public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features
@ 2021-01-14 18:17 Kevin Loaec
  2021-01-15  0:28 ` ZmnSCPxj
  2021-01-17  1:31 ` Antoine Riard
  0 siblings, 2 replies; 5+ messages in thread
From: Kevin Loaec @ 2021-01-14 18:17 UTC (permalink / raw)
  To: bitcoin-dev


[-- Attachment #1.1: Type: text/plain, Size: 6412 bytes --]

Hello everyone,

I would like to start a discussion on improving Hardware Wallets.

My approach to this right now is from a vault protocol we are developing (Revault, [1]), and its Hardware Wallet
requirements. I started working on a Github Issue in our repo [2], other people recommended us to do a more general
discussion on the mailing list instead as it could benefit many other protocols and users.
This email discusses improvements that would benefit everyone, and some that are more suitable for "layer 2" or pre-
signed transactions protocols.
The goal is to spark discussions and hopefully iterate to a more secure and more usable hardware ecosystem for all
bitcoiners.
While I mainly foresee issues/improvements that may affect Revault, I would be really happy to see people joining this
thread with any other ideas and remarks that would benefit some parts of Bitcoin that I overlooked.



Prior work on similar problematics:
===================================
- ZmnSCPx
j: [Lightning-dev] Speculations on hardware wallet support for Lightning [3]
- mflaxman: Known Issues: Verifying a Receive Address [4]
- ksedgwic and devrandom01: Lightning-signer [5]
- benma: How nearly all personal hardware wallet multisig setups are insecure [6]


The postulate we start from is that Hardware Wallets (HW) are useful to mitigate the compromission of the day-to-day
device of a user. They mainly prevent private-key extraction today, and aren't very suitable against an attack on the
transaction being signed, as explained further.
To make this discussion security-focused, let's assume the general purpose device (laptop, for example) is compromised
with a malware implanted by an attacker, capable of modifying PSBTs, displayed addresses, etc.

Our study so far:


Output Script Parsing:
======================
Problem: A typical HW today would display the "destination" of a transaction in the form of a bitcoin address. A user
would generally compare this wit
h the address displayed on his laptop screen... which might have been compromised
already. The correct usage would be for a user to verify this address on a third device (mobile phone, for example).
This is weak security and bad user experience.
Proposed improvement: The HW should display the Bitcoin Script itself when possible (including the unlock conditions).
The best way to do so would be to lift this Script to a more user-friendly format such as a MiniScript Policy display,
but anything would be better than an "address".
This applies to pre-signed transaction protocols especially well as the template of these transactions could be known
and recognized by the HW. Typically for Revault, the HW could display: "Unvault Transaction, all expected pubkeys
present in the script".


Pubkey Interpretation:
======================
Problem: currently HW cannot "identify" addresses or keys.
Proposed improvement: The HW could know pubkeys or xpubs it does not hold the private keys 
for, and display a label (or
understand it for logic reasons, such as "expected pubkeys" as the previous example). Going further, the xpubs could be
aliased the first time they are entered/verified (as part of, say, an initial setup ceremony) for instance with the
previously mentioned Miniscript policy: or(pk(Alice), and(pk(Bob), after(42))).
This should be done in the Secure Element if possible to avoid physical compromission, but would be a strong improvement
versus a day-to-day laptop in any case.


Better Bitcoin Compatibility:
=============================
Problem: most HW cannot interpret some Script OPs such as OP_CSV, or any conditional outputs. This is a major issue for
anyone using Bitcoin "advanced" features. Related to this are the Sighash flags: most HW do not support most Sighash
flags. Kind of annoying for a signing device. Then there is PSBT support and the maximum transaction size limit for
these: we need more transparency from HW manufacturers on their li
mitations.
Solution: Make Bitcoin HW actually compatible with Bitcoin :D


Inputs (mainly for pre-signed Tx):
==================================
Problem: Poisoned inputs are a major risk for HW as they don't know the UTXO set. While this can be exploited for fee
attacks, it is a bigger threat to pre-signed transactions protocols. Once any input of a (pre-signed)transaction is
spent, this transaction isn't valid anymore. Most pre-signed transactions protocols are used today as a form of defense
mechanism, spending any input would mean incapacitating the entire defense mechanism.
Proposed improvement: for protocols that requires it, keeping track of inputs already signed once would be extremely
helpful. Going further, most of these protocols require to follow a specific signing order (typically the "clawback"
first, then the regular spend path) so adding a way to check that a "clawback" has been signed first, with the same
input, would be very helpful. All of this on the dev
ice itself.




