delvingbitcoin

## Non interactive anti-exfil (airgap compatible)

### Posted on: September 4, 2024 03:39 UTC

The "Dark Smoothie" approach outlines a method for exploiting cryptographic signatures to compromise wallet security.

It utilizes a combination of HMAC (Hash-Based Message Authentication Code) and Schnorr signatures to achieve this. The initial step involves generating an HMAC value by hashing the concatenation of an attacker's secret with a specific value `s`

, where the secret is a 256-bit wallet seed encrypted to the attacker. This HMAC process is applied using the public key and a message (`m1`

) to generate a value (`r1`

), which is then multiplied by the private key. The outcome, along with the application of a hash function on the product of `r1`

and the generator point `G`

, and further operations involving the private key, produces a valid Schnorr signature. This process is replicated with a second message (`m2`

) to generate another set of values (`r2`

, `s2`

), leading to a second valid signature.

These signatures provide critical information to the attacker. The first signature reveals the private key through a formula that isolates the private key as the sole unknown in an equation derived from the known values of `s1`

, `HMAC(pubkey, m1)`

, and `H(r1*G, pubkey, m1)`

. With the private key known, the attacker can then decrypt the secret (wallet seed) using the second signature. This is done by rearranging the elements of the signature generation formula to solve for the secret. Once the secret is obtained, it can be decrypted to reveal the seed, thus compromising the entire wallet.

By analyzing the transaction signatures, the attacker can identify which transactions are leaking secrets. This method illustrates a sophisticated technique for breaching wallet security by exploiting the mathematical properties of cryptographic signatures and the structure of wallet seeds and keys.