March 5, 2015

avatar

Threshold signatures and Bitcoin wallet security: A menu of options

Before Bitcoin can mature as a currency, the security of wallets must be improved. Previously, I motivated the need for sharing Bitcoin wallets using threshold signatures as a means to greatly increase their resilience to theft. For corporate users, threshold signatures enable cryptographically secure access control. For individuals, threshold signatures can be used to build two-factor secure wallets.

Our work was predicated on the assumption that there exist threshold signature schemes that are compatible with Bitcoin. Indeed, there are various threshold signature schemes that meet this requirement. But it turns out that there are a number of desirable properties of such schemes, and each alternative satisfies some subset of them. In this technical post, I’ll examine the desirable properties and how each available solution fares. While no scheme is suited to all possible applications, it appears that almost every use case can be satisfied by one of the schemes I describe.

[Read more...]

avatar

New research: Better wallet security for Bitcoin

[UPDATE (April 3, 2014): We've found an error in our paper. In the threshold signature scheme that we used, there are restrictions on the threshold value. In particular if the key is shared over a degree t polynomial, then 2t+1 players (not t+1) are required to to construct a signature. We thought that this could be reduced to t+1, but our technique was flawed. We are exploring various modifications, and we will post further details when we have an update.]

The Bitcoin ecosystem has been plagued by thefts and losses that have affected both businesses and individuals. The security of a Bitcoin wallet rests entirely on the security of its associated private keys which can digitally sign transactions to irreversibly spend the coins in the wallet. In a new paper, we show how to use the cryptographic technique of threshold signatures to increase the security of both corporate and individual wallets.

Perhaps Bitcoin’s toughest security challenge is protecting Internet-connected wallets from insider threats. Such hot wallets cannot be kept in highly secure, offline cold storage. One good way for businesses to mitigate this vulnerability is to have hot wallets jointly controlled by multiple parties. This way, no party can independently steal corporate funds. In our paper, we show how to achieve joint control of wallets using threshold signatures.
[Read more...]