I understand some of these changes may be very difficult, especially given the low memory and computational power of
secure elements. However I truly believe most of these points are a MUST have for any decent security. If you don't
assume the computer on which the transaction is crafted is compromised, then you don't need a hardware wallet. If you
assume it may be compromised, then the HW needs to be able to defend against those.

Revault does not plan on building hardware wallets, we hope existing and upcoming manufacturers will implement a strong
security that we could use for the Revault protocol users. Vault users will likely hold very large sums and would be
happy to pay a high premium for more secure HW. This will hopefully encourage existing players to keep on improving
their devices and that will ultimately benefit us all.

Feel free to reply with your comments or adding suggestions, I am not a hardware wallet expert and would take criticism
wit
hout being offended.

Kind Regards,
Kevin Loaec

[1]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-May/017835.html
[2]: https://github.com/re-vault/practical-revault/issues/59
[3]: https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-January/002425.html
[4]: https://btcguide.github.io/known-issues/verify-receive-address
[5]: https://gitlab.com/lightning-signer/docs
[6]: https://shiftcrypto.ch/blog/how-nearly-all-personal-hardware-wallet-multisig-setups-are-insecure/


[-- Attachment #1.2: publickey - kevin@revault.dev - 7c1d686c.asc --]
[-- Type: application/pgp-keys, Size: 643 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 233 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features
  2021-01-14 18:17 [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features Kevin Loaec
@ 2021-01-15  0:28 ` ZmnSCPxj
  2021-01-17  2:40   ` Devrandom
  2021-01-17  1:31 ` Antoine Riard
  1 sibling, 1 reply; 5+ messages in thread
From: ZmnSCPxj @ 2021-01-15  0:28 UTC (permalink / raw)
  To: Kevin Loaec, Bitcoin Protocol Discussion

Good Morning Kevin,

>     Inputs (mainly for pre-signed Tx):
>     ==================================
>     Problem: Poisoned inputs are a major risk for HW as they don't know the UTXO set. While this can be exploited for fee
>     attacks, it is a bigger threat to pre-signed transactions protocols. Once any input of a (pre-signed)transaction is
>     spent, this transaction isn't valid anymore. Most pre-signed transactions protocols are used today as a form of defense
>     mechanism, spending any input would mean incapacitating the entire defense mechanism.
>     Proposed improvement: for protocols that requires it, keeping track of inputs already signed once would be extremely
>     helpful. Going further, most of these protocols require to follow a specific signing order (typically the "clawback"
>     first, then the regular spend path) so adding a way to check that a "clawback" has been signed first, with the same
>     input, would be very helpful. All of this on the dev
>     ice itself.

This requires the hardware device to maintain some state in order to remember that the clawback has been signed before.
My post on HW devices for Lightning (which you already linked) contains a suggestion to use a Merklized persistent data structure to maintain state for the hardware device, with a majority of the state storage on the trust-minimized software.

The primary issue here is that we have a base assumption that the hardware wallet cannot be sophisticated enough to have Internet access; "do not enter seed words on an online device", as the typical advice goes.
Most clawback transactions are time-based, and *must* be broadcast at a particular blockheight.
Yet if the hardware wallet cannot be an online device, then it cannot know the current blockheight is now at a time when the clawback transaction *must* be broadcast.

