Taproot is a #bitcoin upgrade which will occur at block #709632, ie. in Nov 2021
It brings several new innovations and features but one of them is especially interesting: Schnorr Signatures.
Let me tell you the brief history of asymetric cryptography 🧵
Asymmetric cryptography is a process that uses a pair of keys: public / private key.
Its most interesting application is *Digital signature*. It's a process where you can prove you know your private key without revealing it while anyone with your public key can verify your proof
This is exactly what we do, when we "send" #bitcoin
Asymmetric cryptography has been publicly discovered by the famous Diffie, Hellman, and then Merkle in the 70s. Then, in the late 70s, Rivest Shamir and Adleman invented the famous RSA cryptosystem which is still widely used.
In the 80s, Elliptic Curve Cryptography was discovered by Koblitz and Miller.
ECC has many advantages over RSA. Computations, data transfers are more efficient for a same level of security.
ECC, contrary to RSA is full of variations: basis field, curves, signature algorithms...
Let's focus on Signature algorithm. Schnorr signature was invented by Claus-Peter Schnorr in the 80s.
His signature algorithm is much simpler than any other, gives better security property and is linear (offering multisig almost for free).
But he did the worst thing that can happen to human knowledge (this, and claiming the break of RSA without any proof): He PATENTED his invention.
Thus, Schnorr signatures weren't used and ECDSA was specifically designed to bypass the patent.
When you look at ECDSA equations, it looks like a hack around Schnorr's equation.
In 2008, more than 20 years after the invention, the patent has expired. In 2008, Satoshi was finishing the design of #bitcoin. But because of the patent, Schnorr signature wasn't standardized.
Thus ECDSA was chosen for #bitcoin as a standardized and widely used algorithm.
In the meantime, Ed25519 was invented (2011), and can be seen as a variation of Schnorr Signatures.
(It's used in Polkadot, Cardano and Stellar).
30 years after this patent, Schnorr Signatures will be used in one of the largest scale application: #Bitcoin
It's a great news, but we lost 30 years because of a silly patent.
/fin
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Ledger’s mission is, and will always be, to provide our users with the right tools to own their digital value securely.
We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.
A thread 🧵
As you might know, your Ledger devices use a smartcard chip (a Secure Element), implementing tons of hardware countermeasures enabling resistance against high potential attackers even with physical access.
Smartcard technologies also allow a root of trust, enabling the secure element to prove they are genuine and not tampered, thus can be trusted even in complex supply chain scenarios.
1/ I’ve read several misconceptions about how a wallet works. It seems some people thought there is some magic, let me explain how it works.
A thread 👇
2/ A hardware wallet is mostly used as a signing device.
Your private keys are central to everything, and hardware + firmware work hand in hand to protect it.
Let’s review some fundamental cryptography about all hardware wallets, not just Ledgers.
3/ Asymmetric cryptography.
Protocols such as #bitcoin and #ethereum use an algorithm called Elliptic Curve Digital Signature to essentially prove ownership over a public address.
It’s practically impossible to retrieve the private key knowing the public key (thus asymmetic)
Ledger Recover is our upcoming and optional service for users who want a secure backup of their Secret Recovery Phrase. Do you want to learn more about the onboarding process and specificities?
A thread 🧵
Let’s first clarify something key: Ledger Recover is a service that you can choose if you want to use it. There is no auto opt-in with firmware updates.
If you plan to subscribe to Ledger Recover through Ledger Live, you will have to create an account and go through an ID verification process.
PLATYPUS is a novel side-channel attack targeting Intel x86 CPU (including AES-NI, SGX).
> platypusattack.com
I'm not surprised that we discover new attacks on Intel CPU, while I'm very surprised this attack has just been discovered now.
(1/n)
PLATYPUS is a Side Channel Attack allowing to _remotely_ extract secrets from Intel CPU incl. SGX enclave and AES-NI.
It uses the unprivileged access to RAPL (Running Average Power Limit) interface to get an internal measurement of the power consumption of the chip.
(2/n)
From an attacker PoV, this interface is great since it's unpriviledged and can be accessed remotely.
On the other side, it's quite low resolution, you can only get samples at 20kHz. This later limitation is overcome by several of techniques (cf paper).
I've read several misconceptions about Common Criteria certifications. Typically:
- "Components producers pay for certification"
- "Certifications test only against a known set of predefined scenarios"
- "Certifications are not a replacement for independant review"
Thread👇
(2/n)
In a Common Criteria Certification process (for a circuit). There are 4 actors: 1. The sponsor (SP) 2. The chip manufacturer (CM) 3. The 3rd party evaluation lab (lab) 4. The Certification body (CB)
(3/n)
Often SP and CM is the same entity, but not always.
The lab is an independant security eval entity accredited by the CB. There's no commercial relationship between lab and the CB. Regularly, the CB audits the lab to verify its skills.