
Extracting the Private Key from a TREZOR - csomar
https://jochen-hoenicke.de/trezor-power-analysis/
======
runn1ng
Hey, I work for SatoshiLabs makers of TREZOR, just a small note.

Jochen did a responsible disclosure and this has been fixed already in the
firmware before the article hit. Also he is actively submitting patches to the
firmware, which is awesome.

I will also note we have a bug bounty program - see
[http://satoshilabs.com/security/](http://satoshilabs.com/security/)

Also, see us at 32c3, some of us are here :)

------
trevyn
I know nothing about TREZORs, but I found it odd that the article mentioned a
lack of time resolution in resolving certain events, but made no mention of
looking for decoupling capacitors or removing them. Does anyone know if the
TREZOR design includes decoupling caps?

------
lovelearning
I find his ability to relate changes in voltage to steps in the programming
logic truly amazing.

~~~
bpp
+1

------
wyager
It seems like a cheap defense against side channel attacks would be to spam
the power line with random, significant loads at integer divisors of the
processor frequency. This would substantially increase the window required for
statistical inference of what's going on in the processor.

~~~
erikpukinskis
The attacker could just put the probe closer to the CPU.

~~~
wyager
You could put the noise source deep inside the CPU.

------
ibejoeb
Fascinating. Best look into side channels via electrical analysis I've seen.
Thanks.

------
diafygi
Are their any small form factor smart card like devices that are immune from
side channel attacks like these? It seems like using constant power without
much hardware to buffer stuff out is very difficult.

~~~
tptacek
Yes; this was Cryptography Research's main line of business for a long time.
Rambus owns them now.

[http://www.rambus.com/security/dpa-
countermeasures/](http://www.rambus.com/security/dpa-countermeasures/)

The solutions for many (most?) of these problems are patented.

~~~
nickpsecurity
"The solutions for many (most?) of these problems are patented."

Very aggravating that this is still true.

------
bpp
What an excellent article. I've understood how side-channel attacks _could_
occur, but this is the first thing that I've read that makes the link to how
they actually are performed. Thank you.

------
matthiasb
I have no idea how TREZOR is actually designed, but I would assume they could
avoid this kind of security issue by using a secure element/smart card to
perform the cryptographic operations.

~~~
TD-Linux
Well, the TREZOR is already a dedicated "smart card". If you ran the same code
on a smart card, you'd have the same side channel attacks.

------
diziet
Would not doing a random amount of extra calculations during this step not
address this issue better than having a constant time calculation? Of course,
fundamentally, if something has access to the hardware, good luck securing
things. A dedicated attacker will figure out a way to bypass the PIN.

------
pjgomez
That was just astonishing. If someone is looking for a definition of hacking,
that's it.

------
elmar
This is really over the TOP hacking, thanks for sharing.

