bitcoin-dev

Overview of anti-covert-channel signing techniques

Overview of anti-covert-channel signing techniques

Original Postby Russell O'Connor

Posted on: March 22, 2020 15:30 UTC

The conversation between Tim Ruffing and Russell O'Connor revolves around the security of public keys.

While public keys are deterministic and can be spot checked, the use of synthetic nonces in signing protocols makes them inherently non-deterministic and unverifiable. Spot checking is a weak defense as devices may behave differently over time. However, retroactive and thorough spot checking can still be done through non-hardened derivation paths. Both the pubkey and signature issues need to be fully addressed, but the proposal for a non-deterministic signature scheme is far more severe as it removes the possibility of spot checks altogether. The hope is to standardize a scheme with the advantages of non-determinism while avoiding covert channels.