Hertzbleed, a new form of computer attack, will allow its perpetrator to discover the private keys of a Bitcoin wallet, the same keys used to send a transaction in this protocol, when said wallet is running from a personal laptop or CPU.
Hertzbleed stands for “repeating bleeding” in reference to “Hertz” or Hz, the unit of frequency measurement, and Bleedin English “bleeding”.
in this meaning, Hertzbleed collects information about the performance of your laptop’s microprocessors and CPUs. It uses the time and intensity of cycles to perform secret encryption operations, similar to those performed when Bitcoin transactions are created with a private key and a wallet’s public key.
Could Hertzbleed Affect a Bitcoin Wallet?
In this week’s Bitcoin Technology Development newsletter, Bitcoin Optech, they outlined this type of attack:
The newly discovered vulnerability affects many common CPU-type processors in laptops, desktops, and servers, allowing attackers to discover private keys when those keys are used to sign Bitcoin transactions (or perform other similar operations). The notable aspect of this attack is that it can affect signature generation code that has been specifically written to always use the same type and number of CPU processes to prevent information leakage to attackers.
From Optech explained that The attacker will have to calculate the power consumption of the CPU processor Or measure how long it takes for that processor to sign the process. The ideal scenario for this to happen is when the same private key is repeatedly used to sign Bitcoin transactions from a computer.
Therefore, the vulnerability can affect hot wallets [de software] Frequently used ones, such as those used by services hosted by your provider and Lightning Network router nodes. Most used wallets currently [como una hardware wallet] that are used in secure environments can be more resistant to this attack,” they say.
Hertzblade was discovered by a group of researchers from the universities of Texas, Illinois and Washington, who conducted experiments on it. Intel, a leading manufacturer of microprocessors, reviewed the study and Certain that all of your processors may be affected, Hertsbald described it as follows:
The observed power management behavior of some Intel processors may allow an authorized user to obtain information via network access..
Is Bitcoin Core Resistant to Hertzbleed Attack?
Some Bitcoin developers and Crypto experts explained that while it is difficult to carry out this attack on a wallet, Drawing conclusions is still a very new type of vulnerability.
Developed by Pieter Wuille Indian that although Bitcoin Core is able to perform key generation operations in an armored manner, Not all of them have the same level of protection every time they are made.
The code library libsecp256k1 is primarily used for bitcoin, as shown on GitHub, and is designed to generate public or secret keys with advanced encryption.
Yes, libsecp256k1 has what it takes to protect itself and the heavy armor itself [belt-and-suspenders]. But it doesn’t cover all covert operations, and it regularly depends on adding more entropy (by making separate API calls) [subfunciones y rutinas de software].
[…] So I can’t at this point be sure that libsecp256k1 is not affected. This is a new type of attack with unexpected consequences. It might make some changes to the API [de Bitcoin].
Peter Weil, Bitcoin Developer.
“Bitcoin Core protects processes only at startup, not every time for each signature,” Peter Weil said in another comment.
Regarding Hertzbleed, it might be worth considering that with this type of attack as well Other keys may be stolen or authentication signed for other processes on the computer. At the moment, there is no patch or workaround for this vulnerability, and no attacks have actually been reported.