Ben Dickson28 June 2022 at 15:38 UTC Updated: 28 June 2022 at 17:20 UTC

Signing mechanism security shortcomings exposed

A poor implementation of Ed25519, a popular digital signature algorithm, has left dozens of cryptography libraries vulnerable to attacks.

According to Konstantinos Chalkias, a cryptographer at MystenLabs who discovered and reported the vulnerability, attackers could exploit the bug to steal private keys from cryptocurrency wallets.

Some but not yet all of the vulnerable technologies have been patched.

Ed25519 is often used as a modern replacement for the Elliptic Curve Digital Signature Algorithm (ECDSA). Ed25519 is more open, secure, and faster than ECDSA, which is why it has become very popular in many sectors, especially in blockchain and cryptocurrency platforms.

The main benefits against ECDSA is that EdDSA sig[nature]s are deterministic and users dont need [access to] a secure Random Number Generator [RNG] to sign a transaction, Chalkias told The Daily Swig. Why is this useful? because a users laptop or IoT device might not have a good source of entropy or support a weak RNG function.

Numerous security incidents have shown that poor random generation can result in private keys being leaked or stolen. One notable example was the private key leaks of PlayStation 3, whose technology relies on the ECDSA algorithm.

The standard specification of Ed25519 message signing involves providing the algorithm with a message and private key. The function will use the private key to compute the public key and sign the message. Some libraries provide a variant of the message signing function that also takes the pre-computed public key as an input parameter. There are some benefits to this implementation.

Recomputing the public key each time would result in a slower algorithm (it adds an extra scalar to elliptic curve point multiplication to derive the public key, which reduces the speed by almost 2x, potentially making it even slower than ECDSA), Chalkias said.

Read more of the latest hacking news from around the world

And generally, in cryptography, its good hygiene to avoid accessing the private key many times. If we allowed the public key derivation on each signing invocation, then this implies we need to access it twice, once to sign, and once to derive the public key.

However, the modification also creates a security loophole in the library.

Chalkias found that some libraries were allowing arbitrary public keys as inputs without checking if the input public key corresponds to the input private key. This shortcoming means that an attacker could use the signing function as an Oracle, perform crypto-analysis and ultimately get at secrets. For example, an attacker who cant access the private key but can access the signing mechanism through an API call could use several public keys and messages to gradually build up insights into private key parameters.

Chalkias initially found 26 libraries that were vulnerable to the attack. The list was later extended to 40 libraries. The security researcher also found several online services that were vulnerable to the same kind of attack, including a fintech API.

In some applications when keyGen fails or a clean-up process deletes the privKey for this user, then the app usually retries keyGen. But in the meantime and for a few sec[ond]s, the DB [database] still stored the old , and this allowed a narrow window for race condition attacks before the DB gets updated with the new pubKey (a scenario that, surprisingly, we managed to exploit with significant probability), Chalkias noted.

Since his report, several libraries have implemented fixes and workarounds, including ed25519-elisabeth, PASETO, and Trezor wallet.

A few libraries [have] already provided either fixes (if they were vulnerable) or proactively added extra checks that the stored pub key corresponds to the private keys, Chalkias concluded.

YOU MAY ALSO LIKE Researchers crack MEGAs privacy-by-design encryption, storage

Read the rest here:
Dozens of cryptography libraries vulnerable to private key theft - The Daily Swig

Today President Biden met with G7 leaders tostrengthenour cooperation on economic issues, cyberspace and quantum, andother 21stcenturychallenges, including thoseposed by Chinato our workers, companies, and national security.The G7, representing over 50% of the world economy, is demonstrating that it is among the most potent institutions in the world today, with like-minded democracies solving problems.

Committing to a unified approach to confront Chinas unfair economic practices:The G7 will release collective, unprecedented language acknowledging the harms caused by the Peoples Republic of Chinas (PRC) non-transparent, market-distorting industrial directives. They will commit to working together to develop a coordinated approach to remedy the PRCs non-market policies and practices to ensure a level playing field for businesses and workers.

