Author: Russell O'Connor 2020-02-26 03:26:42
Published on: 2020-02-26T03:26:42+00:00
The bitcoin-dev mailing list has been discussing changes to the BIP 340 standard, specifically around more secure nonce generation. The proposed changes include integrating actual signing-time randomness into the nonce generation process to protect against fault injection attacks. However, there are concerns about standardizing on a non-deterministic nonce generation scheme, as it could make private key exfiltration a bigger concern for hardware signing devices. With a deterministic nonce scheme, it is possible to spot check hardware devices to ensure they are producing signatures in accordance with their specified nonce scheme. To mitigate this issue, the BIP proposes using Nonce exfiltration protection, but there are no references on how to implement it. The suggestion is to introduce a new section in the BIP addressing this problem in the future or provide references to more information about the Nonce exfiltration protection mentioned. The goal is to avoid a world where hardware signing devices have a hard-to-detect underhanded communications channel.
Updated on: 2023-06-13T23:44:02.053173+00:00