back

Wallet Security

How (not) to protect private keys

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:35:33
Language
English
Abstract
There are multiple different ways to store cryptocurrency secret keys. This talk will investigate advantages and disadvantages of different methods with regards to cryptographic backdoors known as kleptograms.

With the increasing popularity of cryptocurrencies such as Bitcoin, there is now a variety of different wallet solutions and products available. Wallet in this context refers to any device or piece of software which store secret keys. Those secret keys are typically used to create and sign transactions (payments, smart contracts, etc.) using ECDSA.

Wallet implementations range from simple open-source software to hardware tokens. Some solutions store the keys in files (possibly encrypted with a passphrase), while others use hardware-based cryptography modules. Hardware-based key storage comes with a lot of advantages. The chips are designed to make it hard to extract keys.

What is often overlooked is that it is hard to verify that the wallet actually does what the manufacturer claims it does. One obvious solution is to not connect the wallet to a computer with Internet access in order to avoid exposure of secrets. However, there are possible cryptographic backdoors called kleptograms that can hide the secret information within the published signatures in a way that is provably undetectable.

The kleptographic attacks were first discovered by Adam Young and Moti Yung in 1997 for classic DSA. The author of this talk has investigated the relevance of this attack for ECDSA in the context of Bitcoin. Note that this attack is not limited to Bitcoin and might be relevant for other ECDSA-based protocols as well.

Talk ID
9492
Event:
35c3
Day
2
Room
Eliza
Start
9:50 p.m.
Duration
00:40:00
Track
Security
Type of
lecture
Speaker
Stephan Verbücheln
Talk Slug & media link
35c3-9492-wallet_security

Talk & Speaker speed statistics

Very rough underestimation:
138.5 wpm
745.3 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
138.5 wpm
745.3 spm
keyrandomnumberkeyswalletpointprivateattackerbitcoinwalletsgeneratorsignaturenumbersattackexamplecomputecurvesecondalgorithmmicrophonehardwarestephannoncesecrettransactionstalkbitk2k1blocksignaturespublicpointsgeneratetransactionbitcoinsorderblockchain1badpublishedsoftwareworkssecuritychaingeneratedstealchipformulaelliptic