Elevating supply chain resilience:The G7 will share insights and best practices to identify, monitor, and minimize vulnerabilities and logistic bottlenecks in advance of supply chain shocks, as well as coordinate on long-term risk that undermine global security and stability. The G7 will make a commitment tointensifydevelopment ofresponsible, sustainable, and transparentcritical minerals supply chains and establish a forward strategy that takes into account processing, refining and recycling.

Cooperating on Cyber and QuantumTechnology:The G7 will make a commitment to intensify and elevate our cyber cooperation; working with our close partners to achieveaccountability and increasing stability and security in cyberspace. The G7 will also commit to new cooperation to deploy quantum resistant cryptography with the goal of ensuring secure interoperability between ICT systems and fostering growth in the digital economy.

AdvancingTrade and Technology Council standards for democratic, market-oriented approaches to trade:The G7 will include a commitment tostandards in technology, trade and innovationthat represent our values as G7 partners compete with China.Through fora, such as theU.S.-EUTrade and Technology Council, we will demonstrate to the world how democratic and market-oriented approaches to trade, technology, and innovation can improve the lives of our citizens and be a force for greater prosperity.

Improving the multilateral framework for debt restructuring:The G7 will underscore its commitment to successfully implementing the G20 Common Framework for Debt Treatments beyond the Debt Service Suspension Initiative. The G7 will urge all relevant creditors, including non-Paris Club countries such as China and private creditors, to contribute constructively to the necessary debt treatments as requested. The G7 will also reaffirm its commitment to promoting transparency across all debtors and creditors for improved debt sustainability.

Committing to tackle forcedlaborandupholdinghuman rights:The G7willcondemna range of human rights abuses occurring globally, including abuses linked toRussias further invasion of Ukraine,thePRCs repression in Xinjiang and Tibet,the military coup in Burma,andongoing suppression of freedom in Iran.The G7willalsocommitdtoaccelerate progress totackle forced labor,with the goal of removing all forms of forced labor from global supply chains, including state-sponsored forced labor, such as in Xinjiang. G7 countriescommittedto takefurthermeasures to strengthen cooperation, including through increased transparency and business risk advisories, and other measures to address forced labor globally.As one important example of action to combat forced labor in the PRC, the United States is implementing the Uyghur Forced Labor Prevention Act, which President Biden signed into law in December 2021.

Reaffirmingthe Importance of Democratic Resilience:TheG7 Leaders along with the leaders of Argentina, India, Indonesia, Senegal, and South Africa releasedastatementon Democratic Resilience,affirmingthe importance of strengthening resilience to authoritarian threats within our own democracies and around the world.ThisStatement will amplify the shared democratic values across G7 countries; condemn Russias invasion of Ukraine as an attack on democracy; affirm the importance of civil society and independent media; and outline how G7 members will strengthen actions in response to rising foreign threats related to illicit finance and corruption, foreign malign influence, and transnational repression.

###

Originally posted here:
FACT SHEET: The United States Continues to Strengthen Cooperation with G7 on 21st Century Challenges, including those Posed by the People's Republic...

Its been a nightmare couple months for cryptocurrency investors. Theyve watched their Bitcoin BTC holdings hemorrhage 70 percent of their value since the record high of $69,000 back in November. Overall, theyve suffered crypto losses totaling more than half (55%) of capitalization, or an estimated market loss of $2 trillion.

The days when crypto enthusiasts could talk about crypto as if Bitcoin were the new reserve currency, or the digital equivalent of the gold standard, or even a transformation of what it means to invest, are over. Crypto looks more like a classic boom and bust investment, like Dutch tulips, rather than the next best hope for humanity.

PARIS, FRANCE - FEBRUARY 06: In this photo illustration, a visual representation of the digital ... [+] Cryptocurrency, (Photo by Chesnot/Getty Images)

As I warned in an earlier Forbes column, the crypto boom was driven by systematic policy failures by major central banks. As long as they made bad decisions about monetary supply or failed to take on inflation, cryptocurrencies were going to look like solid investments. As soon as central banks shook off their inertia, crypto values started heading south. Meanwhile, the threat of regulation of the crypto marketregulations that might strangle the Bitcoin goosehas raised additional uncertainties about where the market is headed, and whether it pays to buy low nowor run for the hills.

