Blockstream on Nostr: Since the launch of Jade in 2021, the anti-exfil protocol has safeguarded our ...
Since the launch of Jade in 2021, the anti-exfil protocol has safeguarded our hardware wallet users from the devastating and undetectable attacks demonstrated by the recent Dark Skippy disclosure.
Jade users can learn more about how anti-exfil stops malicious key extraction in the original blog post by the director of Blockstream Research Andrew Poelstra.
https://blog.blockstream.com/anti-exfil-stopping-key-exfiltration
Visit store.blockstream.com and use the code DARKSKIPPY for 10% off if you think it’s time that you got your hands on an open-source Bitcoin hardware wallet that is resilient to this class of attack.
Code valid until midnight August 9th.
quoting note1ra4…k7mdToday we disclose Dark Skippy - a powerful new method for a malicious signing device to leak secret keys.
With a modified signing function, a device can efficiently and covertly exfiltrate a master secret seed by embedding it within transaction signatures
If an attacker manages to corrupt a signing device, Dark Skippy can deliberately use weak & low entropy secret nonces to embed chunks of the seed words into transaction signatures.
It takes just two input signatures to leak a 12 word seedphrase onto the Bitcoin blockchain.
The attacker can watch on-chain until they spot an affected transaction, unblind and invert the low entropy nonces using an algorithm like Pollard's Kangaroo algorithm to learn the master secret seed.
Then the attacker can wait and steal the funds whenever they decide best.
Despite this attack vector not being new, we believe that Dark Skippy is now the best-in-class attack for malicious signing devices.
- The attack is impractical to detect
- Requires no additional communication channels
- Effective on stateless devices
- Exfils master secret
Beyond ensuring your device firmware is genuine and honest (opensource), mitigations include anti-exfil signing protocols and we present some new ideas for additions to PSBT specifications to disrupt this attack.
We encourage mitigation discussion and implementation exploration.
This attack highlights the importance of verifying and securing your device's firmware, and the danger of sharing stateless signing devices with other people.
We will be publicly releasing our code later this year.
Authors: llfourn (npub1xh8…gst6) (follow him so he gets onto nostr), Robin Linus, and myself.
If you have any concerns or questions we recommend checking out the FAQ page on our website:
https://darkskippy.com
Jade users can learn more about how anti-exfil stops malicious key extraction in the original blog post by the director of Blockstream Research Andrew Poelstra.
https://blog.blockstream.com/anti-exfil-stopping-key-exfiltration
Visit store.blockstream.com and use the code DARKSKIPPY for 10% off if you think it’s time that you got your hands on an open-source Bitcoin hardware wallet that is resilient to this class of attack.
Code valid until midnight August 9th.