What is the Nonce Blinding Protocol?

September 23, 2020

Advanced min reading

what is nonce binding protocol, what is nonce blinding protocol bitcoin, nonce blinding protocol

The nonce blinding protocol is a protocol designed to improve the security of our hardware wallets or multi-device wallets, by adding a cryptographic mechanism capable of minimizing the impact of vulnerabilities such as side-channel attacks or supply chain attacks.

Side-channel attacks, the blockchain security nightmare

Un lateral attack or side-channel attack, is a type of cyber attack that It allows transferring all the security mechanisms of a software or hardware, using the same functions of said hardware, software. You can even use related third-party functions to perform a forensic analysis of them and obtain the information you want.

To put it more simply, a side channel attack uses the same software, hardware or other related means to find flaws in that software or hardware and exploit those flaws. Surprising, no? It looks like something out of a science fiction movie, but it's real. In fact, it is something that has been around for many years and has allowed us to create very crazy things.

For example, a sound sniffer for your keyboard that lets a person in another room know that you are typing on your computer. And if that doesn't alarm you, what do you think of a cookie (the kind used by websites) capable of loading a program into your PC's memory, and from there extracting data from your Bitcoin private keys, or whatever. use crypto. Even an electrical or electromagnetic analysis can compromise your security, using side-channels attacks.

You may think that these attacks are very elaborate, expensive to do and only possible under very specific conditions. But the truth is that at this very moment, your computer may be vulnerable to these attacks without you knowing it. For example, most processors for Intel, AMD and ARM computers (which are for smartphones) are vulnerable to side-channel attacks (such as Specter or Meltdown) and those security problems are not completely corrected and others cannot be corrected.

Surely you are wondering, Has this kind of thing been premeditated? Have companies created these flaws to violate the security of our systems in case they need it? We don't know for sure, but it is possible, especially when we consider the track record of many companies for generating these problems and selling them at high prices to governments and their spy organizations.

In that case, because we depend on this technology for our day to day, we must create mechanisms that help us make it more difficult or impossible for them to obtain the information they want. This is where the Nonce Blinding Protocol comes into play and now we will explain how it manages to protect our security against this type of attack.

How does the Nonce Blinding Protocol work?

The goal of Nonce Blinding Protocol is to prevent or make side channel attacks on cryptocurrency wallets, especially hardware wallets, more complex. To achieve this, the protocol generates a series of conditions that prevent the wallet keys from being filtered.

First, greater randomness is generated within the signature device, which gives a higher level of security to the wallet software. However, for such randomness to be truly unpredictable, the host (hardware wallet) and the client (a computer or other device connected to the host) must ensure a secure communication channel (the confirmation-disclosure protocol) that works as follows way:

The host generates a randomness pool, computes a hash of it and sends said hash to the client (generally SHA-256 is used) along with a cryptographic commitment that this is the randomness that will be used for the signing process.
The client receives the information from the host, and agrees to use this setting for the creation of the signature system. Additionally, the client also has a random pool that he will use for the digital signature. All this information is sent to the host for its knowledge.
The host responds with the randomness generated in step 1, confirming the receipt of the information.
The client then performs a signature using the randomness provided by the host. After this point, the client sends the signature information to the host.
The host receives the information and verifies it. If the information received is correct then, the host will take the randomness generated by both parties, and from it it will create a valid signature for the transaction. If, on the contrary, the verification fails, the protocol warns of the failure.

This simple protocol enables the following:

Establish a secure signature generation and validation environment.
Generate a valid signature for a transaction using two different random pools. In this way, the signature information is prevented from being processed by a single party that may or may not be compromised.

Simply put, this method splits the generation of the signatures into two distinct parts, which are then joined together to finally generate the valid signature of the transaction. The only way to corrupt such a system is for both parties to be affected at the same time. Additionally, the mechanism is extensible, that is, a scheme in which more than two parties participate can be used, which further increases the security of the protocol.

How much do you know, cryptonuta?

Will implementing the Nonce Blinding Protocol be a great addition to wallet security?

TRUE!

One of the functions of the Nonce Blinding Protocol is to offer us an extra layer of security against external attacks that seek to take control of our currencies. That said, its implementation in hardware wallets (and software wallet support) will be a great addition to the security of our cryptocurrencies.

Advantages and Disadvantages of the Nonce Blinding Protocol

Now, the main advantage of the Nonce Blinding Protocol is that it significantly improves the security of our cryptocurrency transactions. This is achieved by using various entropy mechanisms that help reduce the risk of side-channel attack or supply-chain attacks. That is, you can have a device that is partially or completely compromised and it would still be safe to use it at this point to perform Bitcoin transactions because the generation of keys and signatures depends on other devices.

The next advantage of the protocol is that it does not break the compatibility of the current Bitcoin signature scheme. In fact, the initial implementation supports ECDSA, Schnorr, and PSBT without the need to modify anything. This allows the protocol to be implemented as an added function to the wallets, without meaning significant changes to them.

On the other hand, the disadvantage of Nonce Blinding Protocol is that it requires a more intensive process of sending and receiving data, which can slow down operations when working with remote devices.

Current implementations of the Nonce Blinding Protocol

Today Nonce Blinding is a feature in design. However, it has already been successfully tested on testnets within Bitcoin. This gives us a clear idea that the technology works and it can be applied in the project without major problems.

But beyond testing, the protocol is still under development, and developers have paid attention to standardizing this security feature. In fact, in Trezor there are already discussions to implement this functionality in their wallets. The same in Ledger, where they have also chosen to implement functions with this capacity under their own concept.

All of this demonstrates the broad interest of Bitcoin developers in applying such functionalities over the protocol, and wallet developers, their interest in supporting such functionality. All this for the safety and privacy of its users.

Continue the journey in ...

What is Proof of Stake (PoS)?

Author

Washington Gomez

CISO (Chief Information Security Officer)

Washington Gómez is an information security professional with extensive experience in the field of Information Technology and Security. He currently serves as a CISO at Bit2Me.