Nonetheless, as Bloomberg reports, venture capitalists still want in the crypto game. Theyre being smart. They sense that despite the burst bubble since January, cryptocurrencies will be here to stay. They may not save humanity from itself, as some thought, but they remain a valuable speculative instrument but also a store of value when other investments look uncertain or too volatile to handle.

At the same time, Bitcoin and crypto do offer a deeper secret that is important to the rest of humanity. That secret isnt what they do, but how they do it. i.e. with Distributed Ledger Technology or blockchain.

An abstract digital structure showing the concept of blockchain technology with hexadecimal hash ... [+] data inside each block.

We can think of blockchain as an enormous spreadsheet thats reproduced thousands of times across a network of computers, that regularly updates the spreadsheet and its common database. The growing list of records in the ledger, called blocks, are linked or chained together to all previous blocks of transactions, using a cryptographic fingerprint known as a hash. Each transaction is independently verified and confirmed by peer-to-peer computer networks, time-stamped, and then added to the distributed ledger. Once recorded, the data cannot be alteredand its only shared with those who are part of the encrypted ledger.

Former SEC Chairman Jay Clayton has predicted that blockchain is the future of our financial markets, including digital currencies. High-tech guru George Gilder sums up the future of blockchain this way: Even though bitcoin may not, after all, represent the potential for a new gold standard, its underlying technology will unbundle the roles of money. Blockchain may even represent the future of the Internet.

There is, however, a cloud hovering over the DLT future, a quantum cloud.

This column pointed out back in 2018 that DLT was vulnerable to future quantum computer attack. Our latest report from the Quantum Alliance Initiative at the Hudson Institute, gives some idea of the cost of such a future quantum computer assault. Our econometric calculations indicate that such an attack would amount to $1.8 trillion in direct losses, with an additional loss of $1.4 trillion in indirect impacts. Taken together, a successful quantum computer decryption of cryptocurrencys most valuable assetits blockchain encryptionwould result in a $3.34 trillion hit on the U.S. economy, with negative ripple effects across the global economy for a long time to come.

Stablecoins doesnt fare any better in this scenario. Since these crypto instruments are pegged to 1:1 ratios with fiat currencies, the resulting liquidity crunch as margin calls come due and banks scramble to cover losses, means they too become quantum road kill.

Whats the answer? As weve mentioned in other columns, crypto companies need to adopt quantum-safe encryption to protect their future. That means either installing post-quantum cryptographic algorithms like the ones being standardized by the National Institute of Standards and Technology or turning to quantum-based cryptography, which uses quantum random number generators and quantum key distribution to create hack-proof communication links across the ledger.

There are even quantum security companies that offer both.

Likewise, it would make sense for a government regulatory crypto regime to require installing quantum-safe solutions for the entire industry. Making cryptocurrencies quantum secure could even set the next cryptographic standard for the rest of the financial sector, from banks to equity and credit markets.

Either way, the future of blockchain, like the future of crypto, hangs in the balance. So will the future of the U.S. economy, unless we start getting smart about the quantum threat to come.

See more here:
Can Crypto Still Save The World? - Forbes

Bitcoin has gained worldwide popularity, distinguishing itself as a unique asset class. Institutional bankers and private and public corporations are also adding this digital money into their portfolios. On the other hand, this digital money is significantly different from conventional currency. Here are a few features that differentiate Bitcoin System from traditional assets.

Stocks restate, and fiat currency is controlled to varying degrees by the government. However, this digital money is the first truly decentralized asset. Bitcoins network aims to keep power decentralized. Instead, the networks algorithm determines supply and distribution.

As a result, this electronic money doesnt have a single entity controlling it. Instead, anyone accessing the internet can technically join the Bitcoin network and add the asset to their portfolio. The peer-to-peer structure is Bitcoins core feature and distinguishes it from every other asset class.

Every transaction on this digital money network remains on a block linked to a previous block of transactions. This blockchain technology is immutable, meaning no entity can erase or alter any information on the network. Transactions on this virtual money are verified by network nodes through cryptography and recorded in the blockchain. More so, a blockchain is a public ledger.

