Scientist-devised crypto attack could one day steal secret Bitcoin keys
Ars Technica » Scientific Method 2014-03-06
Exposing a previously unknown weakness in the cryptographic system securing bitcoins, scientists have devised an attack that can steal large amounts of the digital currency when hackers run even unprivileged software on the same computer processing the coins.
The technique, laid out in an academic paper published Wednesday, doesn't pose an immediate threat to Bitcoin users. A successful hack relies on the thief having some access to the same Intel-made processor that processes the targeted bitcoins. That requirement means there would almost certainly be easier ways for the same attacker to pilfer the digital coins. Still, the research is significant because it exposes subtle cryptographic weaknesses not only in a key Bitcoin algorithm, but also in OpenSSL, a widely used code library that implements the core cryptographic protections on the Internet.
The attack relies on "side channel analysis," in which attackers extract a secret decryption key based on clues leaked by electromagnetic emanations, data caches, or other manifestations of a targeted cryptographic system. In this case, cryptographers can retrieve the private key needed to take control of bitcoins by taking minute measurements of the CPU as it makes transactions using the digital currency. Specifically, by observing the last-level (L3) CPU cache of an Intel processor as it executes as few as 200 signatures, an attacker in many cases has enough data to completely reconstruct the secret key needed to take ownership. The attack exploits the way OpenSSL implements the elliptic curve digital signature algorithm (ECDSA) based on a specific curve known as secp265k1 found in Bitcoin.