Thus, the hardware must always tr\*st the software to actually perform the clawback in that case.
In protocols where clawbacks are at all necessary, often the counterparty can have an advantage / can steal if the clawback is not broadcast in a timely manner, thus the software that is corrupted by the counterparty can be corrupted to simply not broadcast the clawback.

If the software on an online device cannot be tr\*sted (which is the model that hardware wallets use) then the software cannot be tr\*sted to provide correct information on the current blockheight to the offline hardware device, and cannot be tr\*sted to use clawback transactions.

It seems to me that we cannot use the same model of "do not enter seed words on an online device" for any protocol with a time-based clawback component (and honestly there seems to be no clawback mechanism that is not time-based).

Ultimately, I consider the blockchain as a proof of time passing, and as the blockchain is an online structure, we can only get at that proof by going online and actively searching for the block tip.
Yet going online increases our attack surface.


Regards,
ZmnSCPxj


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features
  2021-01-14 18:17 [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features Kevin Loaec
  2021-01-15  0:28 ` ZmnSCPxj
@ 2021-01-17  1:31 ` Antoine Riard
  2021-01-17 10:02   ` darosior
  1 sibling, 1 reply; 5+ messages in thread
From: Antoine Riard @ 2021-01-17  1:31 UTC (permalink / raw)
  To: Kevin Loaec, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 11935 bytes --]

Hello Kevin,

Thanks for starting this thread, that's a really relevant discussion
ecosystem-wise !

> * Proposed improvement: The HW should display the Bitcoin Script itself
when possible (including the unlock conditions).

What level of script literacy are you assuming on your users ? I can see
enterprise/hobbyist folks to know enough of Script to understand the
intended behavior but I don't think that's a reasonable assumption for your
average user. Of course, Miniscript Policy makes things easier, but IMHO, I
still hope to see some mature, higher-level language (e.g Ivy) to ease
script semantic understanding and thus widen the crowd of users.

Further, I would do a bit on UX research on the correctness model expected
by your users. I.e if they fail to verify accordingly, are they losing
funds, transaction doesn't confirm, transaction doesn't even propagate,
etc. You should also make assumptions on the mental resources you're
required from them. Time-sensitive L2 protocols have a wide scope to check,
e.g not verifying the nSequence/nLocktime fields can provoke funds failures.

> This applies to pre-signed transaction protocols especially well as the
template of these transactions could be known
and recognized by the HW. Typically for Revault, the HW could display:
"Unvault Transaction, all expected pubkeys
present in the script".

In the future, I would expect templates of high-security protocols like
vaults to be part of the trusted computing base of any decent HW. I think
good standards there would avoid HW vendors to come with some kind of
certified-templates scheme and thus having to bless custom scripts of every
vaults implementations.

> Proposed improvement: The HW could know pubkeys or xpubs it does not hold
the private keys
for, and display a label (or
understand it for logic reasons, such as "expected pubkeys" as the previous
example).

I don't think you even need user input on this, the absence of pubkeys
knowledge itself is a trigger to display a label or ask for further
information. Where absence of pubkeys knowledge can be interpreted as
devoid from key whitelisting or privkey ownership.

> Going further, the xpubs could be
aliased the first time they are entered/verified (as part of, say, an
initial setup ceremony) for instance with the
previously mentioned Miniscript policy: or(pk(Alice), and(pk(Bob),
after(42))).

I would be careful about accidental or malicious alias collisions. But yes
that can be something, you can even conserve a merkle tree root in the
Secure Element where the hashed element are
previously authenticated alias/pubkeys. And require from the non-trusted
challenger to come with a merkle branch to validate address inclusion.

> Then there is PSBT support and the maximum transaction size limit for
these: we need more transparency from HW manufacturers on their li
mitations.

I understand them, Script is full of subtleties, taproot is likely to have
more of them and if you take sighash malleability that's not something you
want your average user to play with. Maybe it
would be better to come up with a first wave of script features on which
you expect transparency ? For sure, OP_CSV is a good candidate.

