Threshold Signatures: The New Standard for Wallet Security?
A group of researchers from Princeton University, Stanford University and the City University of New York, have announced a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets.
Threshold signatures can be thought of as “stealth multi-signatures.” The new Bitcoin security scheme is detailed in a research paper titled “Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme.”
The announcement follows three previous posts by Steven Goldfeder on the Freedom to Tinker blog, hosted by Princeton’s Center for Information Technology Policy, a research center that studies digital technologies in public life. Goldfeder is a second-year doctoral student in the Department of Computer Science at Princeton, interested in cryptography, security, privacy and decentralized digital currencies.
Bitcoin wallets often are attacked by increasingly sophisticated cyber thieves. Coupled with the irreversibility of bitcoin transactions, that poses important security problems that decrease user confidence in Bitcoin and could prevent the digital currency from going mainstream if no robust and simple solution is found.
The researchers note that the Bitcoin ecosystem needs a breakthrough in security.
Banks use two or multi-factor authentication schemes: the user’s password – which may have been compromised by hackers – isn’t enough to initiate a transaction, but the user must provide at least one more authentication, often by replying to an email or using a smartphone authentication app or equivalent stand-alone device. Today, reputable Bitcoin services such as Circle and Bitstamp use two-factor authentication to provide security, but users must say goodbye to anonymity and provide proof of identity.
Even more secure three-factor authentication methods that include biometrics are emerging.
DIY-minded and privacy-conscious Bitcoin users can run their own wallet and “be their own bank,” but running a wallet has proved to be too much of a security risk. As soon as hackers gain access to the wallet, they can instantly and irreversibly take the money and run.
Cold storage – keeping the main bitcoin wallet on a device that is not connected to the Internet, and moving only the funds needed for daily expenses to online storage – often is seen as too much of a hassle.
Therefore, most security-conscious bitcoin users rely on external services, at the cost of compromising their anonymity and the “DIY spirit” of Bitcoin.
Multi-signature (multisig) wallets offer a solution. A multisig transaction, for example a 2-of-3 transaction, requires the agreement of the required number of authorized signatories, in this case two out of three. However, the paper shows that multisig transactions present significant usability problems, and serious anonymity and confidentiality drawbacks.
“Bitcoin currently lacks support for the sophisticated internal control systems deployed by modern businesses to deter fraud,” say the authors of the paper. “To address this problem, we present the first threshold signature scheme compatible with Bitcoin’s ECDSA signatures and show how distributed Bitcoin wallets can be built using this primitive.”
In a threshold signature scheme, the ability to construct a signature is distributed among different devices (for example a computer and a smartphone), and each device receives a share of the private signing key. For individuals, threshold signatures allow for two-factor security, or splitting the ability to sign between two devices so that a single compromised device won’t put the money at risk. For businesses, threshold signatures allow for the realization of access control policies that prevent both insiders and outsiders from stealing corporate funds.
The researchers built a prototype implementation of a two-factor secure wallet, a desktop client and an Android app, and released open source code on Github. A video shows how the system works: a user initiates a transaction on the computer, and the computer then begins the threshold signing protocol with the phone. The phone will show the user the transaction details and will proceed with the transaction only with the user’s explicit approval. The computer and phone use QR codes to initially pair, and for all subsequent sessions they communicate over the local Wifi network.
If threshold signature schemes become common, private bitcoin wallets will support the same multi-factor authentication offered by major wallet providers, while continuing to offer a high degree of anonymity.