Weekly design meeting #25

This meeting centred around key management. We discussed the use of Shamir Secret Sharing as a key management approach and whether or not it should be included in TokenScript.

There are two types of approaches

  1. *Key protection for when the user loses the key (e.g. FBI seized the mobile and started cracking it for the key).
  2. Key recovery, for when the user loses the key (e.g. by dropping the mobile into a toilet). Some wallets already has key protection. For example, AlphaWallet uses the hardware enclave to encrypt the key.

We explored only the second scenario - * key recovery* - in this session and the focus is on

  1. Using Shamir Secret Sharing for key recovery.
  2. Using Threshold Password Authentication so that the user can start the recovery with a password.

We assume the availability of 3 honest parties, and we require both protocols to be threshold protocols because we anticipate the lack of availability under the uncertainties of early-stage blockchain. (The uncertainty mainly comes from 𝑎) the short life-span of blockchain startups and organisations, and 𝑏) the possible legal/regulatory action that might hinder their availability).

The process per discussion is outlined in the following diagrams. For simplicity, whenever a cryptographic protocol is used, a blue circle is drawn around it to hide the magic.

Using password, and email verification code as the 2FA

When it comes to the topic of 2nd FA, it turns out that a special service is needed to handle that on top of the parties (assumed to be three) participating secret sharing or threshold password authentication. We used αW as an example of such a "special service" as it would be provided by the wallet provider (e.g. AlphaWallet).

The setup process

email-set-up

The recovery process.

email-recovery

Using password, and OTP as the 2FA

Despite being popular, OTP presents some unique challenge in distributed protocols we are talking about here. The main reason being that the initial secret used to generate the OTP, cannot be shared between the parties that participate secret sharing or password authentication since it would allow one compromised party to impersonate a user without the protection of 2FA. Therefore the "special service αW" is expended to be the gatekeeper doing 2FA. It breaks the security and availability assumption of the original protocols but presented as a balance of all design choices.

The setup process

otp-set-up

The recovery process

otp-recovery

How much TokenScript is used to describe the underlying architect?

Probably none at all. It seems as long as we don't involve Smart Contract, TokenScript (which works on the token layer) shouldn't interfere with how underlying key management works.

This discussion has a follow-up development plan.