International Journal of Information Security

, Volume 16, Issue 2, pp 213–226 | Cite as

Two-factor authentication for the Bitcoin protocol

Regular Contribution


We show how to realize two-factor authentication for a Bitcoin wallet. To do so, we explain how to employ an ECDSA adaption of the two-party signature protocol by MacKenzie and Reiter (Int J Inf Secur 2(3–4):218–239, 2004. doi: 10.1007/s10207-004-0041-0) in the context of Bitcoin and present a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification over a separate channel. Since we use a smart phone as the second authentication factor, our solution can be used with hardware already available to most users and the user experience is quite similar to the existing online banking authentication methods.


Bitcoin Two-party ECDSA Two-factor authentication Block chain 

CR Subject Classification

Security and privacy Digital signatures Mobile and wireless security 



We would like to thank Michael Nüsken for various useful comments and Mike Hearn for greatly improving the performance of a first version of the prototype by suggesting a bouncy castle version with optimized arithmetic on the curve secp256k1. Additionally, we thank the anonymous reviewers for their helpful remarks. This work was funded by the B-IT foundation and the state of North Rhine-Westphalia.


  1. 1.
    ANSSI. Mécanismes cryptographiques–Règles et recommandations concernant le choix et le dimensionnement des mécanismes cryptographiques, Rev. 2.03. Agence nationale de la sécurité des systèmes d’information (2014).
  2. 2.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: NIST Special Publication 800-57—Recommendation for Key Management-Part 1: General (Revision 3). National Institute of Standards and Technology (2012).
  3. 3.
    Bitpay Inc. Copay: A secure Bitcoin wallet for friends and companies (2014).
  4. 4.
    Blum, M., Feldman, P., Micali, S.: Proving security against chosen cyphertext attacks. In: Advances in Cryptology: Proceedings of CRYPTO 1988. Santa Barbara, CA, number 403 in Lecture Notes in Computer Science, pp. 256–268. Springer (1988)Google Scholar
  5. 5.
    Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel B (ed) Advances in Cryptology-EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pp. 431–444. Springer, Berlin, Heidelberg (2000). ISBN 978-3-540-67517-4 (Print) 978-3-540-45539-4 (Online). doi: 10.1007/3-540-45539-6_31
  6. 6.
    Certicom Research. Sec 2: Recommended Elliptic Curve Domain Parameters. Technical report, Certicom Corporation (2000)Google Scholar
  7. 7.
    Chan, A., Frankel, Y., Tsiounis, Y.: Easy come-Easy go divisible cash. In: Nyberg K (ed) Advances in Cryptology—EUROCRYPT 98, volume 1403 of Lecture Notes in Computer Science, pp. 561–575. Springer, Berlin, Heidelberg (1998). ISBN 978-3-540-64518-4 (Print) 978-3-540-69795-4 (Online). doi:  10.1007/BFb0054154
  8. 8.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with Hidden order. In: Zheng Y (eds) Advances in Cryptology—ASIACRYPT 2002, volume 2501 of Lecture Notes in Computer Science, pp. 125–142. Springer, Berlin, Heidelberg (2002). ISBN 978-3-540-00171-3 (Print) 978-3-540-36178-7 (Online). doi: 10.1007/3-540-36178-2_8
  9. 9.
    Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim K (eds) Public Key Cryptography—PKC 2001, volume 1992 of Lecture Notes in Computer Science, pp. 119–136. Springer, Berlin, Heidelberg (2001). ISBN 978-3-540-41658-6 (Print) 978-3-540-44586-9 (Online). doi:  10.1007/3-540-44586-2_9
  10. 10.
    Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski J. B. S. (ed) Advances in Cryptology: Proceedings of CRYPTO 1997, Santa Barbara, CA, volume 1294 of Lecture Notes in Computer Science, pp. 16–30. Springer, Berlin, Heidelberg (1997). ISBN 3-540-63384-7. doi:  10.1007/BFb0052225
  11. 11.
    Goldfeder, S., Bonneau, J., Felten, E. W., Kroll, J. A., Narayanan, A.: Securing Bitcoin wallets via threshold signatures. preprint, March 2014.
  12. 12.
    Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J. A. Felten, E. W., Narayanan, A.: Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme. preprint, March 2015.
  13. 13.
