summaryrefslogtreecommitdiff
path: root/75/8d7c8f97fe34569e41683c3cd426bba66e30d7
blob: 2e5813dec94caea02f55396cd5b8e63c4b909058 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1Xn8VU-0002kX-Gx
	for bitcoin-development@lists.sourceforge.net;
	Sat, 08 Nov 2014 16:04:56 +0000
Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.215.44 as permitted sender)
	client-ip=209.85.215.44; envelope-from=mh.in.england@gmail.com;
	helo=mail-la0-f44.google.com; 
Received: from mail-la0-f44.google.com ([209.85.215.44])
	by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1Xn8VS-0005ly-My
	for bitcoin-development@lists.sourceforge.net;
	Sat, 08 Nov 2014 16:04:56 +0000
Received: by mail-la0-f44.google.com with SMTP id gf13so5915087lab.17
	for <bitcoin-development@lists.sourceforge.net>;
	Sat, 08 Nov 2014 08:04:48 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.152.27.2 with SMTP id p2mr8889956lag.19.1415462688141; Sat,
	08 Nov 2014 08:04:48 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.25.91.147 with HTTP; Sat, 8 Nov 2014 08:04:48 -0800 (PST)
Date: Sat, 8 Nov 2014 17:04:48 +0100
X-Google-Sender-Auth: gwxf4-CtttqyGRttR6QB3h0l5oU
Message-ID: <CANEZrP3Pk3O3uFJtDkO9BfVogbaiWt1SmMrP02fRBpt3TtMrtg@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=089e0158c200b838d005075b16d2
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.3 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
	[URIs: github.com]
	1.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Xn8VS-0005ly-My
Subject: [Bitcoin-development] Update on mobile 2-factor wallets
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 08 Nov 2014 16:04:56 -0000

--089e0158c200b838d005075b16d2
Content-Type: text/plain; charset=UTF-8

Here is a summary of current developments in the space of decentralised
2-factor Bitcoin wallets. I figured some people here might find it
interesting.

There has been very nice progress in the last month or two. Decentralised
2FA wallets run on a desktop/laptop and have a (currently always Android)
smartphone app to go with them. Compromise of the wallet requires
compromise of both devices.

Alon Muroch and Chris Pacia have made huge progress on "Bitcoin
Authenticator", their (HD) wallet app. The desktop side runs on
Win/Mac/Linux and the mobile side runs on Android. Sending money from the
desktop triggers a push notification to the mobile side, which presents the
transaction for confirmation. Additionally the desktop wallet has a variety
of other features like OneName integration. It's currently in alpha, but I
suspect it will be quite popular once released due to its focus on UI and
the simple mobile security model. I've tried it out and it worked fine.

https://www.bitcoinauthenticator.org/
https://github.com/cpacia/BitcoinAuthenticator/commits/master    (mobile)
https://github.com/negedzuregal/BitcoinAuthWallet   (desktop)

Bitcoin Authenticator uses P2SH/CHECKMULTISIG to provide the 2-factor
functionality. However, this has various downsides that are well known:
 less support for the address type and larger transactions that waste block
chain space + result in higher fees.

To solve this problem Christopher Mann and Daniel Loebenberger from Uni
Bonn have ported the efficient DSA 2-of-2 signing protocol by MacKenzie and
Reiter to ECDSA, and implemented their own desktop/Android wallet app pair
showing that it works and has good enough performance. This means that P2SH
/ CHECKMULTISIG is no longer required for the two factor auth case, and
thus it's as cheap as using regular addresses.

https://github.com/ChristopherMann/2FactorWallet
https://eprint.iacr.org/2014/629.pdf

Their protocol uses an interesting combination of ECDSA, Paillier
homomorphic encryption and some zero knowledge proofs to build a working
solution for the 2-of-2 case only. Their app bootstraps from a QR code that
includes a TLS public key and IP address of the desktop: the mobile app
then connects to it directly, renders the transaction and performs the
protocol when the user confirms. The protocol is online, so both devices
must be physically present.

Their code is liberally licensed and looks easy to integrate with Alon and
Chris' more user focused work, as both projects are built with Android and
the latest bitcoinj. If someone is interested, merging Christopher/Daniel's
code into the bitcoinj multisig framework would be a useful project, and
would make it easier for wallet devs to benefit from this work. I can write
a design doc to follow if needed.

