Minimizing Trust in Hardware Wallets with Two Factor Signatures

Antonio Marcedone; Rafael Pass; Abhi Shelat

doi:10.1007/978-3-030-32101-7_25

Minimizing Trust in Hardware Wallets with Two Factor Signatures

Antonio Marcedone, Rafael Pass, Abhi Shelat

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.

Original language	English
Title of host publication	Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers
Editors	Ian Goldberg, Tyler Moore
Pages	407-425
Number of pages	19
DOIs	https://doi.org/10.1007/978-3-030-32101-7_25
State	Published - 2019
Externally published	Yes
Event	23rd International Conference on Financial Cryptography and Data Security, FC 2019 - St. Kitts, Saint Kitts and Nevis Duration: 18 Feb 2019 → 22 Feb 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11598 LNCS

Conference

Conference	23rd International Conference on Financial Cryptography and Data Security, FC 2019
Country/Territory	Saint Kitts and Nevis
City	St. Kitts
Period	18/02/19 → 22/02/19

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-32101-7_25

Cite this

Marcedone, A., Pass, R., & Shelat, A. (2019). Minimizing Trust in Hardware Wallets with Two Factor Signatures. In I. Goldberg, & T. Moore (Eds.), Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers (pp. 407-425). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11598 LNCS). https://doi.org/10.1007/978-3-030-32101-7_25

Marcedone, Antonio ; Pass, Rafael ; Shelat, Abhi. / Minimizing Trust in Hardware Wallets with Two Factor Signatures. Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers. editor / Ian Goldberg ; Tyler Moore. 2019. pp. 407-425 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{422fd32931a04e91b73aea3657e37b99,

title = "Minimizing Trust in Hardware Wallets with Two Factor Signatures",

abstract = "We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.",

author = "Antonio Marcedone and Rafael Pass and Abhi Shelat",

note = "Publisher Copyright: {\textcopyright} 2019, International Financial Cryptography Association.; 23rd International Conference on Financial Cryptography and Data Security, FC 2019 ; Conference date: 18-02-2019 Through 22-02-2019",

year = "2019",

doi = "10.1007/978-3-030-32101-7\_25",

language = "الإنجليزيّة",

isbn = "9783030321000",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "407--425",

editor = "Ian Goldberg and Tyler Moore",

booktitle = "Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers",

}

Marcedone, A, Pass, R & Shelat, A 2019, Minimizing Trust in Hardware Wallets with Two Factor Signatures. in I Goldberg & T Moore (eds), Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11598 LNCS, pp. 407-425, 23rd International Conference on Financial Cryptography and Data Security, FC 2019, St. Kitts, Saint Kitts and Nevis, 18/02/19. https://doi.org/10.1007/978-3-030-32101-7_25

Minimizing Trust in Hardware Wallets with Two Factor Signatures. / Marcedone, Antonio; Pass, Rafael; Shelat, Abhi.
Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers. ed. / Ian Goldberg; Tyler Moore. 2019. p. 407-425 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11598 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Minimizing Trust in Hardware Wallets with Two Factor Signatures

AU - Marcedone, Antonio

AU - Pass, Rafael

AU - Shelat, Abhi

PY - 2019

Y1 - 2019

N2 - We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.

AB - We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.

UR - http://www.scopus.com/inward/record.url?scp=85075569842&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-32101-7_25

DO - 10.1007/978-3-030-32101-7_25

M3 - منشور من مؤتمر

SN - 9783030321000

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 407

EP - 425

BT - Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers

A2 - Goldberg, Ian

A2 - Moore, Tyler

T2 - 23rd International Conference on Financial Cryptography and Data Security, FC 2019

Y2 - 18 February 2019 through 22 February 2019

ER -

Marcedone A, Pass R, Shelat A. Minimizing Trust in Hardware Wallets with Two Factor Signatures. In Goldberg I, Moore T, editors, Financial Cryptography and Data Security - 23rd International Conference, FC 2019, Revised Selected Papers. 2019. p. 407-425. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-32101-7_25

Minimizing Trust in Hardware Wallets with Two Factor Signatures

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this