[Bitcoin-development] Update on mobile 2-factor wallets
jgarzik at bitpay.com
Sat Nov 8 16:21:02 UTC 2014
Overall, super duper awesome. :) Tweeted this post.
I do have a concern about 2-of-2 arrangements. To me, this screams
"twice as fragile" if not done properly; and I've seen a few naive
implementations in the field that seemed quite fragile.
2FA/2-of-2 does solve the common problem of single device compromise.
It also makes funds unspendable if -either- device's keys become lost.
On Sat, Nov 8, 2014 at 5:04 PM, Mike Hearn <mike at plan99.net> wrote:
> Here is a summary of current developments in the space of decentralised
> 2-factor Bitcoin wallets. I figured some people here might find it
> There has been very nice progress in the last month or two. Decentralised
> 2FA wallets run on a desktop/laptop and have a (currently always Android)
> smartphone app to go with them. Compromise of the wallet requires compromise
> of both devices.
> Alon Muroch and Chris Pacia have made huge progress on "Bitcoin
> Authenticator", their (HD) wallet app. The desktop side runs on
> Win/Mac/Linux and the mobile side runs on Android. Sending money from the
> desktop triggers a push notification to the mobile side, which presents the
> transaction for confirmation. Additionally the desktop wallet has a variety
> of other features like OneName integration. It's currently in alpha, but I
> suspect it will be quite popular once released due to its focus on UI and
> the simple mobile security model. I've tried it out and it worked fine.
> https://github.com/cpacia/BitcoinAuthenticator/commits/master (mobile)
> https://github.com/negedzuregal/BitcoinAuthWallet (desktop)
> Bitcoin Authenticator uses P2SH/CHECKMULTISIG to provide the 2-factor
> functionality. However, this has various downsides that are well known:
> less support for the address type and larger transactions that waste block
> chain space + result in higher fees.
> To solve this problem Christopher Mann and Daniel Loebenberger from Uni Bonn
> have ported the efficient DSA 2-of-2 signing protocol by MacKenzie and
> Reiter to ECDSA, and implemented their own desktop/Android wallet app pair
> showing that it works and has good enough performance. This means that P2SH
> / CHECKMULTISIG is no longer required for the two factor auth case, and thus
> it's as cheap as using regular addresses.
> Their protocol uses an interesting combination of ECDSA, Paillier
> homomorphic encryption and some zero knowledge proofs to build a working
> solution for the 2-of-2 case only. Their app bootstraps from a QR code that
> includes a TLS public key and IP address of the desktop: the mobile app then
> connects to it directly, renders the transaction and performs the protocol
> when the user confirms. The protocol is online, so both devices must be
> physically present.
> Their code is liberally licensed and looks easy to integrate with Alon and
> Chris' more user focused work, as both projects are built with Android and
> the latest bitcoinj. If someone is interested, merging Christopher/Daniel's
> code into the bitcoinj multisig framework would be a useful project, and
> would make it easier for wallet devs to benefit from this work. I can write
> a design doc to follow if needed.
> Currently, neither of these projects implement support for BIP70, so the
> screen you see when signing the transaction is hardly user friendly or
> secure: you just have to trust that the destination address you're paying to
> isn't tampered with. Support for sending a full payment request between
> devices is the clear next step once these wallets have obtained a reasonable
> user base and are stable.
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/
More information about the bitcoin-dev