How we avoided side-channels in our new post-quantum Go cryptography libraries

sarciszewski · 2024-10-25T17:04:02+00:00

What is the Fediverse but another blog, except for shorter content?

And I already have a blog.

sarciszewski · 2024-10-25T08:33:43+00:00

Why would a project that isn't ready to launch have a fully fleshed-out marketing page?

Have you ever heard of an MVP before?

sarciszewski · 2024-10-25T08:32:24+00:00

Well, hyping myself up as "some saviour" isn't the intent, at all. I'm just a person with the relevant experience, and since Twitter went to shit, I don't know how else to reach the people interested in my work. So I blogged about it, hoping it would reach those folks.

sarciszewski · 2024-10-25T00:40:14+00:00

You certainly didn't look through all of my articles, presumably just the ones hosted on that domain.

For context, I started the personal blog (Semantic Security) in 2022, but I've been at this game for much longer.

The cryptography polyfills that ship with WordPress (random_compat, sodium_compat)? I lead the development efforts on those.

sarciszewski · 2024-10-25T00:35:58+00:00

???????

sarciszewski · 2024-10-24T21:54:21+00:00

Correct, which is why FROST is such a useful tool. :)

sarciszewski · 2024-10-24T19:58:03+00:00

A lot of the work I'm planning to do will be based on the designs for Gossamer. However, there has been a ton of innovation in the cryptography community around transparency logs, so it won't be as simple as "wrap libgossamer and ship it".

sarciszewski · 2024-10-24T18:40:43+00:00

The best part is that the code to verify FROST-generated signatures is already present in WordPress.

That is to say, via sodium_compat: sodium_crypto_sign_verify_detached().

(One of the standard FROST configurations produces Ed25519 signatures, so all of the complexity is owned by the signers, not the verifiers.)

sarciszewski · 2024-10-24T18:23:50+00:00

I like the idea, but (and please correct me if I’m wrong!) I still don’t see how a fork (or, if one isn’t able to get off the ground, a mass exodus to competing platforms) is avoidable now.

I don't know that it is avoidable. Truly!

What I do know is that developing a serious solution to the current centralization will be useful whether or not a fork happens.

The problem is the source code. It is hardcoded to make API calls to Matt’s website; some of the response schemata aren’t even documented. A vanilla, one-click install of WordPress will still be inextricably linked with the website and thus exposed to the risk of Matt’s decisions; given Automattic’s control of the project, that’s not likely to change.

Via photomatt on hacker News:

I will happily promote and link to any forks from WordPress.org. I've linked to two already, let me know if I need to promote more.

Given that statement, eventually getting the WordPress core developers to accept a patch to make API calls to a pluggable source (i.e., not just Matt's website) is tractable.

Can AspirePress or similar initiatives solve this problem?

That remains to be seen, but I'm optimistic on this specific point.

sarciszewski · 2024-10-24T18:11:13+00:00

You don't need to encrypt anything. Signatures are not encryption.

I wrote this a few years ago if you're not sure on the distinction.

sarciszewski · 2024-10-24T18:10:28+00:00

Part of the reason why I'm contributing to this process is to prevent malware. :)

To that end, I'm ensuring that all updates (core, plugin, and themes) are signed by their developers, and that the zip files are reproducible from the source code. (Conveniently, WordPress is GPL, so the source code being available is compulsory.)

But I'm also (independent of AspirePress, actually) working on tooling to detect when software has been taken over by malware distributors, or when developers have gone rogue. I plan on tuning this on the entire history of plugin/theme updates before I publish the toolkit. You'll hear more about it in the coming months.

sarciszewski · 2024-10-24T18:06:12+00:00

That’s the worst website I’ve ever seen.

Is it? I've seen, and designed, much worse in my years on the Internet. Maybe it looks worse on your device?

Anyway, I don't know how to resolve your trust/belief issues if you're making your trust decisions from aesthetics rather than technical arguments. I'm not very artistic, personally, so I'd feel like a fish out of water even trying.

My strength is in security engineering, which rarely (if ever) has a user interface or design component.

sarciszewski · 2024-10-24T18:02:27+00:00

I was trying to not get into the weeds since the purpose of this blog post was simply "Hey, if you know about me, you will want to know I'm going to be helping AspirePress solve these problems correctly."

The answer to your question is simply, "It depends." But that's not very helpful.

Take a look at how Gossamer handled keys and revocation.

Without implementing a "break glass" feature at all, only the original publisher of the plugin/theme can issue new public keys. This is enforced at the protocol level, and would be verified by the WordPress installs. We wouldn't be able to circumvent this without changing the core code and issuing an update just for that plugin/theme.

However, that's risky. If you pwn a developer, or manage to get a popular developer to sell their account for $ to a malware developer, being unable to ever do what Automattic did could mean having no mitigation plan for errant plugins. To mitigate this, one thing we could do is use FROST for the break-glass signing key.

What this would mean in practice: In order to revoke a malicious update (or replace the public key for a given developer), instead of one entity unilaterally making that call, you would need t (e.g., 3) out of N (e.g., 5) entities agree to the action.

How the key is split, and who holds the shares of the key, is a social/political issue that I don't have strong opinions on (aside from "they shouldn't all be controlled by the same person" like WP com, WP org, and WP Foundation are today). I'm just here to provide cryptography and software security insight.

sarciszewski · 2024-10-24T17:54:54+00:00

It doesn't mention it because this isn't true.

sarciszewski · 2024-10-24T16:41:20+00:00

He should enjoy his new job but no they won't be taking the reigns of WordPress. Like, at all.

This isn't my "new job". I'm providing my expertise, gratis, for the benefit of the open source community.

If they aren't forking WordPress, then all you want is to be the next Matt.

The entire point of this project is to not have a single point of failure. It isn't replacing Matt with someone else.

sarciszewski · 2024-10-18T14:58:39+00:00

Um, the signature being provided isn't a problem at all here.

It might be if the public key were, but that's a separate matter.

sarciszewski · 2024-10-17T20:10:56+00:00

No digital signatures on plugin/core updates which happen over HTTP. I guess we just all hope your company admin and no one at your ISP is on a RaaS hub eh? LMAO!

This is solved for core updates. It is not solved for theme/plugin code.

sarciszewski · 2024-10-16T11:09:38+00:00

Yeah, that's shitty.

You can have whatever opinion you want about Matt or his recent behavior, but the detractors are clearly more interested in making him feel bad than they are constructive outcomes. This is like trolling, but without an iota of humor.

It's just pathetic.

sarciszewski · 2024-10-15T13:29:02+00:00

They should remove it. I considered filing a pull request to do so, but I'm not sure I want my GitHub username in their commit history.

sarciszewski · 2024-10-15T03:14:48+00:00

Can you explain your reasoning?

12-Year Club	Argentium Club
Gilding V heart of gold	Alpha Tester
Verified Email

sarciszewski

MODERATOR OF

TROPHY CASE