Skip to main content
SpringerLink
Log in

Two-factor authentication for the Bitcoin protocol

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

We show how to realize two-factor authentication for a Bitcoin wallet. To do so, we explain how to employ an ECDSA adaption of the two-party signature protocol by MacKenzie and Reiter (Int J Inf Secur 2(3–4):218–239, 2004. doi:10.1007/s10207-004-0041-0) in the context of Bitcoin and present a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification over a separate channel. Since we use a smart phone as the second authentication factor, our solution can be used with hardware already available to most users and the user experience is quite similar to the existing online banking authentication methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. ANSSI. Mécanismes cryptographiques–Règles et recommandations concernant le choix et le dimensionnement des mécanismes cryptographiques, Rev. 2.03. Agence nationale de la sécurité des systèmes d’information (2014). http://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf

  2. Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: NIST Special Publication 800-57—Recommendation for Key Management-Part 1: General (Revision 3). National Institute of Standards and Technology (2012). http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf

  3. Bitpay Inc. Copay: A secure Bitcoin wallet for friends and companies (2014). www.copay.io

  4. Blum, M., Feldman, P., Micali, S.: Proving security against chosen cyphertext attacks. In: Advances in Cryptology: Proceedings of CRYPTO 1988. Santa Barbara, CA, number 403 in Lecture Notes in Computer Science, pp. 256–268. Springer (1988)

  5. Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel B (ed) Advances in Cryptology-EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pp. 431–444. Springer, Berlin, Heidelberg (2000). ISBN 978-3-540-67517-4 (Print) 978-3-540-45539-4 (Online). doi:10.1007/3-540-45539-6_31

  6. Certicom Research. Sec 2: Recommended Elliptic Curve Domain Parameters. Technical report, Certicom Corporation (2000)

  7. Chan, A., Frankel, Y., Tsiounis, Y.: Easy come-Easy go divisible cash. In: Nyberg K (ed) Advances in Cryptology—EUROCRYPT 98, volume 1403 of Lecture Notes in Computer Science, pp. 561–575. Springer, Berlin, Heidelberg (1998). ISBN 978-3-540-64518-4 (Print) 978-3-540-69795-4 (Online). doi: 10.1007/BFb0054154

  8. Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with Hidden order. In: Zheng Y (eds) Advances in Cryptology—ASIACRYPT 2002, volume 2501 of Lecture Notes in Computer Science, pp. 125–142. Springer, Berlin, Heidelberg (2002). ISBN 978-3-540-00171-3 (Print) 978-3-540-36178-7 (Online). doi:10.1007/3-540-36178-2_8

  9. Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Kim K (eds) Public Key Cryptography—PKC 2001, volume 1992 of Lecture Notes in Computer Science, pp. 119–136. Springer, Berlin, Heidelberg (2001). ISBN 978-3-540-41658-6 (Print) 978-3-540-44586-9 (Online). doi: 10.1007/3-540-44586-2_9

  10. Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski J. B. S. (ed) Advances in Cryptology: Proceedings of CRYPTO 1997, Santa Barbara, CA, volume 1294 of Lecture Notes in Computer Science, pp. 16–30. Springer, Berlin, Heidelberg (1997). ISBN 3-540-63384-7. doi: 10.1007/BFb0052225

  11. Goldfeder, S., Bonneau, J., Felten, E. W., Kroll, J. A., Narayanan, A.: Securing Bitcoin wallets via threshold signatures. preprint, March 2014. http://www.cs.princeton.edu/~stevenag/bitcoin_threshold_signatures.pdf

  12. Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J. A. Felten, E. W., Narayanan, A.: Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme. preprint, March 2015. http://www.cs.princeton.edu/~stevenag/threshold_sigs.pdf

  13. Hearn, M.: Update on mobile 2-factor wallets. Bitcoin Mailing list at http://sourceforge.net (2014). http://sourceforge.net/p/bitcoin/mailman/message/33017648/

  14. Ibrahim, M., Ali, I., Ibrahim, I., El-sawi, A.: A robust threshold elliptic curve digital signature providing a new verifiable secret sharing scheme. In: IEEE Computer Society MWCAS03, pp. 276 – 280 Vol. 1. Cairo, Egypt, 27-30 December 2003. ISBN 0-7803-8294-3. doi: 10.1109/MWSCAS.2003.1562272

  15. Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Soviet Physics–Doklady, 7(7), 595–596 (1963). translated from Doklady Akademii Nauk SSSR, 145(2), 293–294 July (1962)

  16. Kim, S. H., Han, D., Lee, D. H.: Predictability of Android OpenSSL’s pseudo random number generator. In: Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security, pp. 659–668. New York, NY, USA (2013). ACM. ISBN 978-1-4503-2477-9. doi: 10.1145/2508859.2516706

