Dark Skippy is a powerful method for a malicious signing device to leak secret keys.
With Dark Skippy, a malicious signer can use a modified signing function to efficiently and covertly exfiltrate their master secret seed by embedding it within transaction signatures.
This attack was discovered and discussed within the context of Bitcoin signing devices and hardware wallets, though it may be applicable to contexts outside of Bitcoin.
Dark Skippy requires a signer to be corrupted via malicious firmware. Dark Skippy has not yet been seen in the wild.
Demo
TL;DR
Previously it was thought to take dozens of signatures/transactions for a malicious signing device to leak a secret seed to an attacker by covertly embedding it inside transaction signatures. We have shown it can be done in just two signatures. A single use of a malicious hardware wallet is enough to lose everything.Is hardware wallet $X$ affected?
Dark Skippy is not an attack against any particular hardware
wallet/signing device and has not been seen in the wild; but rather is
is a general method that a malicious signing device could use to steal
your funds.
As long you are using a genuine device with honest firmware then it
should not be carrying out this attack. Ideally verifying open source
firmware against your vendor's public keys, many devices verify firmware
signatures automatically. You should ensure no one has the opportunity
to tamper with your device's firmware in-between uses.
See FAQ for more details.
How It Works
It might be useful to refresh your knowledge of malicious signing attacks with our Taxonomy of Malicious Signer Attacks which includes a refresher on Schnorr signatures.
First, an attacker needs to corrupt a signing device:
- A signing device could be tampered with to have malicious firmware loaded onto it.
- The user could be tricked into installing malicious firmware onto their device.
- The attacker could build malicious devices to sell or infiltrate supply chains.
The malicious signing firmware uses a signing function that differs from regular Schnorr signing:
- Instead of sampling secret nonces randomly from 32 bytes, the malicious signer deliberately uses a weak & low entropy secret nonce that is a chunk of the secret seed that is being exfiltrated.
- The malicious signer uses the first 8 bytes of a 12-word seed (totaling 16 bytes) for the first input signature's nonce, and uses the remaining 8 bytes for the nonce of second input signature.
The attacker scans the mempool for transactions with affected signatures
produced by the malicious signer.
Upon detecting an affected transaction, the attacker runs an algorithm
like
Pollard's Kangaroo algorithm
(hence the name Dark Skippy) on the signature's public nonces to solve
for the secret nonces.
Once solved, the attacker concatenates the results to reconstruct the
full 16 bytes of entropy that the malicious signer was trying to
exfiltrate.
This is the most rudimentary version of the attack but a sophisticated attacker is likely to enhance it so that only they can extract the seed. This can be done by blinding the nonce with an attacker controlled key embedded in the malicious device. Additionally, affected transactions can be watermarked so that the attacker can easily identify them on-chain.
An attacker who corrupts a signing device watches on-chain until they spot a watermarked transaction, unblind and invert the low entropy nonces to learn the master secret seed, then wait and steal the funds whenever they decide best. For the user, the attack is impractical to detect and difficult to forensically determine what has occurred.
Attack Advantages
- Covert - the attack is impractical to detect.
- No additional communication channels - data is exfiltrated within signatures broadcasted to the Bitcoin network.
- Works against stateless devices - the attack can be executed in a single transaction with only a few inputs.
- Exfiltrates the master secret - the attack exposes the entire wallet by exfiltrating the seed words.
- Affects every user of a malicious device - including users who provide their own secure seed.
Discovery
Dark Skippy was discovered by Robin Linus in a
twitter discussion.
We investigated this attack as part of a security workshop we were
running for a conference and found it to be
even more effective than previously speculated, in that we were
able to extract a 12 word seed with minor computational resources. In
fact a decent laptop suffices to achieve what Linus claimed.
Nonce covert channel attacks have been publicly discussed (and mitigated) in the past, within Bitcoin contexts [1] [2] [3] so this attack does not represent a new vulnerability but rather a new way of exploiting an existing vulnerability.
We believe that Dark Skippy is now the best-in-class attack for malicious signing devices. So despite the attack vector not being new we deem disclosure to be worthwhile.
Mitigation
There are a number of existing mitigations including 'anti-exfil'
signing protocols which are offered by some signing devices. We also
have some new ideas for mitigations which require substantial developer
review and input.
See our
Mitigations page.
Questions?
See our FAQ.
Worked Example
You should check out our Worked Example where we walkthrough a step-by-step example, extrating the seedphrase from the transaction in our demonstration video.
Disclosure Process
On the 8th of March 2024 we privately disclosed this attack to around 15
different vendors in order to collect feedback on threat relevance
within security models, our ideas for mitigations, and this disclosure.
Mitigations beyond those which already exist require substantial public
collaboration and review (e.g. additions to PSBT and signing
specifications), so rapid and subtle mitigation was deemed infeasible.
Further delaying the public release of this information is against the
interest of users who would like to mitigate this attack.
We will make our demonstrating code publicly available sometime around
September 2024. This code will provide functionality to build these
malicious signatures, identify affected transactions in the mempool, and
decode the exfiltrated seed words.
Authors
Lloyd Fournier, Nick Farrow, Robin Linus
Lloyd and Nick are
Co-Founders of an upcoming next-generation hardware wallet -
Robin works on
ZeroSync and BitVM among other things.
This work was self-funded and pursued with our passion for improving
security within the Bitcoin ecosystem, as well as academic interest. It
was also great fun 🦘.
Contact for requests, comments, press: contact@darkskippy.com
Acknowledgements
Alex Hanley for lending us his seedsigners and his work developing the device side python code for the seedsigner demo.
Tim Ruffing & Jonas Nick for their tips regarding a disclosure process, and conversations surrounding mitigations.
The hardware vendors who explained applicability of this attack within their security models, and feedback for our mitigation ideas.