Skip to content

Instantly share code, notes, and snippets.

@gavinandresen

gavinandresen/TwoFactorWallet.md

Last active September 2, 2023 13:18
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save gavinandresen/5616606 to your computer and use it in GitHub Desktop.
Save gavinandresen/5616606 to your computer and use it in GitHub Desktop.
Download ZIP
Yubikey/Google Authenticator protected Bitcoin Wallets
Raw
TwoFactorWallet.md

Thumbnail sketch: Two-factor (Yubikey or Google Authenticator) protected wallets

Hardware:

Computer. Shared-secret authenticator (Yubikey/Google Authenticator/etc). Server (possibly shared with millions of other users).

Motivating use case setup:

User creates a split (2-of-2 multisig) wallet on the computer and server. Keys must be securely backed up to protect against loss. GUI to be determined, but there will be some type of "Use Authenticator" checkbox specified at setup.

User also arranges for the server to know the shared secret with the shared-secret authenticator.

Motivating use case, usage:

Coins are sent into the wallet via P2SH 2-of-2 address(es).

On spend, user is prompted for authenticator one-time-password (OTP). One-time-password and half-signed transactions are sent to the server. If OTP is correct, second signature is created and payment is made immediately, with no further interaction required(*). If incorrect, no payment made (server should inform user of the invalid payment attempt via email/sms/carrier pigeon).

(*) server might offer to further validate high-value transactions via SMS or DNA sample submission or some other authentication method. And server might enforce rules to limit BTC sent per 24-hours or have other protections.

Attacks:

  1. Attacker steals computer / private keys, but does not have authenticator device and does not compromise server. Coins are safe.
  2. Attacker compromises my computer, installs malware (e.g. keylogger, or replaces client binary). Use of OTP authenticator limits loss of coins to whatever mitigation policy is in place on the server.
  3. Attacker compromises server. Coins are safe.
  4. Attacker compromises computer and server. Coins are lost, because both keys are compromised.
  5. Man-in-the-middle between computer and server. Coins are safe, attacker may DoS (prevent spending).
@scryb3
Copy link

scryb3 commented Aug 5, 2013

Agreed, the whole Server and OTP infrastructure are added complexity. The second "factor" of authentication is the second private key, the OTP is just used to authorize a third party to use it with a shorter challenge/response.

ANY use of 2-of-2 (or 2-of-3, etc) can be considered "2-factor" and exposes the core challenge of securely creating, transmitting, storing and accessing these keys. What is really needed is a secure handshake for the 2 devices (whether mobile, desktop, or server based) right?

I've been wondering whether the BIP32 HD Wallet might be of use here? Using 2 (or more) keys with a common parent (or grandparent?) would make generating the m-of-n address easy, but would it be easy to secure?

@mquandalle
Copy link

Bitcoin Authenticator - 2FA for wallets: https://www.youtube.com/watch?v=-EKgFktOoWY

@starwalkerz
Copy link

Could something like Cinder provide storage for the keys? StorjX is a coin that tries to do something similar. https://wiki.openstack.org/wiki/Cinder

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment