Author: Natanael 2014-07-25 16:22:46
Published on: 2014-07-25T16:22:46+00:00
The discussion in this context revolves around the security concerns related to PIN verification by Bitcoin wallets. The unpredictability of blockchain's advancement and lack of trusted machines are some of the issues that make it challenging to design interactive proofs for PIN verification. The probability of having the correct blockchain is only statistical over longer periods, which means an old copy can be shown, and fake chains can also be displayed if the node isn't up-to-date yet. Secure Multiparty Computation among the miners could potentially enable challenge-response, but selecting participating nodes, preventing the secret state from leaking, performance and reliability, would all pose significant challenges.In response to a suggestion, one of the participants suggested recording the time to disk when a PIN attempt is made, and if the time goes backward, not allowing further attempts until it advances past the previous attempt. Another suggestion was to use a delay that doubles on failure each time up to some max, relying on the P2P network to unlock a PIN. However, there is no quantifiable reason why relying on the P2P network feels weird for PIN unlocking.The security benefits of bread wallet being tamper-resistant and zero on tamper hardware were questioned, and attaching a debugger or modifying the program to ignore the block sourced time was suggested. However, since bread wallet is an iOS application, attaching to a process requires root access, making it more challenging than convincing the device to change its system time. Nonetheless, the security benefits might not be substantial.
Updated on: 2023-06-09T01:29:07.879227+00:00