C3Subtitles: 35c3: Wallet Security

Wallet Security

How (not) to protect private keys

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
There are multiple different ways to store cryptocurrency secret keys. This talk will investigate advantages and disadvantages of different methods with regards to cryptographic backdoors known as kleptograms.

With the increasing popularity of cryptocurrencies such as Bitcoin, there is now a variety of different wallet solutions and products available. Wallet in this context refers to any device or piece of software which store secret keys. Those secret keys are typically used to create and sign transactions (payments, smart contracts, etc.) using ECDSA.

Wallet implementations range from simple open-source software to hardware tokens. Some solutions store the keys in files (possibly encrypted with a passphrase), while others use hardware-based cryptography modules. Hardware-based key storage comes with a lot of advantages. The chips are designed to make it hard to extract keys.

What is often overlooked is that it is hard to verify that the wallet actually does what the manufacturer claims it does. One obvious solution is to not connect the wallet to a computer with Internet access in order to avoid exposure of secrets. However, there are possible cryptographic backdoors called kleptograms that can hide the secret information within the published signatures in a way that is provably undetectable.

The kleptographic attacks were first discovered by Adam Young and Moti Yung in 1997 for classic DSA. The author of this talk has investigated the relevance of this attack for ECDSA in the context of Bitcoin. Note that this attack is not limited to Bitcoin and might be relevant for other ECDSA-based protocols as well.

Talk ID
9:50 p.m.
Type of
Stephan Verbücheln

Talk & Speaker speed statistics

Very rough underestimation:
138.5 wpm
745.3 spm
24.9% Checking done24.9%
75.1% Syncing done75.1%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%

English: Quality control done until

Last revision: 6 months, 1 week ago

Talk & Speaker speed statistics with word clouds

Whole talk:
138.5 wpm
745.3 spm