> Once any input of a (pre-signed)transaction is
spent, this transaction isn't valid anymore. Most pre-signed transactions
protocols are used today as a form of defense
mechanism, spending any input would mean incapacitating the entire defense
mechanism.

I don't see the exact issue here. E.g in Lightning, even if you pre-sign a
justice transaction punishing every revokeable outputs on counterparty
transaction, and one input is spent, will current HWs prevent you to-resign
an updated justice transaction ?

> I understand some of these changes may be very difficult, especially
given the low memory and computational power of
secure elements.

Instead of relying on hand-sized devices, what about relying on HSMs for a
first-wave of adoptions, those ones have far enough resources to run a
reasonable L2 stack on the trusted-side ?

But overall agree, on the requirement to level-up HWs for L2. IMO, a first
step could be to list a  common set of features beyond
deployed/soon-to-be-deployed L2s, that would make things easier for HW
vendors to have a unique list of grievances. Before they engage in further,
dedicated tweaks to adapt for each protocol security model. OP_CSV/OP_CTLV
decoding/"burned" standard scripts support would be a good starter.

> Feel free to reply with your comments or adding suggestions, I am not a
hardware wallet expert and would take criticism
wit
hout being offended.

I don't know yet any *L2* hardware wallet expert :)

Cheers,
Antoine

Le jeu. 14 janv. 2021 à 13:46, Kevin Loaec via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> a écrit :

