Minimizing Trust in Hardware Wallets with Two Factor Signatures

Cryptology ePrint Archive: Report 2019/006
Date: 2019-01-02
Author(s): Antonio Marcedone, Rafael Pass, abhi shelat

Link to Paper

We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.

[1] Jes´us F Almansa, Ivan Damg˚ard, and Jesper Buus Nielsen. Simplified threshold RSA with adaptive and proactive security. In Eurocrypt, volume 4004, pages 593–611. Springer, 2006.
[2] Dan Boneh, Xuhua Ding, Gene Tsudik, and Chi-Ming Wong. A method for fast revocation of public key certificates and security capabilities. In USENIX Security Symposium, pages 22–22, 2001.
[3] Jan Camenisch, Anja Lehmann, Gregory Neven, and Kai Samelin. Virtual smart cards: how to sign with a password and a server, 2016.
[4] Yvo Desmedt and Yair Frankel. Threshold cryptosystems. In Advances in Cryptology – CRYPTO 1989, pages 307–315. Springer, 1990.
[5] J. Doerner, Y. Kondi, E. Lee, and a. shelat. Secure two-party threshold ECDSA from ECDSA assumptions. In 2018 IEEE Symposium on Security and Privacy (SP), pages 595–612, 2018.
[6] Rosario Gennaro and Steven Goldfeder. Fast multiparty threshold ecdsa with fast trustless setup. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1179–1194. ACM, 2018.
[7] Rosario Gennaro, Stanis law Jarecki, Hugo Krawczyk, and Tal Rabin. Robust and efficient sharing of RSA functions. In Advances in Cryptology – CRYPTO 1996, pages 157–172. Springer, 1996.
[8] Steven Goldfeder, Rosario Gennaro, Harry Kalodner, Joseph Bonneau, Joshua A Kroll, Edward W Felten, and Arvind Narayanan. Securing bitcoin wallets via a new DSA/ECDSA threshold signature scheme, 2015.
[9] Yehuda Lindell. Fast secure two-party ECDSA signing. In Advances in Cryptology – CRYPTO 2017, pages 613–644. Springer, 2017.
[10] Yehuda Lindell and Ariel Nof. Fast secure multiparty ecdsa with practical distributed key generation and applications to cryptocurrency custody. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1837–1854. ACM, 2018.
[11] Philip MacKenzie and Michael K Reiter. Delegation of cryptographic servers for capture-resilient devices. Distributed Computing, 16(4):307–327, 2003.
[12] Philip MacKenzie and Michael K Reiter. Networked cryptographic devices resilient to capture. International Journal of Information Security, 2(1):1–20, 2003.
[13] Antonio Marcedone, Rafael Pass, and abhi shelat. Minimizing trust in hardware wallets with two factor signatures. Cryptology ePrint Archive, Report 2018/???, 2018.
[14] Microchip. Atecc608a datasheet, 2018.
[15] Antonio Nicolosi, Maxwell N Krohn, Yevgeniy Dodis, and David Mazieres. Proactive two-party signatures for user authentication. In NDSS, 2003.
[16] Marek Palatinus, Pavol Rusnak, Aaron Voisine, and Sean Bowe. Mnemonic code for generating deterministic keys (bip39).
[17] Tal Rabin. A simplified approach to threshold and proactive RSA. In Advances in Cryptology – CRYPTO 1998, pages 89–104. Springer, 1998.
[18] T.C. Sottek. Nsa reportedly intercepting laptops purchased online to install spy malware, December 2013. [Online; posted 29-December-2013;].
submitted by dj-gutz to myrXiv [link] [comments]

Create a Free BitCoin Web Wallet Trustless Scalable Smart Contracts – Edward Felten Edward W. Felten, 'TMI: Information, Identity, and Privacy' Bitcoin Wallet Electrum - How to Store your Bitcoin ECE Distinguished Lecture Series - Edward Felten - YouTube

Edward W. Felten Princeton University [email protected] Arvind Narayanan Princeton University [email protected] Abstract The Bitcoin ecosystem has suffered frequent thefts and losses affecting both businesses and individuals. Due to the irreversibility, automation, and pseudonymity of transactions, Bitcoin currently lacks support for the so-phisticated internal control systems ... Bitcoin and Cryptocurrency Technologies provides a comprehensive introduction to the revolutionary yet often misunderstood new technologies of digital currency. Whether you are a student, software developer, tech entrepreneur, or researcher in computer science, this authoritative and self-contained book tells you everything you need to know about the new global money for the Internet age. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder. Princeton University Press, 2016. Runner up for the 2017 PROSE Award in Computing and Information Sciences, Association of American Publishers. By Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder References • Main reference: Bitcoin and Cryptocurrency Technologies, By Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder • Chapters: 1,2,3 (no 3.6), 4, 5.1 • Textbook can be freely downloaded from the web • Slides are mainly taken (or adapted) from the book and from ... Bitcoin and cryptocurrency technologies. Author: Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder with a preface by Jeremy Clark. Bitcoin and Cryptocurrency Technologies gives a thorough prologue to the progressive yet regularly misjudged new advancements of computerized cash. Regardless of whether you are an ...

[index] [1545] [2762] [22862] [45324] [50739] [13485] [4329] [27698] [47645] [48148]

Create a Free BitCoin Web Wallet

The title of Edward Felten's talk was "Toward Scalable, Sustainable Cryptocurrencies". He spoke about cryptocurrencies and the ability to transfer currency a... e bitcoin wallet e bitcoin cash e bitcoin kurs e bitcoin euro bitcoin e.g. crossword clue bitcoin e wallet login bitcoin e wallet app bitcoin e commerce bitcoin e wallet malaysia bitcoin e ... This is not necessarily the wallet I would recommend, I'm just showing you one of the alternatives and how it works in order to teach some basic beginner concepts of BitCoins. In the next video, I ... How to Trace a Bitcoin Transaction using any bitcoin wallet * A lot of people are scared of sending bitcoin or making Bitcoin transaction using any bitcoin wallet address. Edward Snowden: How Your Cell Phone Spies on You - Duration: 24:16. JRE Clips Recommended for you. 24:16 . Yogis Of Tibet - Documentary - The Truth in The Dharma - Duration: 1:16:37. iteru Re ...