Scientists from The University of Adelaide, Australia and University of Bristol, U.K. recently published a paper showing how hackers can use a side-channel attack to retrieve decryption keys from Bitcoin and OpenSSL algorithms.
According to their paper, Naomi Benger, Joop van de Pol, Nigel P. Smart, and Yuval Yarom were able to retrieve data concerning OpenSSL ECDSA signature requests with a technique known as a “Flush+Reload” side-channel attack. They applied the attack on an Intel-powered computer that used the secp256k1 elliptical curve cryptography standard found in Bitcoins.
Traditionally, hackers have relied on brute force techniques to try to obtain decryption keys. They have also used weaknesses in algorithms. As those techniques begin to take more time and computing power, and as algorithms become stronger, hackers may find themselves unable to reach their goals. With side-channel attacks, however, hackers can bypass those methods in favor of analysis that relies on information gained from the implementation of such algorithms.
In this instance, the Adelaide and Bristol scientists scanned the L3 data cache of the Intel processor used in their test computer. With a piece of software, they were able to grab small bits of data -- small chunks of the decryption key -- each time the computer accessed an ECDSA signature from its processor's cache. One piece of data did not provide enough information to reveal an entire encryption key, but the team found that they could reconstruct a key with as few as 200 signature access attempts. They were able to reconstruct the pieces of information with a “'standard' lattice technique,” the paper said.
Analysis of the paper at Ars Technica reveals that this research, built on knowledge gained from a 2012 attack demonstration where a group of scientists at the University of North Carolina used a virtual machine and side-channel analysis to extract keys from another virtual machine on the same hardware. Ars points out that the Bitcoin-based demonstration here is more limited because the researchers had to develop their own OpenSSL version that included debugging symbols “that mapped the relationship between specific lines of source code and their respective locations in computer memory.” Normally, to get that sort of information, hackers would need to reverse-engineer the OpenSSL library. In addition, the researchers needed to deploy their software on the same machine that was drawing information from its processor's cache.
Therefore, the researchers suggest that Bitcoin users limit the number of times they use a private key and refrain from using a computer equipped with an Intel processor because the technique has not been proven on AMD processors.
Edited by Stefania Viscusi