Is there any blockchains that has implemented a 2fa type of security measure?

1

Currently someone can steal your btc private key and send all your funds away. But has there been a 2fa built into a blockchain that prevents something like this?

Say if you wanted to send something out from a btc address, it will require a 2fa generated token text to be provided in order send out.

I'm not talking about exchanges, but just the blockchain itself.

Patoshi パトシ

Posted 2016-12-23T18:58:26.990

Reputation: 8 911

Answers

2

text to be provided in order send out.

Who would be sending this SMS, who would be generating the secret?

The Bitcoin blockchain does support multi factor authentication by way of OP_CHECKMULTISIG, where you can have multiple keys simultaneously control a single output. This is auditable (you can tell what keys signed) and requires no third party trust.

Currently someone can steal your btc private key and send all your funds away.

Quite literally, the reason for wanting to protect the private key from being stolen in the first place.

Anonymous

Posted 2016-12-23T18:58:26.990

Reputation: 10 054

yea for a sms to be sent would require a 3rd party. but how would one integrate a google authenticator key that generates a different key every 30 seconds into a public blockchain? wouldn't the 2fa seed key to generate these keys be publicly viewable on the blockchain too?Patoshi パトシ 2016-12-23T19:52:50.647

3Instead of 2FA, literally use a phone wallet as a second signer in multisig. If your phone is secure enough to store a Google Authenticator secret, it's certainly secure enough to store a Bitcoin private key.Pieter Wuille 2016-12-23T21:22:52.163

2

Yes.

Multifactor authentication has been accomplished in Bitcoin using multisignature keys/addresses. A multisig address will begin with a "3" and requires 2 or more private keys to create a transaction.

From https://en.bitcoin.it/wiki/Multisignature:

Multisignature (multisig) refers to requiring more than one key to authorize a Bitcoin transaction.

I defer to the above link and below answer for thorough explanations of multisig:

https://bitcoin.stackexchange.com/a/3729/35473

Michael C Ippolito

Posted 2016-12-23T18:58:26.990

Reputation: 91

but if someone gets a hold of the 2 other private keys... your screwed. is there a system like google authenticator where the keys change every 20 seconds?Patoshi パトシ 2016-12-23T19:50:58.343

Not as far as I am aware. Maybe it has been done with a different cryptocurrency and it's also certainly possible that an institution experimenting with private/permissioned blockchains has implemented something like this.Michael C Ippolito 2016-12-23T20:04:57.363

1@duckx If somebody gets ahold of the secret for your 2FA your secrewed too. Multisign is even better because nobody else has to know your private key(s). Everyone who verifies your 2FA must know your 2FA secret. So 2FA is vastly inferior.David Schwartz 2016-12-26T20:10:30.230

1

Another smart contract multi-authorization approach to complement multisig is to apply vaulting technology. This deny multi-authorization approach could in theory be implemented by 2FA hardware devices like Trezor/Ledger/Keepkey to provide time sensitive deny services.

Funds that are vaulted can't be spend until an unvaulting period of time encoded in the smart contract has passed. If the owner of the funds is promtly alerted and acts properly with their recovery key within the unvaulting period, the hackers actions can be countered.

skaht

Posted 2016-12-23T18:58:26.990

Reputation: 2 588

1

Since a 2FA token isn't based on public key cryptography, there would have to be some trusted party that verified the 2FA token. So as far as we know, it can't be done by a public blockchain itself. You can use multisign and have one of the private keys held by a private party that only signs transactions if they have received a verified 2FA token.

But really your question doesn't make sense. What does 2FA do that a private key doesn't do? Arguably, a private key is even better than 2FA because you can arrange it so that nobody else knows the private key whereas with 2FA, everyone who verifies the 2FA must know the secret.

We use 2FA where private keys are impractical. It's vastly inferior because everyone who verifies must know the secret. We want only the one authorized to authenticate to know the secret and private keys give us this.

David Schwartz

Posted 2016-12-23T18:58:26.990

Reputation: 46 931