Cryptology ePrint Archive: Report 2019/006

Minimizing Trust in Hardware Wallets with Two Factor Signatures

Antonio Marcedone and Rafael Pass and abhi shelat

Abstract: We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.

Category / Keywords: digital signatures, threshold cryptography

Original Publication (with major differences): Financial Crypto 2019

Date: received 2 Jan 2019, last revised 2 Jan 2019

Contact author: marcedone at cs cornell edu

Available format(s): PDF | BibTeX Citation

Version: 20190109:004131 (All versions of this report)

Short URL: ia.cr/2019/006


[ Cryptology ePrint archive ]