> Hello everyone,
>
> I would like to start a discussion on improving Hardware Wallets.
>
> My approach to this right now is from a vault protocol we are developing
> (Revault, [1]), and its Hardware Wallet
> requirements. I started working on a Github Issue in our repo [2], other
> people recommended us to do a more general
> discussion on the mailing list instead as it could benefit many other
> protocols and users.
> This email discusses improvements that would benefit everyone, and some
> that are more suitable for "layer 2" or pre-
> signed transactions protocols.
> The goal is to spark discussions and hopefully iterate to a more secure
> and more usable hardware ecosystem for all
> bitcoiners.
> While I mainly foresee issues/improvements that may affect Revault, I
> would be really happy to see people joining this
> thread with any other ideas and remarks that would benefit some parts of
> Bitcoin that I overlooked.
>
>
>
> Prior work on similar problematics:
> ===================================
> - ZmnSCPx
> j: [Lightning-dev] Speculations on hardware wallet support for Lightning
> [3]
> - mflaxman: Known Issues: Verifying a Receive Address [4]
> - ksedgwic and devrandom01: Lightning-signer [5]
> - benma: How nearly all personal hardware wallet multisig setups are
> insecure [6]
>
>
> The postulate we start from is that Hardware Wallets (HW) are useful to
> mitigate the compromission of the day-to-day
> device of a user. They mainly prevent private-key extraction today, and
> aren't very suitable against an attack on the
> transaction being signed, as explained further.
> To make this discussion security-focused, let's assume the general purpose
> device (laptop, for example) is compromised
> with a malware implanted by an attacker, capable of modifying PSBTs,
> displayed addresses, etc.
>
> Our study so far:
>
>
> Output Script Parsing:
> ======================
> Problem: A typical HW today would display the "destination" of a
> transaction in the form of a bitcoin address. A user
> would generally compare this wit
> h the address displayed on his laptop screen... which might have been
> compromised
> already. The correct usage would be for a user to verify this address on a
> third device (mobile phone, for example).
> This is weak security and bad user experience.
> Proposed improvement: The HW should display the Bitcoin Script itself when
> possible (including the unlock conditions).
> The best way to do so would be to lift this Script to a more user-friendly
> format such as a MiniScript Policy display,
> but anything would be better than an "address".
> This applies to pre-signed transaction protocols especially well as the
> template of these transactions could be known
> and recognized by the HW. Typically for Revault, the HW could display:
> "Unvault Transaction, all expected pubkeys
> present in the script".
>
>
> Pubkey Interpretation:
> ======================
> Problem: currently HW cannot "identify" addresses or keys.
> Proposed improvement: The HW could know pubkeys or xpubs it does not hold
> the private keys
> for, and display a label (or
> understand it for logic reasons, such as "expected pubkeys" as the
> previous example). Going further, the xpubs could be
> aliased the first time they are entered/verified (as part of, say, an
> initial setup ceremony) for instance with the
> previously mentioned Miniscript policy: or(pk(Alice), and(pk(Bob),
> after(42))).
> This should be done in the Secure Element if possible to avoid physical
> compromission, but would be a strong improvement
> versus a day-to-day laptop in any case.
>
>
> Better Bitcoin Compatibility:
> =============================
> Problem: most HW cannot interpret some Script OPs such as OP_CSV, or any
> conditional outputs. This is a major issue for
> anyone using Bitcoin "advanced" features. Related to this are the Sighash
> flags: most HW do not support most Sighash
> flags. Kind of annoying for a signing device. Then there is PSBT support
> and the maximum transaction size limit for
> these: we need more transparency from HW manufacturers on their li
> mitations.
> Solution: Make Bitcoin HW actually compatible with Bitcoin :D
>
>
> Inputs (mainly for pre-signed Tx):
> ==================================
> Problem: Poisoned inputs are a major risk for HW as they don't know the
> UTXO set. While this can be exploited for fee
> attacks, it is a bigger threat to pre-signed transactions protocols. Once
> any input of a (pre-signed)transaction is
> spent, this transaction isn't valid anymore. Most pre-signed transactions
> protocols are used today as a form of defense
> mechanism, spending any input would mean incapacitating the entire defense
> mechanism.
> Proposed improvement: for protocols that requires it, keeping track of
> inputs already signed once would be extremely
> helpful. Going further, most of these protocols require to follow a
> specific signing order (typically the "clawback"
> first, then the regular spend path) so adding a way to check that a
> "clawback" has been signed first, with the same
> input, would be very helpful. All of this on the dev
> ice itself.
>
>
>
>
> I understand some of these changes may be very difficult, especially given
> the low memory and computational power of
> secure elements. However I truly believe most of these points are a MUST
> have for any decent security. If you don't
> assume the computer on which the transaction is crafted is compromised,
> then you don't need a hardware wallet. If you
> assume it may be compromised, then the HW needs to be able to defend
> against those.
>
> Revault does not plan on building hardware wallets, we hope existing and
> upcoming manufacturers will implement a strong
> security that we could use for the Revault protocol users. Vault users
> will likely hold very large sums and would be
> happy to pay a high premium for more secure HW. This will hopefully
> encourage existing players to keep on improving
> their devices and that will ultimately benefit us all.
>
> Feel free to reply with your comments or adding suggestions, I am not a
> hardware wallet expert and would take criticism
> wit
> hout being offended.
>
> Kind Regards,
> Kevin Loaec
>
> [1]:
> https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-May/017835.html
> [2]: https://github.com/re-vault/practical-revault/issues/59
> [3]:
> https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-January/002425.html
> [4]: https://btcguide.github.io/known-issues/verify-receive-address
> [5]: https://gitlab.com/lightning-signer/docs
> [6]:
> https://shiftcrypto.ch/blog/how-nearly-all-personal-hardware-wallet-multisig-setups-are-insecure/
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 13534 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features
  2021-01-15  0:28 ` ZmnSCPxj
@ 2021-01-17  2:40   ` Devrandom
  0 siblings, 0 replies; 5+ messages in thread
From: Devrandom @ 2021-01-17  2:40 UTC (permalink / raw)
  To: ZmnSCPxj, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 2374 bytes --]

Dear ZmnSCPxj,

On Thu, Jan 14, 2021 at 4:28 PM ZmnSCPxj via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> The primary issue here is that we have a base assumption that the hardware
> wallet cannot be sophisticated enough to have Internet access; "do not
> enter seed words on an online device", as the typical advice goes.
> Most clawback transactions are time-based, and *must* be broadcast at a
> particular blockheight.
> Yet if the hardware wallet cannot be an online device, then it cannot know
> the current blockheight is now at a time when the clawback transaction
> *must* be broadcast.
>
> Thus, the hardware must always tr\*st the software to actually perform the
> clawback in that case.
>

