Overview of anti-covert-channel signing techniques

Overview of anti-covert-channel signing techniques

Original Postby Russell O'Connor

Posted on: March 21, 2020 16:59 UTC

In a discussion on the bitcoin-dev mailing list, Tim Ruffing raises concerns about the security of hardware wallets.

He notes that while malicious signing is a concern, key generation is also an issue. Specifically, the PRG used to derive the seed from which keys are generated can be manipulated by hardware manufacturers. Ruffing argues that protocols for secure key generation should be deployed before anti-covert channel signing protocols. Another participant in the discussion points out that public keys are deterministic and can be spot checked. However, they note that the synthetic nonces proposed in the original conversation are inherently non-deterministic and cannot be spot checked. They argue that this highlights the importance of anti-covert signing protocols.