Author: Natanael 2014-03-06 10:00:14
Published on: 2014-03-06T10:00:14+00:00
TRESOR is an encryption method that signs on the CPU without touching RAM. There is a discussion on Bitcoin-development mailing list regarding moving signing into kernel and using MTRRs to disable caching entirely for a small scratch region of memory which could work. However, creating a hardened secp256k1 signer implementation in userspace would be preferable. The benefits of branchless implementation in reducing the attack surface are also discussed. To avoid memory timing side-channel, no data dependent loads should be performed, and C or other high-level language cannot write timing sign-channel immune code because the compiler can optimize things in a way that breaks the property. Using a branchless implementation where each phase of the operation executes the exact same code and accesses the exact same stack frames would not be vulnerable to FLUSH+RELOAD.
Updated on: 2023-06-08T04:01:03.866269+00:00