The distinguishing feature of immutability makes the network reliable and trustworthy. It makes it stand out from all other asset classes where a lack of transparency, forgery, or corruption could pose a risk to the investor.

With this electronic money, you cannot tell how much of this virtual money a person can own, but at the same time, it is visible to everyone on the ledger board how much transaction has been made by which user and who are the recipients of the Bitcoin. As a result, Bitcoin transactions are crystal clear to everyone in the ecosystem of Bitcoin. Also, from this mentioned history on the ledger board, on a proper analysis, anyone in the network can know the asset owned by another person if they want. However, network participants can do a lot of things to prevent this.

When comparing this digital money transaction to other banks or other methods of commerce, Bitcoin transactions are exceptionally fast. People can send funds using Bitcoin viahttps://bitcoinprime.software/within a few minutes. On the other hand, when you send such an amount using banks, the transactions will take weeks to go through successfully.

Generally, banks take long documentation and procedures for opening and managing an account, including dealer records and credit checks. Also, they consider legal aspects and implications of their operations when dealing with electronic money. On the other hand, you can make an address in Bitcoin in a few seconds without any need for legal documents. You only need to set a strong password and not forget it because once the password is gone there is no getting it back.

Since the creation of this electronic money, Bitcoin has gradually become a mainstream asset. More so, estimates suggest that there are over 100 million active Bitcoin users worldwide. The popularity of this electronic money makes it more valuable. Also, Bitcoin is considered a legitimate store of value, and many people use it. And this gives it more liquidity and acceptability than most other traditional assets.

All the above features, including censorship resistance, hard-capped, and immutability, are among the many features that make this electronic money stand out from the other assets.

Continue reading here:
Features That Distinguish Bitcoin from the Other Assets - Telemedia Online

Apple has unveiled its version of passkeys, an industry-standard replacement for passwords that offers more security and protection against hijacking while simultaneously being far simpler in nearly every respect.

You never type or manage the contents of a passkey, which is generated when you upgrade a particular website account from a password-only or password and two-factor authentication login. Passkeys overcome numerous notable weaknesses with passwords:

After a test run with developers over the last year, Apple has built passkey support into iOS 16, iPadOS 16, macOS 13 Ventura, and watchOS 9, slated for release in September or October of this year. These operating systems will store passkeys just as they do passwords and other entries in the user keychain, protected by a device password or passcode, Touch ID, or Face ID. Passkeys will also sync securely among your devices using iCloud Keychain, which employs end-to-end encryptionApple never has access to passkeys or other iCloud Keychain data.

Best of all, perhaps, is that Apple built passkeys on top of a broadly supported industry standard, the W3C Web Authentication API or WebAuthn, created by the World Wide Web Consortium and the FIDO Alliance, a group that has spent years developing approaches to reduce the effectiveness of phishing, eliminate hijacking, and increase authentication simplicity for users. Apple, Amazon, Google, Meta (Facebook), and Microsoft are all FIDO board members, as are major financial institutions, credit card networks, and chip and hardware firms.

Many websites and operating systems already support WebAuthn via a hardware key like the popular ones made by Yubico. You visit a website, choose to log in using a security key, insert or tap a button on the hardware key, and the browser, operating system, and hardware key all talk together to complete the login. A passkey migrates the function of that hardware key directly into the operating systemno extra hardware required. Websites that already support hardware-based WebAuthn should be able to support passkeys with little to no effort, according to Apple.

Before we get started, note that Apple writes passkey in lowercase, an attempt to get us to use it alongside password, passcode, and passphrase as a common concept. Google, Microsoft, and other companies will offer compatible technology and may also opt for the generic passkey name. While new terminology can cause confusion, passkey is better than the more technically descriptive multi-device FIDO credentials, which doesnt exactly roll off the tongue.

Lets dig in to how passkeys work.

