:49 -0000 Hi Dustin, That sounds interesting but I can't follow your email to be honest. On Mon, 2020-03-23 at 07:38 -0700, Dustin Dettmer via bitcoin-dev wrote: > This mitigates, I believe, all leak vectors besides k/R hacking and > prechosen entropy. Hm, so what vectors is this supposed to mitigate? Leaking through the generated public keys? Anything else? Here are a few questions: - What are you trying to achieve? You seem to describe how you get from the setup to the goal in four steps but I don't understand what the setup is or what the goal is. (What's a storage solution?) - "all SW being compromised" do you mean "SW and HW compromised"? Note that SW and HW are parties in Pieter's writeup, not just abbreviations for software and hardware. - Where are the two stages? You mention four steps. - Where do you run the external software? On a second SW? Is this the second stage? - Do you use unhardened derivation? - What's a k commitment? Best, Tim