Abstract
We show how to realize two-factor authentication for a Bitcoin wallet. To do so, we explain how to employ an ECDSA adaption of the two-party signature protocol by MacKenzie and Reiter (Int J Inf Secur 2(3–4):218–239, 2004. doi:10.1007/s10207-004-0041-0) in the context of Bitcoin and present a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification over a separate channel. Since we use a smart phone as the second authentication factor, our solution can be used with hardware already available to most users and the user experience is quite similar to the existing online banking authentication methods.
Similar content being viewed by others
References
ANSSI. Mécanismes cryptographiques–Règles et recommandations concernant le choix et le dimensionnement des mécanismes cryptographiques, Rev. 2.03. Agence nationale de la sécurité des systèmes d’information (2014). http://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: NIST Special Publication 800-57—Recommendation for Key Management-Part 1: General (Revision 3). National Institute of Standards and Technology (2012). http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
Bitpay Inc. Copay: A secure Bitcoin wallet for friends and companies (2014). www.copay.io
Blum, M., Feldman, P., Micali, S.: Proving security against chosen cyphertext attacks. In: Advances in Cryptology: Proceedings of CRYPTO 1988. Santa Barbara, CA, number 403 in Lecture Notes in Computer Science, pp. 256–268. Springer (1988)
Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel B (ed) Advances in Cryptology-EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pp. 431–444. Springer, Berlin, Heidelberg (2000). ISBN 978-3-540-67517-4 (Print) 978-3-540-45539-4 (Online). doi:10.1007/3-540-45539-6_31
Certicom Research. Sec 2: Recommended Elliptic Curve Domain Parameters. Technical report, Certicom Corporation (2000)
Chan, A., Frankel, Y., Tsiounis, Y.: Easy come-Easy go divisible cash. In: Nyberg K (ed) Advances in Cryptology—EUROCRYPT 98, volume 1403 of Lecture Notes in Computer Science, pp. 561–575. Springer, Berlin, Heidelberg (1998). ISBN 978-3-540-64518-4 (Print) 978-3-540-69795-4 (Online). doi: 10.1007/BFb0054154
Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with Hidden order. In: Zheng Y (eds) Advances in Cryptology—ASIACRYPT 2002, volume 2501 of Lecture Notes in Computer Science, pp. 125–142. Springer, Berlin, Heidelberg (2002). ISBN 978-3-540-00171-3 (Print) 978-3-540-36178-7 (Online). doi:10.1007/3-540-36178-2_8
Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim K (eds) Public Key Cryptography—PKC 2001, volume 1992 of Lecture Notes in Computer Science, pp. 119–136. Springer, Berlin, Heidelberg (2001). ISBN 978-3-540-41658-6 (Print) 978-3-540-44586-9 (Online). doi: 10.1007/3-540-44586-2_9
Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski J. B. S. (ed) Advances in Cryptology: Proceedings of CRYPTO 1997, Santa Barbara, CA, volume 1294 of Lecture Notes in Computer Science, pp. 16–30. Springer, Berlin, Heidelberg (1997). ISBN 3-540-63384-7. doi: 10.1007/BFb0052225
Goldfeder, S., Bonneau, J., Felten, E. W., Kroll, J. A., Narayanan, A.: Securing Bitcoin wallets via threshold signatures. preprint, March 2014. http://www.cs.princeton.edu/~stevenag/bitcoin_threshold_signatures.pdf
Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J. A. Felten, E. W., Narayanan, A.: Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme. preprint, March 2015. http://www.cs.princeton.edu/~stevenag/threshold_sigs.pdf
Hearn, M.: Update on mobile 2-factor wallets. Bitcoin Mailing list at http://sourceforge.net (2014). http://sourceforge.net/p/bitcoin/mailman/message/33017648/
Ibrahim, M., Ali, I., Ibrahim, I., El-sawi, A.: A robust threshold elliptic curve digital signature providing a new verifiable secret sharing scheme. In: IEEE Computer Society MWCAS03, pp. 276 – 280 Vol. 1. Cairo, Egypt, 27-30 December 2003. ISBN 0-7803-8294-3. doi: 10.1109/MWSCAS.2003.1562272
Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics–Doklady, 7(7), 595–596 (1963). translated from Doklady Akademii Nauk SSSR, 145(2), 293–294 July (1962)
