Authentication with Bitcoin

-

Jason Dreyzehner

Atlanta Blockchain & Bitcoin Meetup

bitauth.bitjson.com

BitAuth2017

universal identity and authentication protocol, based on bitcoin

  • How bitcoin really works

  • How bitcoin transactions are authenticated

  • How we can adapt this for general use

Part 1:

Authenticating bitcoin transactions

How Bitcoin Works


Send bitcoin to a bitcoin address.

The person with the private key
can spend the money.

Bitcoin addresses are programs

How Bitcoin Actually Works


Send bitcoin to a locking script.

The person with the unlocking script
can spend the money.

Pay to Public Key Hash (P2PKH)

-

Locking Script

OP_DUP OP_HASH160 <PubkeyHash> OP_EQUALVERIFY OP_CHECKSIG

Unlocking Script

<Sig> <PubKey>

unlocking + locking script

<maybeSig> <maybePubKey> | OP_DUP OP_HASH160 <PubkeyHash> OP_EQUALVERIFY OP_CHECKSIG

Script Stack
<maybeSig> <maybeSig>
<maybePubKey> <maybePubKey> <maybeSig>
OP_DUP <maybePubKey> <maybePubKey> <maybeSig>
OP_HASH160 <maybePubkeyHash> <maybePubKey> <maybeSig>
<PubkeyHash> <PubkeyHash> <maybePubkeyHash> <maybePubKey> <maybeSig>
OP_EQUALVERIFY <verifiedPubKey> <maybeSig>
OP_CHECKSIG 1 (success)

Pay to Script Hash (P2SH) Multisig

-

Locking Script

OP_HASH160 <RedeemScriptHash> OP_EQUAL

Redeem Script

2 <Pub A> <Pub B> <Pub C> 3 OP_CHECKMULTISIG

Unlocking Script

0 <Sig A> <Sig C> <RedeemScript>

unlocking (with redeem) + locking script

Script Stack
0 0
<sig A> <sig A> 0
<sig C> <sig C> <sig A> 0
<RedeemScript> <RedeemScript> <sig C> <sig A> 0
OP_HASH160 <RedeemScriptHash> <sig C> <sig A> 0
<RedeemScriptHash> <RedeemScriptHash> <RedeemScriptHash> <sig C> <sig A> 0
OP_EQUAL <sig C> <sig A> 0
2 2 <sig C> <sig A> 0
<pub A> <pub A> 2 <sig C> <sig A> 0
<pub B> <pub B> <pub A> 2 <sig C> <sig A> 0
<pub C> <pub C> <pub B> <pub A> 2 <sig C> <sig A> 0
3 3 <pub C> <pub B> <pub A> 2 <sig C> <sig A> 0
OP_CHECKMULTISIG 1

P2ODorBoDorS

Pay to Operations Department
or Board of Directors
or Supermajority

P2ODorBoDorS

2 <Pub A> <Pub B> <Pub C> 3 OP_CHECKMULTISIG
3 <Pub D> <Pub E> <Pub F> <Pub G> <Pub H> 5 OP_CHECKMULTISIG
OP_BOOLOR
13 <Pub M1> <Pub M1> [...] <Pub M20> 20 OP_CHECKMULTISIG
OP_BOOLOR


note: P2SH 520 byte limit

Bitcoin Script

  • Flexible (with well-chosen constraints)
  • Limited processing requirements
  • Simple implementation
  • Self-contained

Part 2:

Scriptable Authentication

Static Authentication

("service-driven")

  • Service provides many authentication options
  • Service collects necessary information from the user (password, phone number, secret questions, email address, etc.)
  • To login, service issues challenge(s)
  • Service verifies user response

Problems all the way down


  • Some user identities have higher security requirements than others
  • Services must provide a variety of options to satisfy all identities
  • Inconsistency across services (re-invented wheels)
  • Ever increasing complexity

Scriptable Authentication

("user-driven")

  • User chooses authentication requirements
  • Service collects users locking script
  • To login, user provides unlocking script
  • Service validates

Why Scriptable Authentication?

  • Aligning of security incentives
  • Improved user experience by moving authentication to the (more competitive) consumer sphere
  • Simplify development requirements for services
  • Fewer systems, fewer attack surfaces

Part 3:

Scriptable Authentication & the Blockchain

Why use Bitcoin Script?

Standardization is Hard

  • Draft specification creation
  • Standardization management
  • Consensus, standard acceptance
  • Rollout mechanisms
  • Backwards compatibility management

Why use the Blockchain for identities?

The Blockchain is designed to secure identities.


The Blockchain is a secure directory of identities and their authentication requirements.

How do we create an identity on the blockchain?

a BitAuth Identity is defined by an Authbase


(funding inputs) Identity/Signing Output Authbase Transaction

Adding a Signing Output


(funding inputs) 1. Identity Output 2. Signing Output (other outputs) Authbase

Authhead Migration


(funding inputs) Identity Output Signing Output (other outputs) Authbase (funding inputs) Identity Output Signing Output (other outputs) Authhead

Authhead Resolution


Authhead Authbase Auth TX Authbase Auth TX Sept 2017 Jan 2018 Feb 2018 Jul 2019 May 2020

BitAuth Signature


(funding inputs) Identity Output Signing Output (other outputs) Authhead Digest Output BitAuth Signature (Transaction) Signing Outputof Authhead OP_RETURN <Algorithm> <MessageDigest>

BitAuth Layer 2 Protocols


(funding inputs) Identity Output Signing Output (other outputs) Authhead (funding inputs) Meaningful Output Meaningful Output Meaningful Output (etc.) Authhead Expansion TX (Example)

Layer 2 Protocols (Continued)

  • Decentralized DNS – output(s) share IPv6/onion address with the world
  • Proofs of ownership – associating a document with an identity in the blockchain
  • inter-wallet addressing system – shares the identity's payment code
  • etc.

Part 4:

Use Cases & Implications

User-friendly, secure, software signatures


bitcoin.zip bitcoin.zip.bitauth

Application Update Signing (Android, iOS)

What happens when a signer leaves the company?

OS-Level HD Key Derivation


Device Seed(12 words) App A xprivkey App B xprivkey App C xprivkey derive(Authbase A) derive(Authbase B) derive(Authbase C)

Phishing-proof login

Login Welcome! check signature(login challenge) derive(service's authbase) sign(login challenge)

Phishing-proof, multifactor login – no resets

Login Welcome, bitjson! bitjson my secret identity check signatures(recognized browser, service) derive(service's authbase, “bitjson”) sign(login challenge)

Big Companies Running Full Nodes


The Bitcoin blockchain is the world’s best identity database.

Authhead resolution is possible with SPV.

Instant resolution requires a full Bitcoin node.

Reference Implementation


github.com/bitauth/bitauth2017

Thank You

(to the moon)

GitHub Project →

@bitjson →