1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1Xn91U-00041F-5F
for bitcoin-development@lists.sourceforge.net;
Sat, 08 Nov 2014 16:38:00 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.215.42 as permitted sender)
client-ip=209.85.215.42; envelope-from=mh.in.england@gmail.com;
helo=mail-la0-f42.google.com;
Received: from mail-la0-f42.google.com ([209.85.215.42])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1Xn91S-0004JO-5G
for bitcoin-development@lists.sourceforge.net;
Sat, 08 Nov 2014 16:38:00 +0000
Received: by mail-la0-f42.google.com with SMTP id gq15so5906071lab.15
for <bitcoin-development@lists.sourceforge.net>;
Sat, 08 Nov 2014 08:37:51 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.112.157.194 with SMTP id wo2mr18299812lbb.55.1415464671727;
Sat, 08 Nov 2014 08:37:51 -0800 (PST)
Sender: mh.in.england@gmail.com
Received: by 10.25.91.147 with HTTP; Sat, 8 Nov 2014 08:37:51 -0800 (PST)
Received: by 10.25.91.147 with HTTP; Sat, 8 Nov 2014 08:37:51 -0800 (PST)
In-Reply-To: <CAJHLa0Or1RW0k+FP+hu-GTv+DdZZ=P=ptO1qr=qAHVMQok2w1Q@mail.gmail.com>
References: <CANEZrP3Pk3O3uFJtDkO9BfVogbaiWt1SmMrP02fRBpt3TtMrtg@mail.gmail.com>
<CAJHLa0Or1RW0k+FP+hu-GTv+DdZZ=P=ptO1qr=qAHVMQok2w1Q@mail.gmail.com>
Date: Sat, 8 Nov 2014 17:37:51 +0100
X-Google-Sender-Auth: Z0mSzYrh1lkImjeJ7x-8uaE_cVE
Message-ID: <CANEZrP3TDZWDSeEQe9jCGfOphkUMPyFpVbF-z_y1=09PVa4FkQ@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Jeff Garzik <jgarzik@bitpay.com>
Content-Type: multipart/alternative; boundary=001a11c33f5ef358ab05075b8c22
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
0.3 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
[URIs: bitpay.com]
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1Xn91S-0004JO-5G
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Update on mobile 2-factor wallets
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 08 Nov 2014 16:38:00 -0000
--001a11c33f5ef358ab05075b8c22
Content-Type: text/plain; charset=UTF-8
Yes. I think one of the next things we need is a library that produces nice
and attractive PDFs of "wallet certificates" so it's easy to print out a
paper backup.
But the whole field of secure key escrow needs more research. Banking gives
people the very nice property that you can lose literally everything except
your face and still retain access to your money, so people feel very safe
with that. Matching that experience doesn't seem possible at the moment, so
being your own bank will continue to seem much riskier than just using a
real one.
On 8 Nov 2014 17:21, "Jeff Garzik" <jgarzik@bitpay.com> wrote:
> Overall, super duper awesome. :) Tweeted this post.
>
> I do have a concern about 2-of-2 arrangements. To me, this screams
> "twice as fragile" if not done properly; and I've seen a few naive
> implementations in the field that seemed quite fragile.
>
> 2FA/2-of-2 does solve the common problem of single device compromise.
> It also makes funds unspendable if -either- device's keys become lost.
>
>
>
> On Sat, Nov 8, 2014 at 5:04 PM, Mike Hearn <mike@plan99.net> wrote:
> > Here is a summary of current developments in the space of decentralised
> > 2-factor Bitcoin wallets. I figured some people here might find it
> > interesting.
> >
> > There has been very nice progress in the last month or two. Decentralised
> > 2FA wallets run on a desktop/laptop and have a (currently always Android)
> > smartphone app to go with them. Compromise of the wallet requires
> compromise
> > of both devices.
> >
> > Alon Muroch and Chris Pacia have made huge progress on "Bitcoin
> > Authenticator", their (HD) wallet app. The desktop side runs on
> > Win/Mac/Linux and the mobile side runs on Android. Sending money from the
> > desktop triggers a push notification to the mobile side, which presents
> the
> > transaction for confirmation. Additionally the desktop wallet has a
> variety
> > of other features like OneName integration. It's currently in alpha, but
> I
> > suspect it will be quite popular once released due to its focus on UI and
> > the simple mobile security model. I've tried it out and it worked fine.