    Hearn, M.: Update on mobile 2-factor wallets. Bitcoin Mailing list at (2014).
  14. 14.
    Ibrahim, M., Ali, I., Ibrahim, I., El-sawi, A.: A robust threshold elliptic curve digital signature providing a new verifiable secret sharing scheme. In: IEEE Computer Society MWCAS03, pp. 276 – 280 Vol. 1. Cairo, Egypt, 27-30 December 2003. ISBN 0-7803-8294-3. doi:  10.1109/MWSCAS.2003.1562272
  15. 15.
    Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics–Doklady, 7(7), 595–596 (1963). translated from Doklady Akademii Nauk SSSR, 145(2), 293–294 July (1962)Google Scholar
  16. 16.
    Kim, S. H., Han, D., Lee, D. H.: Predictability of Android OpenSSL’s pseudo random number generator. In: Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security, pp. 659–668. New York, NY, USA (2013). ACM. ISBN 978-1-4503-2477-9. doi:  10.1145/2508859.2516706
  17. 17.
    Kunz-Jacques, S., Martinet, G., Poupard, G., Stern J.: Cryptanalysis of an efficient proof of knowledge of discrete logarithm. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T (eds.) Public Key Cryptography—PKC 2006, volume 3958 of Lecture Notes in Computer Science, pp. 27–43. Springer, Berlin, Heidelberg (2006). ISBN 978-3-540-33851-2 (Print) 978-3-540-33852-9 (Online). doi: 10.1007/11745853_3
  18. 18.
    Lindell, Y.: Comparison-based key exchange and the security of the numeric comparison mode in Bluetooth v2.1. In: Fischlin M. (ed.) Topics in Cryptology—CT-RSA 2009, volume 5473 of Lecture Notes in Computer Science, pp. 66–83. Springer, Berlin, Heidelberg (2009). ISBN 978-3-642-00861-0 (Print) 978-3-642-00862-7 (Online). doi: 10.1007/978-3-642-00862-7_5
  19. 19.
    Lipovsky, R.: New Hesperbot targets: Germany and Australia (2013).
  20. 20.
    MacKenzie, P., Reiter, M. K.: Two-party generation of DSA signatures. Int. J. Inf. Secur. 2 (3-4), 218–239 (2004). doi:  10.1007/s10207-004-0041-0
  21. 21.
    Mann, C.: A prototypic implementation of a two-factor Bitcoin wallet: Source code. GitHub, November 2014.
  22. 22.
    Mann, C., Loebenberger, D.: Two-factor authentication for the Bitcoin protocol. In: Foresti, S. (ed.) Security and Trust Management, volume 9331 of Lecture Notes in Computer Science, pp. 155–171. Springer, Berlin, Heidelberg (2015). ISBN 978-3-319-24857-8 (Print) 978-3-319-24858-5 (Online). doi:  10.1007/978-3-319-24858-5_10
  23. 23.
    Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System. Cryptography Mailing list at, p. 9 (2008).
  24. 24.
    NIST. Federal information processing standards publication 180-4—Secure Hash Standard. National Institute of Standards and Technology, March 2012. Federal Information Processings Standards Publication 180-4
  25. 25.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) Advances in Cryptology: Proceedings of EUROCRYPT 1999, Prague, Czech Republic, volume 1592 of Lecture Notes in Computer Science, pp. 233–238. Springer, Berlin, Heidelberg (1999). ISBN 3-540-65889-0. doi:  10.1007/3-540-48910-X_16
  26. 26.
    Sancho, D., Hacquebord, F., Link, R.: Finding Holes Operation Emmental. Technical report, Trend Micro Incorporated (2014).
  27. 27.
    Schmidt, J.: Answer to “How to compute a generator of this cyclic quadratic residue group?” (2012).
  28. 28.
    Schönhage, A., Strassen, V.: Schnelle Multiplikation großer Zahlen. Computing 7, 281–292 (1971)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    von zur Gathen, J., Shparlinski, I.: Generating safe primes. J. Math. Cryptol. 7 (4), 333–365 (2013). ISSN 1862-2984 (Online) 1862-2976 (Print)). doi:  10.1515/jmc-2013-5011
  30. 30.
    Wiener, M. J.: Safe Prime Generation with a Combined Sieve. Cryptology ePrint Archive, 2003/186, May 2003.
  31. 31.
    Wuille, P.: BIP32 Hierarchical deterministic wallets (2014).
  32. 32.
    Ziegeldorf, J. H., Grossmann, F., Henze, M., Inden, N., Wehrle, K.: CoinParty: Secure Multi-Party Mixing of Bitcoins. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY ’15, pp. 75–86. New York, NY, USA, (2015). ACM. ISBN 978-1-4503-3191-3. doi: 10.1145/2699026.2699100

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.B-ITUniversity of BonnBonnGermany

Personalised recommendations