Presented at
Black Hat USA 2020 Virtual,
Aug. 6, 2020, 10 a.m.
(40 minutes).
Cryptocurrency wallets in exchange platforms or banks require strong security because they protect vast amounts of money. Some solutions rely on advanced cryptographic methods that distribute trust across multiple parties, in the spirit of Shamir's secret-sharing. These include multi-party computation (MPC) and threshold signature schemes (TSS), which are a special case of MPC to sign data in a distributed, yet trustless manner. TSS has notably been tested and deployed in major organizations where secret key generation and digital signing are needed. But these techniques, although powerful and "magic" on paper, can prove fragile in practice, as this talk will show.<br />
<br />
We introduce MPC and TSS in a way suitable for non-experts, highlighting their unique properties and showing how they can be used to protect enterprise-grade wallets. We review TSS' building blocks such as verifiable secret sharing and Schnorr signatures and explain the design and security goals of TSS libraries, and how these goals differ from those of traditional cryptography, in terms of managing complexity, interactiveness, and composition of protocols.<br />
<br />
MPC and TSS seem very secure and state-of-the-art, so what could go wrong?<br />
<br />
Complexity is the enemy of security, and this complexity is what we exploit. We describe a new type of logical vulnerability, enabled by extra layers of complexity in TSS implementations, which opens up a new attack surface and devastating attacks allowing a malicious participant to sabotage key generation and break TSS's security. This attack could allow an attacker, for example, to empty an organization's cold wallet. We describe a related attack on a major MPC solution used by a leading organization.<br />
<br />
We conclude with lessons learned and best practices across the development pipeline of complex cryptographic software, including extensive testing, defense-in-depth controls, how to implement new academic work, and how an audit by specialists should be done to be the most effective.
Presenters:
-
Omer Shlomovits
- Co-Founder, KZen Networks
<p>Omer Shlomovits is a Co-Founder at KZen Networks, a company building a key management system for consumers (ZenGo), a Co-Founder and board member of MPC Alliance, a consortium with more than 40 companies practicing MPC and a Co-Founder of ZK-Global, an initiative to build a community around zero knowledge technology. Omer wrote numerous cryptographic libraries in the areas of MPC and ZK, some of them are high profile and being used by several players in the blockchain industry. </p>
-
Jean-Philippe Aumasson
- VP Technology, Kudelski Security / Co-Founder, Taurus Group
Jean-Philippe (JP) Aumasson is a cryptography expert, author of the reference book Serious Cryptography (No Starch Press, 2017). He's Co-Founder and Head of Security for Taurus Group's digital assets custody technology, and leads blockchain security audits for Kudelski Security. JP designed the widely used cryptographic algorithms SipHash and BLAKE2, which he developed after a PhD from EPFL (Switzerland, 2009). He regularly speaks at leading security conferences about topics such as applied cryptography, quantum computing, or blockchain security. He is also founder of Teserakt, a Swiss-based company specialized in IoT security.
Links:
Similar Presentations: