[bitcoin-dev] Overview of anti-covert-channel signing techniques

Tim Ruffing crypto at timruffing.de
Tue Mar 24 07:49:38 UTC 2020


Hi Dustin,

That sounds interesting but I can't follow your email to be honest.

On Mon, 2020-03-23 at 07:38 -0700, Dustin Dettmer via bitcoin-dev
wrote:
> This mitigates, I believe, all leak vectors besides k/R hacking and
> prechosen entropy.

Hm, so what vectors is this supposed to mitigate? Leaking through the
generated public keys? Anything else?

Here are a few questions:
 - What are you trying to achieve? You seem to describe how you get
from the setup to the goal in four steps but I don't understand what
the setup is or what the goal is. (What's a storage solution?)
 - "all SW being compromised" do you mean "SW and HW compromised"? Note
that SW and HW are parties in Pieter's writeup, not just abbreviations
for software and hardware. 
 - Where are the two stages? You mention four steps.
 - Where do you run the external software? On a second SW? Is this the
second stage?
 - Do you use unhardened derivation?
 - What's a k commitment?


Best,
Tim




More information about the bitcoin-dev mailing list