Paper 2019/006

Minimizing Trust in Hardware Wallets with Two Factor Signatures

Antonio Marcedone, Rafael Pass, and abhi shelat

Abstract

We introduce the notion of two-factor signatures (2FS), a generalization of a two-out-of-two threshold signature scheme in which one of the parties is a hardware token which can store a high-entropy secret, and the other party is a human who knows a low-entropy password. The security (unforgeability) property of 2FS requires that an external adversary corrupting either party (the token or the computer the human is using) cannot forge a signature. This primitive is useful in contexts like hardware cryptocurrency wallets in which a signature conveys the authorization of a transaction. By the above security property, a hardware wallet implementing a two-factor signature scheme is secure against attacks mounted by a malicious hardware vendor; in contrast, all currently used wallet systems break under such an attack (and as such are not secure under our definition). We construct efficient provably-secure 2FS schemes which produce either Schnorr signature (assuming the DLOG assumption), or EC-DSA signatures (assuming security of EC-DSA and the CDH assumption) in the Random Oracle Model, and evaluate the performance of implementations of them. Our EC-DSA based 2FS scheme can directly replace currently used hardware wallets for Bitcoin and other major cryptocurrencies to enable security against malicious hardware vendors.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. Financial Crypto 2019
Keywords
digital signaturesthreshold cryptography
Contact author(s)
marcedone @ cs cornell edu
History
2019-01-09: received
Short URL
https://ia.cr/2019/006
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/006,
      author = {Antonio Marcedone and Rafael Pass and abhi shelat},
      title = {Minimizing Trust in Hardware Wallets with Two Factor Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2019/006},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/006}},
      url = {https://eprint.iacr.org/2019/006}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.