I believe it is possible to achieve much of the desired "liveness"
requirements without compromising too much on the air-gap.  The solution
requires the following:

- a set of UTXO oracles which attest to the UTXO set
- optionally, a set of clock oracles which attest to the current time (e.g.
using the roughtime protocol)
- an air-gap connection between the node software and the signer, e.g.
using a narrow optical or serial protocol
- a set of operators that can react to lack of liveness

The Signer performs the following steps periodically:

- if the funding UTXO has not been spent (per oracle attestation), proceed
normally with any channel commitment signing
- if the funding UTXO has been spent, ensure that the node provided the
spending tx, and check if there is any reaction needed (e.g. a justice tx
is needed)
- if a reaction is needed, ensure that there is a further spend within a
certain deadline (shorter than the CSV/CLTV deadline)
- if there is no deadline violation, sign a heartbeat message with the
current time (either from a local clock or from oracle clock)

The node software then relays the signed heartbeat message to the
operators, e.g. through Tor.  If a heartbeat is not seen by the operators,
they manually intervene (e.g. by standing up a clean node).

Of course, we will never have Lightning paper wallets, by definition, since
you can't participate in the network without being online.  But the above
setup seems to be at least as secure as USB hardware wallets attached to
online machines.  You could even have intermittently connected signers for
slow-moving channels, or signers behind Tor, etc. .

--
devrandom

[-- Attachment #2: Type: text/html, Size: 2978 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features
  2021-01-17  1:31 ` Antoine Riard
@ 2021-01-17 10:02   ` darosior
  0 siblings, 0 replies; 5+ messages in thread
From: darosior @ 2021-01-17 10:02 UTC (permalink / raw)
  To: Antoine Riard, Bitcoin Protocol Discussion

[-- Attachment #1: Type: text/plain, Size: 11229 bytes --]

Hi Antoine, and Kevin,

>> * Proposed improvement: The HW should display the Bitcoin Script itself when possible (including the unlock conditions).
>
> What level of script literacy are you assuming on your users ? I can see enterprise/hobbyist folks to know enough of Script to understand the intended behavior but I don't think that's a reasonable assumption for your average user. Of course, Miniscript Policy makes things easier, but IMHO, I still hope to see some mature, higher-level language (e.g Ivy) to ease script semantic understanding and thus widen the crowd of users.

No Script literacy should be assumed. I believe with Miniscript Policy (with possibly alias instead of pubkeys, see below) we are to the highest possible level of abstraction
without loss of meaning for user verification. I don't think Ivy would be helpful here.
Also, as Kevin mentioned, anything would be better than an address anyways.

> Further, I would do a bit on UX research on the correctness model expected by your users. I.e if they fail to verify accordingly, are they losing funds, transaction doesn't confirm, transaction doesn't even propagate, etc. You should also make assumptions on the mental resources you're required from them. Time-sensitive L2 protocols have a wide scope to check, e.g not verifying the nSequence/nLocktime fields can provoke funds failures.

Regarding the correctness, with the OP threat model (laptop compromised), for any transaction: if they fail to verify the locking policy, fund loss.
Re nSeq: If we trust the HM, and the HM support Miniscript, it must be able to satisfy inputs in a sa[n,f]e way.

>> This applies to pre-signed transaction protocols especially well as the template of these transactions could be known
> and recognized by the HW. Typically for Revault, the HW could display: "Unvault Transaction, all expected pubkeys
> present in the script".
>
> In the future, I would expect templates of high-security protocols like vaults to be part of the trusted computing base of any decent HW. I think good standards there would avoid HW vendors to come with some kind of certified-templates scheme and thus having to bless custom scripts of every vaults implementations.