Kim, S. H., Han, D., Lee, D. H.: Predictability of Android OpenSSL’s pseudo random number generator. In: Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security, pp. 659–668. New York, NY, USA (2013). ACM. ISBN 978-1-4503-2477-9. doi: 10.1145/2508859.2516706
Kunz-Jacques, S., Martinet, G., Poupard, G., Stern J.: Cryptanalysis of an efficient proof of knowledge of discrete logarithm. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T (eds.) Public Key Cryptography—PKC 2006, volume 3958 of Lecture Notes in Computer Science, pp. 27–43. Springer, Berlin, Heidelberg (2006). ISBN 978-3-540-33851-2 (Print) 978-3-540-33852-9 (Online). doi:10.1007/11745853_3
Lindell, Y.: Comparison-based key exchange and the security of the numeric comparison mode in Bluetooth v2.1. In: Fischlin M. (ed.) Topics in Cryptology—CT-RSA 2009, volume 5473 of Lecture Notes in Computer Science, pp. 66–83. Springer, Berlin, Heidelberg (2009). ISBN 978-3-642-00861-0 (Print) 978-3-642-00862-7 (Online). doi:10.1007/978-3-642-00862-7_5
Lipovsky, R.: New Hesperbot targets: Germany and Australia (2013). http://www.welivesecurity.com/2013/12/10/new-hesperbot-targets-germany-and-australia/
MacKenzie, P., Reiter, M. K.: Two-party generation of DSA signatures. Int. J. Inf. Secur. 2 (3-4), 218–239 (2004). doi: 10.1007/s10207-004-0041-0
Mann, C.: A prototypic implementation of a two-factor Bitcoin wallet: Source code. GitHub, November 2014. https://github.com/ChristopherMann/2FactorWallet
Mann, C., Loebenberger, D.: Two-factor authentication for the Bitcoin protocol. In: Foresti, S. (ed.) Security and Trust Management, volume 9331 of Lecture Notes in Computer Science, pp. 155–171. Springer, Berlin, Heidelberg (2015). ISBN 978-3-319-24857-8 (Print) 978-3-319-24858-5 (Online). doi: 10.1007/978-3-319-24858-5_10
Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System. Cryptography Mailing list at https://metzdowd.com, p. 9 (2008). https://bitcoin.org/bitcoin.pdf
NIST. Federal information processing standards publication 180-4—Secure Hash Standard. National Institute of Standards and Technology, March 2012. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf. Federal Information Processings Standards Publication 180-4
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) Advances in Cryptology: Proceedings of EUROCRYPT 1999, Prague, Czech Republic, volume 1592 of Lecture Notes in Computer Science, pp. 233–238. Springer, Berlin, Heidelberg (1999). ISBN 3-540-65889-0. doi: 10.1007/3-540-48910-X_16
Sancho, D., Hacquebord, F., Link, R.: Finding Holes Operation Emmental. Technical report, Trend Micro Incorporated (2014). http://housecall.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf
Schmidt, J.: Answer to “How to compute a generator of this cyclic quadratic residue group?” (2012). http://math.stackexchange.com/questions/167478
Schönhage, A., Strassen, V.: Schnelle Multiplikation großer Zahlen. Computing 7, 281–292 (1971)
von zur Gathen, J., Shparlinski, I.: Generating safe primes. J. Math. Cryptol. 7 (4), 333–365 (2013). ISSN 1862-2984 (Online) 1862-2976 (Print)). doi: 10.1515/jmc-2013-5011
Wiener, M. J.: Safe Prime Generation with a Combined Sieve. Cryptology ePrint Archive, 2003/186, May 2003. http://eprint.iacr.org/2003/186
Wuille, P.: BIP32 Hierarchical deterministic wallets (2014). https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
Ziegeldorf, J. H., Grossmann, F., Henze, M., Inden, N., Wehrle, K.: CoinParty: Secure Multi-Party Mixing of Bitcoins. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY ’15, pp. 75–86. New York, NY, USA, (2015). ACM. ISBN 978-1-4503-3191-3. doi:10.1145/2699026.2699100
Acknowledgments
We would like to thank Michael Nüsken for various useful comments and Mike Hearn for greatly improving the performance of a first version of the prototype by suggesting a bouncy castle version with optimized arithmetic on the curve secp256k1. Additionally, we thank the anonymous reviewers for their helpful remarks. This work was funded by the B-IT foundation and the state of North Rhine-Westphalia.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mann, C., Loebenberger, D. Two-factor authentication for the Bitcoin protocol. Int. J. Inf. Secur. 16, 213–226 (2017). https://doi.org/10.1007/s10207-016-0325-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-016-0325-1