Minimizing Trust in Hardware Wallets with Two Factor Signatures

  • Antonio MarcedoneEmail author
  • Rafael Pass
  • Abhi Shelat
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)


We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature.

This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition).

We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.


  1. 1.
    Almansa, J.F., Damgård, I., Nielsen, J.B.: Simplified threshold RSA with adaptive and proactive security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 593–611. Springer, Heidelberg (2006). Scholar
  2. 2.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.-M.: A method for fast revocation of public key certificates and security capabilities. In: USENIX Security Symposium, p. 22 (2001)Google Scholar
  3. 3.
    Camenisch, J., Lehmann, A., Neven, G., Samelin, K.: Virtual smart cards: how to sign with a password and a server. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 353–371. Springer, Cham (2016). Scholar
  4. 4.
    Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990). Scholar
  5. 5.
    Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Secure two-party threshold ECDSA from ECDSA assumptions. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 595–612 (2018)Google Scholar
  6. 6.
    Gennaro, R., Goldfeder, S.: Fast multiparty threshold ECDSA with fast trustless setup. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1179–1194. ACM (2018)Google Scholar
  7. 7.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust and efficient sharing of RSA functions. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 157–172. Springer, Heidelberg (1996). Scholar
  8. 8.
    Goldfeder, S., et al.: Securing bitcoin wallets via a new DSA/ECDSA threshold signature scheme (2015)Google Scholar
  9. 9.
    Lindell, Y.: Fast secure two-party ECDSA signing. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 613–644. Springer, Cham (2017). Scholar
  10. 10.
    Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1837–1854. ACM (2018)Google Scholar
  11. 11.
    MacKenzie, P., Reiter, M.K.: Delegation of cryptographic servers for capture-resilient devices. Distrib. Comput. 16(4), 307–327 (2003)CrossRefGoogle Scholar
  12. 12.
    MacKenzie, P., Reiter, M.K.: Networked cryptographic devices resilient to capture. Int. J. Inf. Secur. 2(1), 1–20 (2003)CrossRefGoogle Scholar
  13. 13.
    Marcedone, A., Pass, R., Shelat, A.: Minimizing trust in hardware wallets with two factor signatures. Cryptology ePrint Archive, Report 2019/006 (2019)Google Scholar
  14. 14.
    Microchip. Atecc608a datasheet (2018)Google Scholar
  15. 15.
    Nicolosi, A., Krohn, M.N., Dodis, Y., Mazieres, D.: Proactive two-party signatures for user authentication. In: NDSS (2003)Google Scholar
  16. 16.
    Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998). Scholar
  17. 17.
    Sottek, T.C.: NSA reportedly intercepting laptops purchased online to install spy malware, December 2013. Accessed 29 Dec 2013

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  1. 1.Cornell TechNew YorkUSA
  2. 2.Northeastern UniversityBostonUSA

Personalised recommendations