Paper 2021/342

MPCAuth: Multi-factor Authentication for Distributed-trust Systems

Sijun Tan, UC Berkeley
Weikeng Chen, UC Berkeley
Ryan Deng, UC Berkeley
Raluca Ada Popa, UC Berkeley
Abstract

Systems with distributed trust have attracted growing research attention and seen increasing industry adoptions. In these systems, critical secrets are distributed across N servers, and computations are performed privately using secure multi-party computation (SMPC). Authentication for these distributed-trust systems faces two challenges. The first challenge is ease-of-use. Namely, how can an authentication protocol maintain its user experience without sacrificing security? To avoid a central point of attack, a client needs to authenticate to each server separately. However, this would require the client to authenticate N times for each authentication factor, which greatly hampers usability. The second challenge is privacy, as the client’s sensitive profiles are now exposed to all N servers under different trust domains, which creates N times the attack surface for the profile data. We present MPCAuth, a multi-factor authentication system for distributed-trust applications that address both challenges. Our system enables a client to authenticate to N servers independently with the work of only one authentication. In addition, our system is profile hiding, meaning that the client’s authentication profiles such as her email username, phone number, passwords, and biometric features are not revealed unless all servers are compromised. We propose secure and practical protocols for an array of widely adopted authentication factors, including email passcodes, SMS messages, U2F, security questions/passwords, and biometrics. Our system finds practical applications in the space of cryptocurrency custody and collaborative machine learning, and benefits future adoptions of distributed-trust applications.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. IEEE S&P 2023
Keywords
TLSsecure multiparty computationauthentication
Contact author(s)
sijuntan @ berkeley edu
weikengchen @ berkeley edu
rdeng2614 @ berkeley edu
raluca popa @ berkeley edu
History
2023-05-16: last of 3 revisions
2021-03-17: received
See all versions
Short URL
https://ia.cr/2021/342
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/342,
      author = {Sijun Tan and Weikeng Chen and Ryan Deng and Raluca Ada Popa},
      title = {{MPCAuth}: Multi-factor Authentication for Distributed-trust Systems},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/342},
      year = {2021},
      url = {https://eprint.iacr.org/2021/342}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.