+1

>> Then there is PSBT support and the maximum transaction size limit for
> these: we need more transparency from HW manufacturers on their li
> mitations.
>
> I understand them, Script is full of subtleties, taproot is likely to have more of them and if you take sighash malleability that's not something you want your average user to play with. Maybe it
> would be better to come up with a first wave of script features on which you expect transparency ? For sure, OP_CSV is a good candidate.

I agree that rather than supporting all of Script it would be better to support a "safe", analyzable subset of Script: that's Miniscript :p
I also believe supporting any new Script capabilities without Miniscript would be a huge footgun. It would also ease the upgrade to Tapscript.

>> Once any input of a (pre-signed)transaction is
> spent, this transaction isn't valid anymore. Most pre-signed transactions protocols are used today as a form of defense
> mechanism, spending any input would mean incapacitating the entire defense mechanism.
>
> I don't see the exact issue here. E.g in Lightning, even if you pre-sign a justice transaction punishing every revokeable outputs on counterparty transaction, and one input is spent, will current HWs prevent you to-resign an updated justice transaction ?

That's because in Revault we don't require HMs for watchtowers. Funds holders are expected to have a routine signing of cancel / deterrent / unvault transactions
and share them with the watchtowers. The attack Kevin is talking about is a (expected-to-be-stateless) HM will happily sign a cancel of deterrent transaction that
spends an already-signed input. So let's say a fund holder sends a signature for an Unvault tx and a Cancel tx that does not spend this Unvault to their watchtower.
The watchtower would cringe (in our v0 protocol, send an NACK): but the NACK isn't handled by the HM therefore at the end of the day the already-compromised laptop
is ensuring the (statefull) validity of the signature.

