Can you have a password based cryptocurrency?

2

Bitcoin is key based. Although it is possible to convert a password into a key, publishing the public key makes it vulnerable to brute force. Currently, passwords are used with Bitcoin, but only to protect keys (if the key is lost, your money is lost. Publishing the key in a public place is bad idea because brute force.) Is there a way to you can use passwords, but make checking the password require mining a block?

In particular, is there a way to make it so that it is impossible to know if a transaction signed with a password is correct unless its part of a mined block? This way, even if your password only requires 1,000,000 tries to crack, the attacker needs to mine 1,000,000 blocks to bruteforce the password?

  • In particular, once they have mined a block, if you change the password, the proof of work becomes invalid, and you need to generate a new one before you can check the new password.
  • Although it is tempting to say that blocks with invalid passwords are invalid (so our malicious miner doesn't even get to keep what he mined), this would put honest miners at risk of receiving invalid transactions and losing their mined coins. Therefore, invalid transactions would just have to be ignored.
  • Users could change their password by simply creating a new account and transferring their funds to that.

Is this possible? Does any cryptocurrency currently do this?

PyRulez

Posted 2016-05-07T17:17:44.690

Reputation: 349

Answers

3

In particular, is there a way to make it so that it is impossible to know if a transaction signed with a password is correct unless its part of a mined block? This way, even if your password only requires 1,000,000 tries to crack, the attacker needs to mine 1,000,000 blocks to bruteforce the password?

I'm not aware of any cryptographic constructions that would let you do that. The closest thing I can think of is increasing the number of iterations of the password derivation function so that the amount of work required is similar to the amount of work required for creating a block.

Although it is tempting to say that blocks with invalid passwords are invalid (so our malicious miner doesn't even get to keep what he mined), this would put honest miners at risk of receiving invalid transactions and losing their mined coins. Therefore, invalid transactions would just have to be ignored.

That doesn't completely fix things, though. If someone on the network is trying to bruteforce a password by submitting lots of transactions, the miner is going to see a thousand invalid transactions for each valid one. This means that the honest miners almost never earn fees for their block, and that legitimate transactions almost never go through.

You've got the right idea in trying to prevent an offline attack against a password, though. You should look at Peer Assisted Key Derivation.

Nick ODell

Posted 2016-05-07T17:17:44.690

Reputation: 26 536

Do you have any ideas on changes to the protocol to prevent people using honest nodes the brute force passwords? (Maybe small proof of work to submit transactions?)PyRulez 2016-05-08T14:28:48.823

@PyRulez Yeah, you could do that. I'm not sure it'd be enough, though.Nick ODell 2016-05-08T15:07:29.707

Oh, I think I know what you could do. You make it based on keys like normal, but you can change the key of an address using a password. To do so, you need to pay a fee from a working account (so you'll need someone who hasn't lost their private key to help you, or make a new account and get some coins), but this fee would be on the order of a transaction fee. That is still enough to defeat brute force, but shouldn't make losing your keys too much of a burden (for long term secure storage, you could reasonably burn your key and recover it later).PyRulez 2016-05-18T01:32:07.087

Of course, that doesn't solve the main problem of how you make the password checking blockchain based, but its a start.PyRulez 2016-05-18T01:32:44.463

Asked: 2016-05-07T17:17:44.690

Viewed: 290 times

Active: 2016-05-08T14:18:26.060