  17. Kunz-Jacques, S., Martinet, G., Poupard, G., Stern J.: Cryptanalysis of an efficient proof of knowledge of discrete logarithm. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T (eds.) Public Key Cryptography—PKC 2006, volume 3958 of Lecture Notes in Computer Science, pp. 27–43. Springer, Berlin, Heidelberg (2006). ISBN 978-3-540-33851-2 (Print) 978-3-540-33852-9 (Online). doi:10.1007/11745853_3

  18. Lindell, Y.: Comparison-based key exchange and the security of the numeric comparison mode in Bluetooth v2.1. In: Fischlin M. (ed.) Topics in Cryptology—CT-RSA 2009, volume 5473 of Lecture Notes in Computer Science, pp. 66–83. Springer, Berlin, Heidelberg (2009). ISBN 978-3-642-00861-0 (Print) 978-3-642-00862-7 (Online). doi:10.1007/978-3-642-00862-7_5

  19. Lipovsky, R.: New Hesperbot targets: Germany and Australia (2013). http://www.welivesecurity.com/2013/12/10/new-hesperbot-targets-germany-and-australia/

  20. MacKenzie, P., Reiter, M. K.: Two-party generation of DSA signatures. Int. J. Inf. Secur. 2 (3-4), 218–239 (2004). doi: 10.1007/s10207-004-0041-0

  21. Mann, C.: A prototypic implementation of a two-factor Bitcoin wallet: Source code. GitHub, November 2014. https://github.com/ChristopherMann/2FactorWallet

  22. Mann, C., Loebenberger, D.: Two-factor authentication for the Bitcoin protocol. In: Foresti, S. (ed.) Security and Trust Management, volume 9331 of Lecture Notes in Computer Science, pp. 155–171. Springer, Berlin, Heidelberg (2015). ISBN 978-3-319-24857-8 (Print) 978-3-319-24858-5 (Online). doi: 10.1007/978-3-319-24858-5_10

  23. Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System. Cryptography Mailing list at https://metzdowd.com, p. 9 (2008). https://bitcoin.org/bitcoin.pdf

  24. NIST. Federal information processing standards publication 180-4—Secure Hash Standard. National Institute of Standards and Technology, March 2012. http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf. Federal Information Processings Standards Publication 180-4

  25. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) Advances in Cryptology: Proceedings of EUROCRYPT 1999, Prague, Czech Republic, volume 1592 of Lecture Notes in Computer Science, pp. 233–238. Springer, Berlin, Heidelberg (1999). ISBN 3-540-65889-0. doi: 10.1007/3-540-48910-X_16

  26. Sancho, D., Hacquebord, F., Link, R.: Finding Holes Operation Emmental. Technical report, Trend Micro Incorporated (2014). http://housecall.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf

  27. Schmidt, J.: Answer to “How to compute a generator of this cyclic quadratic residue group?” (2012). http://math.stackexchange.com/questions/167478

  28. Schönhage, A., Strassen, V.: Schnelle Multiplikation großer Zahlen. Computing 7, 281–292 (1971)

    Article  MathSciNet  MATH  Google Scholar 

  29. von zur Gathen, J., Shparlinski, I.: Generating safe primes. J. Math. Cryptol. 7 (4), 333–365 (2013). ISSN 1862-2984 (Online) 1862-2976 (Print)). doi: 10.1515/jmc-2013-5011

  30. Wiener, M. J.: Safe Prime Generation with a Combined Sieve. Cryptology ePrint Archive, 2003/186, May 2003. http://eprint.iacr.org/2003/186

  31. Wuille, P.: BIP32 Hierarchical deterministic wallets (2014). https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

  32. Ziegeldorf, J. H., Grossmann, F., Henze, M., Inden, N., Wehrle, K.: CoinParty: Secure Multi-Party Mixing of Bitcoins. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY ’15, pp. 75–86. New York, NY, USA, (2015). ACM. ISBN 978-1-4503-3191-3. doi:10.1145/2699026.2699100

Download references

Acknowledgments

We would like to thank Michael Nüsken for various useful comments and Mike Hearn for greatly improving the performance of a first version of the prototype by suggesting a bouncy castle version with optimized arithmetic on the curve secp256k1. Additionally, we thank the anonymous reviewers for their helpful remarks. This work was funded by the B-IT foundation and the state of North Rhine-Westphalia.

Author information

Authors and Affiliations

  1. B-IT, University of Bonn, Bonn, Germany

    Christopher Mann & Daniel Loebenberger

Authors
  1. Christopher Mann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Loebenberger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Loebenberger.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mann, C., Loebenberger, D. Two-factor authentication for the Bitcoin protocol. Int. J. Inf. Secur. 16, 213–226 (2017). https://doi.org/10.1007/s10207-016-0325-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-016-0325-1

Keywords

CR Subject Classification

Search

Navigation