Author: Eric Voskuil 2015-02-04 01:03:53
Published on: 2015-02-04T01:03:53+00:00
The first email thread involves a conversation between Will and Eric Voskuil regarding the use of multisig wallets to protect against malware. The scenario discussed is when a user signs a 2 of 3 output with a first signature, but the platform is compromised, resulting in a loss of integrity of the private key. The idea is for the user to send the signed transaction to another party who will provide the second signature to spend the output as intended by the user. However, the compromised platform must transmit a secret or proof of a secret to the third party to authenticate the send to the user. The problem with this scenario is that the two secrets are not independent if the first platform is compromised, allowing the malware to sign, impersonate the user, and send to the third party. Therefore, the third party must send the transaction to an independent platform for verification by the user and obtain consent before adding the second signature. In the case of truly independent decisions, multi-factor authentication (MFA) is the strongest. However, short of that, there's no reason for a remote third party. It is necessary to secure multiple devices with the home, even if using a third party. Walking around with all necessary factors or keeping them in the same safe is equivalent to having just one factor. This is true whether we are talking about multiple physical devices or a remote service since the secret must still be accessible to the person in control. The second email thread involves Pieter Wuille discussing the possibility of fixing a problem with R/S length upper bounds in Bitcoin's STRICTDER validation. One solution suggested is to add a patch to 0.10 to make signatures with too-long R or S values non-standard. Another simpler solution is to add this to BIP66's DERSIG. Gregory Maxwell prefers the latter option, and there is no opposition to this proposal.In the third email thread, Eric Voskuil discusses multiple factor authentication and its limitations. He explains that the independence of control is the central issue in the analysis of a multiple factor system. If an attack compromises one factor, there must be no way for that attack to reduce the difficulty of obtaining the other factors. He warns against increasing user complexity without increasing integrity or privacy and misleading users. All three email threads are part of the Bitcoin-development mailing list.
Updated on: 2023-06-09T16:25:46.852977+00:00