Abstract
We show how to realize two-factor authentication for a Bitcoin wallet. To do so, we explain how to employ an ECDSA adaption of the two-party signature protocol by MacKenzie and Reiter (2004) in the context of Bitcoin and present a prototypic implementation of a Bitcoin wallet that offers both: two-factor authentication and verification over a separate channel. Since we use a smart phone as the second authentication factor, our solution can be used with hardware already available to most users and the user experience is quite similar to the existing online banking authentication methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Accredited Standards Committee X9: ANSI X9.62, public key cryptography for the financial services industry: the elliptic curve digital signature standard (ECDSA). Technical report, American National Standards Institute, American Bankers Association (2005)
ANSSI: Mécanismes cryptographiques - Règles et recommandations concernant le choix et le dimensionnement des mécanismes cryptographiques, Rev. 2.03. Agence nationale de la sécurité des systèmes dinformation (2014). http://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf
Back, A.: Hashcash - a denial of service counter-measure. Technical report (2002). http://www.hashcash.org/papers/hashcash.pdf
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: NIST Special Publication 800–57 - Recommendation for Key Management - Part 1: General (Revision 3). National Institute of Standards and Technology (2012). http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
Ben-Or, M., Goldwasser, S., Widgerson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: STOC 1988: Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, pp. 1–10. ACM, New York (1988). ISBN 0-89791-264-0, http://dx.doi.org/10.1145/62212.62213
Bitpay Inc.: Copay: A secure Bitcoin wallet for friends and companies (2014). www.copay.io
Blum, M., Feldman, P., Micali, S.: Proving security against chosen cyphertext attacks. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 256–268. Springer, Heidelberg (1990)
Certicom Research: SEC 2: recommended elliptic curve domain parameters. Technical report, Certicom Corporation (2000)
Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990). http://dx.doi.org/10.1007/0-387-34799-2_25
Damgård, I.B., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002). http://dx.doi.org/10.1007/3-540-36178-2_8
Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997). http://dx.doi.org/10.1007/BFb0052225
von zur Gathen, J., Shparlinski, I.: Generating safe primes. J. Math. Cryptol. 7(4), 333–365 (2013). ISSN 1862–2984 (Online) 1862–2976 (Print)), http://dx.doi.org/10.1515/jmc-2013-5011
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996). http://dx.doi.org/10.1007/3-540-68339-9_31
Goldfeder, S., Bonneau, J., Felten, E.W., Kroll, J.A., Narayanan, A.: Securing Bitcoin wallets via threshold signatures (2014). http://www.cs.princeton.edu/~stevenag/bitcoin_threshold_signatures.pdf. Preprint
Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J.A., Felten, E.W., Narayanan, A.: Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme (2015). http://www.cs.princeton.edu/~stevenag/threshold_sigs.pdf. Preprint
Harn, L.: Group-oriented \((t, n)\) threshold digital signature scheme and digital multisignature. IEE Proc. Comput. Digital Techniques 141(5), 307–313 (1994). http://dx.doi.org/10.1049/ip-cdt:19941293
Hearn, M.: Update on mobile 2-factor wallets (2014). Bitcoin Mailing list at http://sourceforge.net, http://sourceforge.net/p/bitcoin/mailman/message/33017648/
Ibrahim, M.H., Ali, I.A., Ibrahim, I.I., El-sawi, A.H.: A robust threshold elliptic curve digital signature providing a new verifiable secret sharing scheme. In: MWCAS03, vol. 1, pp. 276–280. IEEE Computer Society, Cairo (2003). ISBN 0-7803-8294-3, ISSN 1548-3746, http://dx.doi.org/10.1109/MWSCAS.2003.1562272
Karatsuba, A., Ofman, Y.: Multiplication of multidigit numbers on automata. Sov. Phys. Doklady 7(7), 595–596 (1963). Translated from Doklady Akademii Nauk SSSR, vol. 145, No. 2, pp. 293–294, July 1962
Kim, S.H., Han, D., Lee, D.H.: Predictability of android openSSL’s pseudo random number generator. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 659–668. ACM, New York (2013). ISBN: 978-1-4503-2477-9, http://dx.doi.org/10.1145/2508859.2516706
Klyubin, A.: Some SecureRandom Thoughts (2013). http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html
Langford, S.K.: Threshold DSS signatures without a trusted party. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 397–409. Springer, Heidelberg (1995). http://dx.doi.org/10.1007/3-540-44750-4_32
Lipovsky, R.: New Hesperbot targets: Germany and Australia (2013). http://www.welivesecurity.com/2013/12/10/new-hesperbot-targets-germany-and-australia/
MacKenzie, P., Reiter, M.K.: Two-party generation of DSA signatures. Int. J. Inf. Secur. 2(3–4), 218–239 (2004). http://dx.doi.org/10.1007/s10207-004-0041-0
Christopher Mann (2014). A prototypic implementation of a two-factor Bitcoin wallet: Source code. GitHub. https://github.com/ChristopherMann/2FactorWallet
Mann, C.: Two-factor authentication for the Bitcoin protocol. Master thesis, Mathematisch-Naturwissenschaftliche Fakultät der Rheinischen Friedrich-Wilhelms-Universität Bonn (2015). https://github.com/ChristopherMann/2FactorWallet/raw/master/BitcoinTwoFactorAuth.pdf
Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System. Cryptography Mailing list at metzdowd.com, 9 pages (2008). https://bitcoin.org/bitcoin.pdf
NIST: Federal Information Processing Standards Publication 180–4 - Secure Hash Standard. National Institute of Standards and Technology (2012). http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
NIST: FIPS 186-4: digital signature standard (DSS).Technical report, Information Technology Laboratory, NationalInstitute of Standards and Technology (2013)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). http://dx.doi.org/10.1007/3-540-48910-X_16
Sancho, D., Hacquebord, F., Link, R.: Finding holes operation emmental. Technical report, Trend Micro Incorporated (2014). http://housecall.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-finding-holes-operation-emmental.pdf
Schönhage, A., Strassen, V.: Schnelle Multiplikation großer Zahlen. Computing 7, 281–292 (1971)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Wang, C.-H., Hwang, T.: (t+1, n) threshold and generalized DSS signatures without a trusted party. In: Proceedings of the 13th Annual Computer Security Applications Conference (ACSAC 1997), pp. 221–226. IEEE (1997). ISBN: 0-8186-8274-4, http://dx.doi.org/10.1109/CSAC.1997.646193
Wiener, M.J.: Safe prime generation with a combined sieve. Cryptology ePrint Archive 2003/186 (2003). http://eprint.iacr.org/2003/186
Wuille, P.: Dealing with malleability. Technical report, Bitcoin Project (2014). https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki
Acknowledgements
We would like to thank Michael Nüsken for various useful comments and Mike Hearn for greatly improving the performance of a first version of the prototype by suggesting a bouncy castle version with optimized arithmetic on the curve secp256k1. This work was funded by the B-IT foundation and the state of North Rhine-Westphalia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Mann, C., Loebenberger, D. (2015). Two-Factor Authentication for the Bitcoin Protocol. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-24858-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24857-8
Online ISBN: 978-3-319-24858-5
eBook Packages: Computer ScienceComputer Science (R0)