some "key less + biometric" solutions

victor.zhang · June 13, 2020, 1:46am

This topic was originally in an email thread. I post the thread here to continue the discussion here, so we can share the knowledge with a larger community.

Victor's Question:

https://zengo.com/security/, https://spatium.net/, https://keyless.io/

I start seeing more than more such solutions for blockchain wallet. The UX is super.

Previously I asked some security experts, they all told me biometric is only for convenience, it is not secure, and it is dangerous to store your biometric in the cloud. (That's why both iOS and Andriod only store biometric locally and only for convenience.)

But I read Zengo's document, it seems they find out a way to get both convenience and security, and the biometric data they store in their server is not dangerous.

If this is the case, we should use biometric in our secret sharing solution.

Weiwu's reply:

about https://zengo.com/security/. They say: "Using threshold signatures, we’ve replaced the traditional private key with two independently created “mathematical secret shares.” Which is the same threshold SSS we have always been planning to do in αWallet. I think it's acceptable that they call a key management solution "Keyless". We often say in the financial world that "Fed prints money" where fed doesn't have the printer nor the paper for this task. So if "Fed prints money" is an acceptable expression to express its role in managing the availability of credit, "keyless" should be an acceptable way to express "Key management solution". Both are untrue, convenient and comfortable.

about https://spatium.net/ Ignoring it, the headline is nonsense.

about https://keyless.io/ It's authentication technology. The industry has been using biometric for authentication without implicating a key for ages. Your iPhone can authenticate you without key. You can't sign stuff with authentication.

Tore's reply:

I just had a look at the links.

In regards zengo.com, it seems like a very nice and secure solution they have. It is slightly different from what we want to do. It basically achieves the same we want to do, with the important exception that everything is stored at Zengo. So if they lose their server, the user loses his key! This is the case, even if the user is still in possession of his phone as the share of his key on Zengo’s servers is strictly needed to do a signature. Furthermore, their backup solution relies fully on storage on Zengo, so if they lose their data the user also loses his backup. It also seems like a user cannot move his key to another service if he wants!

Since the signing is also done distributedly, it requires Zengo to be online and working whenever the user wants to sign, which also affects reliability.

In regards to security they ensure a threshold setting by having the user’s share encrypted by Google or Apple, so an adversary must both corrupt a user’s Zengo and Google/Apple account to compromise his key.

That being said, I don’t understand their biometric approach to backup. I would really not like to share my biometric data directly with a company.

However, in general, their approach seems secure and by making some changes could be really nice. But anyway, their approach is distinct from what we want to do. It is not necessarily better or worse, but if I had to pick I would pick our approach

In regards to Keyless; as Weiwu says; it is authentication. This can, of course, be used along with SSS to allow backup of private keys in the same setting as us, but based on biometrics instead of password and 2FA. However, it is completely unclear how they actually achieve this. So until they publish a paper about their approach (or cite some papers) I would not trust it.

In regards to Spatium, it looks like they do the same as Zengo, but using a technology similar to Keyless. But again there is description of how they achieve this distributed biometric authentication (which is very far from trivial). Similar to Keyless they are a small company that does not seem to have a strong cryptography background, so unless there is some paper achieving this, which they piggyback on I would be concerned about the security of their solution.

victor.zhang · June 10, 2020, 3:36am

Thanks for your feedbacks.

That being said, I don’t understand their biometric approach to backup. I would really not like to share my biometric data directly with a company.

Zengo explained how they use biometric here, https://zengo.com/biometrics-in-zengo-wallet/ Zengo is using this company's solution https://www.facetec.com/#page-blk-white-papers Can you please share with me more about the bad side of such solutions ?

jot2re · June 10, 2020, 8:09am

I have looked a further into their technical details now, rather than just looking at their PR pages. Their solution is not bad at all! It seems to be pretty much the best one can hope for, without using advanced cryptography, like fully homomorphic encryption or MPC. As far as I can understand from https://dev.facetec.com/#/zoom-configuration-options?link=zoom-dedicated and the Privacy section on https://zengo.com/biometrics-in-zengo-wallet/ what happens is that biometry is stored encrypted on the Zengo server. I assume what happens is then that the encrypted reference biometry is sent to FaceTec where it is decrypted and compared to some biometry just read by the user's device (which is also sent encrypted to FaceTec through Zengo's server). This means that during authentication FaceTec necessarily gets to see the newly scanned biometry and compare it to its reference. However, since FaceTec is just acting like an API for this they should still remain oblivious to the identity, or any further information, on the user authenticating. That being said, they do still obtain biometry information which is considered highly personal (unlike a password which can be changed and can be different at different services). It is also worth noting that this approach is different to what happens on the iPhone and other mobile devices where the biometry is scanned and stored in a Secure Element or Trusted Execution Environment, since it is never to be transferred to Apple or Samsung's servers. Hence the same issue is not there when considering OS-level biometric authentication for phones. Still, most users will probably think Zengo's approach is fine, but since there is a lot of privacy enthusiastic users of blockchain, Zengo's solution might not appeal to the entire market.