Authentication with Bitcoin
-
Jason Dreyzehner
Atlanta Blockchain & Bitcoin Meetup
bitauth.bitjson.com
BitAuth2017
universal identity and authentication protocol, based on bitcoin
- How bitcoin really works
- How bitcoin transactions are authenticated
- How we can adapt this for general use
Part 1:
Authenticating bitcoin transactions
How Bitcoin Works
Send bitcoin to a bitcoin address.
The person with the private key
can spend the money.
Bitcoin addresses are programs
How Bitcoin Actually Works
Send bitcoin to a locking script.
The person with the unlocking script
can spend the money.
Pay to Public Key Hash (P2PKH)
-
Locking Script
OP_DUP OP_HASH160 <PubkeyHash> OP_EQUALVERIFY OP_CHECKSIG
Unlocking Script
<Sig> <PubKey>
unlocking + locking script
<maybeSig> <maybePubKey> | OP_DUP OP_HASH160 <PubkeyHash> OP_EQUALVERIFY OP_CHECKSIG
Script |
Stack |
<maybeSig> |
<maybeSig> |
<maybePubKey> |
<maybePubKey> <maybeSig> |
OP_DUP |
<maybePubKey> <maybePubKey> <maybeSig> |
OP_HASH160 |
<maybePubkeyHash> <maybePubKey> <maybeSig> |
<PubkeyHash> |
<PubkeyHash> <maybePubkeyHash> <maybePubKey> <maybeSig> |
OP_EQUALVERIFY |
<verifiedPubKey> <maybeSig> |
OP_CHECKSIG |
1 (success) |
Pay to Script Hash (P2SH) Multisig
-
Locking Script
OP_HASH160 <RedeemScriptHash> OP_EQUAL
Redeem Script
2 <Pub A> <Pub B> <Pub C> 3 OP_CHECKMULTISIG
Unlocking Script
0 <Sig A> <Sig C> <RedeemScript>
unlocking (with redeem) + locking script
Script |
Stack |
0 |
0 |
<sig A> |
<sig A> 0 |
<sig C> |
<sig C> <sig A> 0 |
<RedeemScript> |
<RedeemScript> <sig C> <sig A> 0 |
OP_HASH160 |
<RedeemScriptHash> <sig C> <sig A> 0 |
<RedeemScriptHash> |
<RedeemScriptHash> <RedeemScriptHash> <sig C> <sig A> 0 |
OP_EQUAL |
<sig C> <sig A> 0 |
2 |
2 <sig C> <sig A> 0 |
<pub A> |
<pub A> 2 <sig C> <sig A> 0 |
<pub B> |
<pub B> <pub A> 2 <sig C> <sig A> 0 |
<pub C> |
<pub C> <pub B> <pub A> 2 <sig C> <sig A> 0 |
3 |
3 <pub C> <pub B> <pub A> 2 <sig C> <sig A> 0 |
OP_CHECKMULTISIG |
1 |
P2ODorBoDorS
Pay to Operations Department
or Board of Directors
or Supermajority
P2ODorBoDorS
2 <Pub A> <Pub B> <Pub C> 3 OP_CHECKMULTISIG
3 <Pub D> <Pub E> <Pub F> <Pub G> <Pub H> 5 OP_CHECKMULTISIG
OP_BOOLOR
13 <Pub M1> <Pub M1> [...] <Pub M20> 20 OP_CHECKMULTISIG
OP_BOOLOR
note: P2SH 520 byte limit
Bitcoin Script
- Flexible (with well-chosen constraints)
- Limited processing requirements
- Simple implementation
- Self-contained
Part 2:
Scriptable Authentication
Static Authentication
("service-driven")
- Service provides many authentication options
- Service collects necessary information from the user (password, phone number, secret questions, email address, etc.)
- To login, service issues challenge(s)
- Service verifies user response
Problems all the way down
- Some user identities have higher security requirements than others
- Services must provide a variety of options to satisfy all identities
- Inconsistency across services (re-invented wheels)
- Ever increasing complexity
Scriptable Authentication
("user-driven")
- User chooses authentication requirements
- Service collects users locking script
- To login, user provides unlocking script
- Service validates
Why Scriptable Authentication?
- Aligning of security incentives
- Improved user experience by moving authentication to the (more competitive) consumer sphere
- Simplify development requirements for services
- Fewer systems, fewer attack surfaces
Part 3:
Scriptable Authentication & the Blockchain
Why use Bitcoin Script?
Standardization is Hard
- Draft specification creation
- Standardization management
- Consensus, standard acceptance
- Rollout mechanisms
- Backwards compatibility management
Why use the Blockchain for identities?
The Blockchain is designed to secure identities.
The Blockchain is a secure directory of identities and their authentication requirements.
How do we create an identity on the blockchain?
a BitAuth Identity is defined by an Authbase
Adding a Signing Output
Authhead Migration
Authhead Resolution
BitAuth Signature
BitAuth Layer 2 Protocols
Layer 2 Protocols (Continued)
- Decentralized DNS – output(s) share IPv6/onion address with the world
- Proofs of ownership – associating a document with an identity in the blockchain
- inter-wallet addressing system – shares the identity's payment code
- etc.
Part 4:
Use Cases & Implications
User-friendly, secure, software signatures
Application Update Signing (Android, iOS)
What happens when a signer leaves the company?
OS-Level HD Key Derivation
Phishing-proof login
Phishing-proof, multifactor login – no resets
Big Companies Running Full Nodes
The Bitcoin blockchain is the world’s best identity database.
Authhead resolution is possible with SPV.
Instant resolution requires a full Bitcoin node.