Passkeys rely on public-key cryptography, something weve been writing about at TidBITS for nearly 30 years. With public-key cryptography, an encryption algorithm generates a secret thats broken into two pieces: a private key, which you must never disclose, and a public key, which you can share in any fashion without risk of exposing the private key. Public-key cryptography underpins secure Web, email, and terminal connections; iMessage; and many other standards and services.

Anyone with a persons public key can use it to encrypt a message that only the party who possesses the private key can decrypt. The party who has the private key can also perform a complementary operation: they can sign a message with the private key that effectively states, I validate that I sent this message. Crucially, anyone with the public key can confirm that only the private keys possessor could have created that signature.

A passkey is a public/private key pair associated with some metadata, such as the website domain for which it was created. With a passkey, the private key never leaves the device on which it was generated to validate a login, while a website holds only the corresponding public key, stored as part of the users account.

To use a passkey, the first step is to enroll at a website or in an app. Youre likely familiar with this process from any time you signed up for two-factor authentication at a site: you log in with existing credentials, enable 2FA, receive a text message or scan a QR code into an authentication app or your keychain (in iOS 15, iPadOS 15, and Safari 15 for macOS), and then verify your receipt.

With a passkey, the process is different. When you log in to a website offering passkey authentication, you will have an option to upgrade it to a passkey in your accounts security or password section. The website first generates a registration message that Apples operating systems will interpretit happens at a layer you never see. In response, your device creates the public/private key pair, stores it securely and locally, and transmits the public key to the website. The site can then optionally issue a challenge for it and your device can present it to confirm the enrollment.

On subsequent visits, when youre presented with a login, your iPhone or iPad will show the passkey entry in the QuickType bar and Safari in macOS will show it as a pop-up menu. In both cases, thats just like passwords and verification codes today. As with those login aids, youll validate the use of your passkey with Touch ID, Face ID, or your device passcode, depending on your settings.

Behind the scenes, your request to login via a passkey causes the site server to generate a challenge request using the stored public key. Your device then has to build a response using your stored private key. Because you initiate a passkey login by validating your identity, your device has access to your passkeys private key when the challenge request comes in and can respond to the challenge without another authentication step. The server validates your devices response against your stored public key, ensuring that you are authorized for access. If it all checks out, the website logs you in.

A passkey replaces two-factor authentication, and its worth breaking down why, as it seems counter-intuitive: how can a single code held on a device provide distinct aspects of confirmation? The rubric for multiple security factors is usually stated as at least two of something you know, something you have, or something you are. A passkey incorporates at least two of those:

Think for a moment about the advantages here. A passkey:

Apple stores each passkey as just another entry in your keychain. If you have iCloud Keychain enabled, the passkeys sync across all your devices. (iCloud Keychain requires two-factor authentication enabled on your Apple ID; Apple hasnt said if passkeys will replace its internal use of 2FA for its user accounts.)

You can share a passkey with someone else using AirDrop. This means you have to be in proximity to the other person, another element in security. The details are shared through end-to-end encryption, allowing the private key and other data to be passed without risk of interception. Apple hasnt provided much more detail than that AirDrop sharing is an option, so there may be other provisos or security layers.

Because passkeys replace passwords and a second factor, you may be reasonably worried at this point about losing access to your passkeys if youre locked out of your Apple ID account or lose all your registered devices. Apple has several processes in place for recovering Apple ID account access and broad swaths of iCloud-synced data. For an Apple ID account, you can use Apples account recovery process or an account Recovery Key. For iCloud data, if youve enabled the friends-and-family recovery system, iCloud Data Recovery Service, you can use that to re-enable access. After you recover account access, Apple has an additional set of steps that enable you to retrieve iCloud Keychain entries: it involves sending a code via SMS to a registered phone number and entering a device passcode for one of the devices in your iCloud-synced set.

This is all a fabulous reduction in the potential for successful attacks against your Internet-accessible accounts. But theres more: Apple isnt building yet another walled garden. Instead, passkeys are part of a broad industry effort with which Apple says its implementation will be compatible.