> >
> > https://www.bitcoinauthenticator.org/
> > https://github.com/cpacia/BitcoinAuthenticator/commits/master
> (mobile)
> > https://github.com/negedzuregal/BitcoinAuthWallet (desktop)
> >
> > Bitcoin Authenticator uses P2SH/CHECKMULTISIG to provide the 2-factor
> > functionality. However, this has various downsides that are well known:
> > less support for the address type and larger transactions that waste
> block
> > chain space + result in higher fees.
> >
> > To solve this problem Christopher Mann and Daniel Loebenberger from Uni
> Bonn
> > have ported the efficient DSA 2-of-2 signing protocol by MacKenzie and
> > Reiter to ECDSA, and implemented their own desktop/Android wallet app
> pair
> > showing that it works and has good enough performance. This means that
> P2SH
> > / CHECKMULTISIG is no longer required for the two factor auth case, and
> thus
> > it's as cheap as using regular addresses.
> >
> > https://github.com/ChristopherMann/2FactorWallet
> > https://eprint.iacr.org/2014/629.pdf
> >
> > Their protocol uses an interesting combination of ECDSA, Paillier
> > homomorphic encryption and some zero knowledge proofs to build a working
> > solution for the 2-of-2 case only. Their app bootstraps from a QR code
> that
> > includes a TLS public key and IP address of the desktop: the mobile app
> then
> > connects to it directly, renders the transaction and performs the
> protocol
> > when the user confirms. The protocol is online, so both devices must be
> > physically present.
> >
> > Their code is liberally licensed and looks easy to integrate with Alon
> and
> > Chris' more user focused work, as both projects are built with Android
> and
> > the latest bitcoinj. If someone is interested, merging
> Christopher/Daniel's
> > code into the bitcoinj multisig framework would be a useful project, and
> > would make it easier for wallet devs to benefit from this work. I can
> write
> > a design doc to follow if needed.
> >
> > Currently, neither of these projects implement support for BIP70, so the
> > screen you see when signing the transaction is hardly user friendly or
> > secure: you just have to trust that the destination address you're
> paying to
> > isn't tampered with. Support for sending a full payment request between
> > devices is the clear next step once these wallets have obtained a
> reasonable
> > user base and are stable.
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> >
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >
>
>
>
> --
> Jeff Garzik
> Bitcoin core developer and open source evangelist
> BitPay, Inc. https://bitpay.com/
>
--001a11c33f5ef358ab05075b8c22
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<p dir=3D"ltr">Yes. I think one of the next things we need is a library tha=
t produces nice and attractive PDFs of "wallet certificates" so i=
t's easy to print out a paper backup. </p>
<p dir=3D"ltr">But the whole field of secure key escrow needs more research=
. Banking gives people the very nice property that you can lose literally e=
verything except your face and still retain access to your money, so people=
feel very safe with that. Matching that experience doesn't seem possib=
le at the moment, so being your own bank will continue to seem much riskier=
than just using a real one.</p>
<div class=3D"gmail_quote">On 8 Nov 2014 17:21, "Jeff Garzik" <=
;<a href=3D"mailto:jgarzik@bitpay.com">jgarzik@bitpay.com</a>> wrote:<br=
type=3D"attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0=
0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Overall, super duper a=
wesome.=C2=A0 :)=C2=A0 Tweeted this post.<br>
<br>
I do have a concern about 2-of-2 arrangements.=C2=A0 To me, this screams<br=
>
"twice as fragile" if not done properly; and I've seen a few =
naive<br>
implementations in the field that seemed quite fragile.<br>
<br>
2FA/2-of-2 does solve the common problem of single device compromise.<br>
It also makes funds unspendable if -either- device's keys become lost.<=
br>
<br>
<br>
<br>
On Sat, Nov 8, 2014 at 5:04 PM, Mike Hearn <<a href=3D"mailto:mike@plan9=
9.net">mike@plan99.net</a>> wrote:<br>
> Here is a summary of current developments in the space of decentralise=
d<br>
> 2-factor Bitcoin wallets. I figured some people here might find it<br>
> interesting.<br>
><br>
> There has been very nice progress in the last month or two. Decentrali=
sed<br>
> 2FA wallets run on a desktop/laptop and have a (currently always Andro=