Currently, neither of these projects implement support for BIP70, so the
screen you see when signing the transaction is hardly user friendly or
secure: you just have to trust that the destination address you're paying
to isn't tampered with. Support for sending a full payment request between
devices is the clear next step once these wallets have obtained a
reasonable user base and are stable.

--089e0158c200b838d005075b16d2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Here is a summary of current developments in the space of =
decentralised 2-factor Bitcoin wallets. I figured some people here might fi=
nd it interesting.<div><br></div><div>There has been very nice progress in =
the last month or two. Decentralised 2FA wallets run on a desktop/laptop an=
d have a (currently always Android) smartphone app to go with them. Comprom=
ise of the wallet requires compromise of both devices.<div><br></div><div>A=
lon Muroch and Chris Pacia have made huge progress on &quot;Bitcoin Authent=
icator&quot;, their (HD) wallet app. The desktop side runs on Win/Mac/Linux=
 and the mobile side runs on Android. Sending money from the desktop trigge=
rs a push notification to the mobile side, which presents the transaction f=
or confirmation. Additionally the desktop wallet has a variety of other fea=
tures like OneName integration. It&#39;s currently in alpha, but I suspect =
it will be quite popular once released due to its focus on UI and the simpl=
e mobile security model. I&#39;ve tried it out and it worked fine.</div><di=
v><br></div><div><a href=3D"https://www.bitcoinauthenticator.org/">https://=
www.bitcoinauthenticator.org/</a></div><div><a href=3D"https://github.com/c=
pacia/BitcoinAuthenticator/commits/master">https://github.com/cpacia/Bitcoi=
nAuthenticator/commits/master</a> =C2=A0 =C2=A0(mobile)<br></div><div><a hr=
ef=3D"https://github.com/negedzuregal/BitcoinAuthWallet">https://github.com=
/negedzuregal/BitcoinAuthWallet</a> =C2=A0 (desktop)<br></div><div><br></di=
v><div>Bitcoin Authenticator uses P2SH/CHECKMULTISIG to provide the 2-facto=
r functionality. However, this has various downsides that are well known: =
=C2=A0less support for the address type and larger transactions that waste =
block chain space + result in higher fees.</div><div><br></div><div>To solv=
e this problem Christopher Mann and Daniel Loebenberger from Uni Bonn have =
ported the efficient DSA 2-of-2 signing protocol by MacKenzie and Reiter to=
 ECDSA, and implemented their own desktop/Android wallet app pair showing t=
hat it works and has good enough performance. This means that P2SH / CHECKM=
ULTISIG is no longer required for the two factor auth case, and thus it&#39=
;s as cheap as using regular addresses.</div><div><br></div><div><a href=3D=
"https://github.com/ChristopherMann/2FactorWallet">https://github.com/Chris=
topherMann/2FactorWallet</a><br></div></div><div><a href=3D"https://eprint.=
iacr.org/2014/629.pdf">https://eprint.iacr.org/2014/629.pdf</a><br></div><d=
iv><br></div><div>Their protocol uses an interesting combination of ECDSA, =
Paillier homomorphic encryption and some zero knowledge proofs to build a w=
orking solution for the 2-of-2 case only. Their app bootstraps from a QR co=
de that includes a TLS public key and IP address of the desktop: the mobile=
 app then connects to it directly, renders the transaction and performs the=
 protocol when the user confirms. The protocol is online, so both devices m=
ust be physically present.</div><div><br></div><div>Their code is liberally=
 licensed and looks easy to integrate with Alon and Chris&#39; more user fo=
cused work, as both projects are built with Android and the latest bitcoinj=
. If someone is interested, merging Christopher/Daniel&#39;s code into the =
bitcoinj multisig framework would be a useful project, and would make it ea=
sier for wallet devs to benefit from this work. I can write a design doc to=
 follow if needed.</div><div><br></div><div>Currently, neither of these pro=
jects implement support for BIP70, so the screen you see when signing the t=
ransaction is hardly user friendly or secure: you just have to trust that t=
he destination address you&#39;re paying to isn&#39;t tampered with. Suppor=
t for sending a full payment request between devices is the clear next step=
 once these wallets have obtained a reasonable user base and are stable.</d=
iv><div><br></div><div><br></div></div>

--089e0158c200b838d005075b16d2--