Apple built its passkey support on top of the previously mentioned WebAuthn standard, which describes the server side of how to implement a Web-based login with public-key cryptography. FIDO created standards for the client side of that equation and calls the combination of its protocol and WebAuthn FIDO2. Apple developed its own client-side approach thats compatible with standard WebAuthn servers and should be interchangeable with other companies rollouts of passkeys. Google, Microsoft, and Apple made a joint announcement in May 2022committing to this approach, too.

In Apples passkey introduction video for developers, engineer Garrett Davidson emphasized Apples commitment to compatibility, saying:

Weve been working with other platform vendors within the FIDO Alliance to make sure that passkey implementations are compatible cross-platform and can work on as many devices as possible.

He then demonstrated using a passkey on an Apple device to log in to a website on a PC, showing how a QR code could be used to enable a passkey login to one of your accounts on a device or browser thats not connected to your existing devices or ecosystem.

Heres how you might log in to a passkey-enabled account on someone elses PC using your iPhone with your passkey as the authenticator. During the login, you can opt to add a device instead of entering a passkey or other authentication in the browser. The websites server generates a QR code that includes a pair of single-use passwordstheyre generated just for that login and used in the next step for additional validation. (Note that the device with the browser could be any passkey-supporting operating system and device. The authenticating devices might be limited by Apple or other companies to a smaller set, much like you can only use an iPhone to confirm Apple Pay in Safari on a Mac, not a Mac with Touch ID to confirm Apple Pay from an iPhone.)

The PC in our example also starts broadcasting a Bluetooth message that contains the information needed to connect and authenticate directly with the server. Scan that QR code on your iPhone, and the iPhone uses an end-to-end encrypted protocol to create a tunnel with the PCs Web browser using the keys shown in the QR code. (This encrypted connection isnt part of the Bluetooth protocol, by the way, but data tunneled over Bluetooth; Bluetooth doesnt incorporate the necessary encryption strength.)

This Bluetooth connection provides additional security and verification by offering out-of-band elements, or details that the PC isnt presenting to the device thats providing authenticationhere, your iPhone. Because Web pages can be spoofed for phishing attacks, the Bluetooth connection provides a device-to-device backchannel for key details:

This broad device and platform compatibility lets you maintain the same degree of passkey security and simplicity without downgrading to a weaker method for login when accessing your account using other peoples devices. Whenever theres a way to force a weaker login method, malicious parties will exploit that via phishing, social engineering, or other interception techniques. (Providing a second factor via an SMS text message versus a verification code is a prime example of a weaker backup approach that has been exploited.) In fact, until passkeys can be used exclusively, password-based logins will have to remain available, and theyll remain vulnerable.

There might be some usability hiccups as passkeys roll out, but they shouldnt be widespread. Its possible, for instance, that some WebAuthn server components will need to be updated or that Apple will have to add more edge cases to its framework to encompass how things work in the wild.

But imagine a world in which you can securely log in to websites using any current browser on any device running any modern operating system, without having to create, remember, type, and protect passwords. Its relaxing just to think about.

The main question that remains unanswered is how portable passkeys will be among ecosystems: can I use iOS and Android and Windows and share a passkey generated on one among all three? Given that Apple has built an AirDrop-sharing method for passkeys, I hope FIDOs broad compatibility includes sharing passkeys among operating systems, too.

Passwords have provided an uneasy security compromise since their introduction decades ago when multi-user computing systems began to require protection. Passwords are patently imperfect, a relic of an age when physical proximity provided the first level of protection, something rendered moot by the Internet.

In an effort to answer some of the weaknesses in a password system, two-factor authentication was grafted on to require that you had something besides a password, something that required holding or being near an object to validate your right to log into a computer, service, or website. But because 2FA starts with an account password and uses a second method that can be subject to compromise or phishing, it remains a patch applied to a damaged wall.

The passkey is a modern replacement for passwords that rebuilds the security wall protecting standard account logins. Proximityin the form of the device that stores your passkeysis a powerful tool in reducing account hijacking and interception. Passkeys may seem scary and revolutionary, but theyre actually safer and, in some ways, a bit old-fashioned: theyre a bit of a throwback to a time when having access to a terminal provided proof you were authorized to use it.

Read more:
Why Passkeys Will Be Simpler and More Secure Than Passwords - TidBITS