id)<br>
> smartphone app to go with them. Compromise of the wallet requires comp=
romise<br>
> of both devices.<br>
><br>
> Alon Muroch and Chris Pacia have made huge progress on "Bitcoin<b=
r>
> Authenticator", their (HD) wallet app. The desktop side runs on<b=
r>
> Win/Mac/Linux and the mobile side runs on Android. Sending money from =
the<br>
> desktop triggers a push notification to the mobile side, which present=
s the<br>
> transaction for confirmation. Additionally the desktop wallet has a va=
riety<br>
> of other features like OneName integration. It's currently in alph=
a, but I<br>
> suspect it will be quite popular once released due to its focus on UI =
and<br>
> the simple mobile security model. I've tried it out and it worked =
fine.<br>
><br>
> <a href=3D"https://www.bitcoinauthenticator.org/" target=3D"_blank">ht=
tps://www.bitcoinauthenticator.org/</a><br>
> <a href=3D"https://github.com/cpacia/BitcoinAuthenticator/commits/mast=
er" target=3D"_blank">https://github.com/cpacia/BitcoinAuthenticator/commit=
s/master</a>=C2=A0 =C2=A0 (mobile)<br>
> <a href=3D"https://github.com/negedzuregal/BitcoinAuthWallet" target=
=3D"_blank">https://github.com/negedzuregal/BitcoinAuthWallet</a>=C2=A0 =C2=
=A0(desktop)<br>
><br>
> Bitcoin Authenticator uses P2SH/CHECKMULTISIG to provide the 2-factor<=
br>
> functionality. However, this has various downsides that are well known=
:<br>
> less support for the address type and larger transactions that waste b=
lock<br>
> chain space + result in higher fees.<br>
><br>
> To solve this problem Christopher Mann and Daniel Loebenberger from Un=
i Bonn<br>
> have ported the efficient DSA 2-of-2 signing protocol by MacKenzie and=
<br>
> Reiter to ECDSA, and implemented their own desktop/Android wallet app =
pair<br>
> showing that it works and has good enough performance. This means that=
P2SH<br>
> / CHECKMULTISIG is no longer required for the two factor auth case, an=
d thus<br>
> it's as cheap as using regular addresses.<br>
><br>
> <a href=3D"https://github.com/ChristopherMann/2FactorWallet" target=3D=
"_blank">https://github.com/ChristopherMann/2FactorWallet</a><br>
> <a href=3D"https://eprint.iacr.org/2014/629.pdf" target=3D"_blank">htt=
ps://eprint.iacr.org/2014/629.pdf</a><br>
><br>
> Their protocol uses an interesting combination of ECDSA, Paillier<br>
> homomorphic encryption and some zero knowledge proofs to build a worki=
ng<br>
> solution for the 2-of-2 case only. Their app bootstraps from a QR code=
that<br>
> includes a TLS public key and IP address of the desktop: the mobile ap=
p then<br>
> connects to it directly, renders the transaction and performs the prot=
ocol<br>
> when the user confirms. The protocol is online, so both devices must b=
e<br>
> physically present.<br>
><br>
> Their code is liberally licensed and looks easy to integrate with Alon=
and<br>
> Chris' more user focused work, as both projects are built with And=
roid and<br>
> the latest bitcoinj. If someone is interested, merging Christopher/Dan=
iel's<br>
> code into the bitcoinj multisig framework would be a useful project, a=
nd<br>
> would make it easier for wallet devs to benefit from this work. I can =
write<br>
> a design doc to follow if needed.<br>
><br>
> Currently, neither of these projects implement support for BIP70, so t=
he<br>
> screen you see when signing the transaction is hardly user friendly or=
<br>
> secure: you just have to trust that the destination address you're=
paying to<br>
> isn't tampered with. Support for sending a full payment request be=
tween<br>
> devices is the clear next step once these wallets have obtained a reas=
onable<br>
> user base and are stable.<br>
><br>
><br>
><br>
> ----------------------------------------------------------------------=
--------<br>
><br>
> _______________________________________________<br>
> Bitcoin-development mailing list<br>
> <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-d=
evelopment@lists.sourceforge.net</a><br>
> <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo=
pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco=
in-development</a><br>
><br>
<br>
<br>
<br>
--<br>
Jeff Garzik<br>
Bitcoin core developer and open source evangelist<br>
BitPay, Inc.=C2=A0 =C2=A0 =C2=A0 <a href=3D"https://bitpay.com/" target=3D"=
_blank">https://bitpay.com/</a><br>
</blockquote></div>
--001a11c33f5ef358ab05075b8c22--
|