Thanks,
Antoine

> Le jeu. 14 janv. 2021 à 13:46, Kevin Loaec via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> a écrit :
>
>> Hello everyone,
>>
>> I would like to start a discussion on improving Hardware Wallets.
>>
>> My approach to this right now is from a vault protocol we are developing (Revault, [1]), and its Hardware Wallet
>> requirements. I started working on a Github Issue in our repo [2], other people recommended us to do a more general
>> discussion on the mailing list instead as it could benefit many other protocols and users.
>> This email discusses improvements that would benefit everyone, and some that are more suitable for "layer 2" or pre-
>> signed transactions protocols.
>> The goal is to spark discussions and hopefully iterate to a more secure and more usable hardware ecosystem for all
>> bitcoiners.
>> While I mainly foresee issues/improvements that may affect Revault, I would be really happy to see people joining this
>> thread with any other ideas and remarks that would benefit some parts of Bitcoin that I overlooked.
>>
>> Prior work on similar problematics:
>> ===================================
>> - ZmnSCPx
>> j: [Lightning-dev] Speculations on hardware wallet support for Lightning [3]
>> - mflaxman: Known Issues: Verifying a Receive Address [4]
>> - ksedgwic and devrandom01: Lightning-signer [5]
>> - benma: How nearly all personal hardware wallet multisig setups are insecure [6]
>>
>> The postulate we start from is that Hardware Wallets (HW) are useful to mitigate the compromission of the day-to-day
>> device of a user. They mainly prevent private-key extraction today, and aren't very suitable against an attack on the
>> transaction being signed, as explained further.
>> To make this discussion security-focused, let's assume the general purpose device (laptop, for example) is compromised
>> with a malware implanted by an attacker, capable of modifying PSBTs, displayed addresses, etc.
>>
>> Our study so far:
>>
>> Output Script Parsing:
>> ======================
>> Problem: A typical HW today would display the "destination" of a transaction in the form of a bitcoin address. A user
>> would generally compare this wit
>> h the address displayed on his laptop screen... which might have been compromised
>> already. The correct usage would be for a user to verify this address on a third device (mobile phone, for example).
>> This is weak security and bad user experience.
>> Proposed improvement: The HW should display the Bitcoin Script itself when possible (including the unlock conditions).
>> The best way to do so would be to lift this Script to a more user-friendly format such as a MiniScript Policy display,
>> but anything would be better than an "address".
>> This applies to pre-signed transaction protocols especially well as the template of these transactions could be known
>> and recognized by the HW. Typically for Revault, the HW could display: "Unvault Transaction, all expected pubkeys
>> present in the script".
>>
>> Pubkey Interpretation:
>> ======================
>> Problem: currently HW cannot "identify" addresses or keys.
>> Proposed improvement: The HW could know pubkeys or xpubs it does not hold the private keys
>> for, and display a label (or
>> understand it for logic reasons, such as "expected pubkeys" as the previous example). Going further, the xpubs could be
>> aliased the first time they are entered/verified (as part of, say, an initial setup ceremony) for instance with the
>> previously mentioned Miniscript policy: or(pk(Alice), and(pk(Bob), after(42))).
>> This should be done in the Secure Element if possible to avoid physical compromission, but would be a strong improvement
>> versus a day-to-day laptop in any case.
>>
>> Better Bitcoin Compatibility:
>> =============================
>> Problem: most HW cannot interpret some Script OPs such as OP_CSV, or any conditional outputs. This is a major issue for
>> anyone using Bitcoin "advanced" features. Related to this are the Sighash flags: most HW do not support most Sighash
>> flags. Kind of annoying for a signing device. Then there is PSBT support and the maximum transaction size limit for
>> these: we need more transparency from HW manufacturers on their li
>> mitations.
>> Solution: Make Bitcoin HW actually compatible with Bitcoin :D
>>
>> Inputs (mainly for pre-signed Tx):
>> ==================================
>> Problem: Poisoned inputs are a major risk for HW as they don't know the UTXO set. While this can be exploited for fee
>> attacks, it is a bigger threat to pre-signed transactions protocols. Once any input of a (pre-signed)transaction is
>> spent, this transaction isn't valid anymore. Most pre-signed transactions protocols are used today as a form of defense
>> mechanism, spending any input would mean incapacitating the entire defense mechanism.
>> Proposed improvement: for protocols that requires it, keeping track of inputs already signed once would be extremely
>> helpful. Going further, most of these protocols require to follow a specific signing order (typically the "clawback"
>> first, then the regular spend path) so adding a way to check that a "clawback" has been signed first, with the same
>> input, would be very helpful. All of this on the dev
>> ice itself.
>>
>> I understand some of these changes may be very difficult, especially given the low memory and computational power of
>> secure elements. However I truly believe most of these points are a MUST have for any decent security. If you don't
>> assume the computer on which the transaction is crafted is compromised, then you don't need a hardware wallet. If you
>> assume it may be compromised, then the HW needs to be able to defend against those.
>>
>> Revault does not plan on building hardware wallets, we hope existing and upcoming manufacturers will implement a strong
>> security that we could use for the Revault protocol users. Vault users will likely hold very large sums and would be
>> happy to pay a high premium for more secure HW. This will hopefully encourage existing players to keep on improving
>> their devices and that will ultimately benefit us all.
>>
>> Feel free to reply with your comments or adding suggestions, I am not a hardware wallet expert and would take criticism
>> wit
>> hout being offended.
>>
>> Kind Regards,
>> Kevin Loaec
>>
>> [1]: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-May/017835.html
>> [2]: https://github.com/re-vault/practical-revault/issues/59
>> [3]: https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-January/002425.html
>> [4]: https://btcguide.github.io/known-issues/verify-receive-address
>> [5]: https://gitlab.com/lightning-signer/docs
>> [6]: https://shiftcrypto.ch/blog/how-nearly-all-personal-hardware-wallet-multisig-setups-are-insecure/
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[-- Attachment #2: Type: text/html, Size: 15087 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-01-17 10:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-14 18:17 [bitcoin-dev] Hardware wallets and "advanced" Bitcoin features Kevin Loaec
2021-01-15  0:28 ` ZmnSCPxj
2021-01-17  2:40   ` Devrandom
2021-01-17  1:31 ` Antoine Riard
2021-01-17 10:02   ` darosior

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox