• Sat. Apr 27th, 2024

Tony's Bit

Software Development, Cloud Computing, Blockchain Technology and Finance.

Cryptocurrency Security Software Development

CAUTH2.0: A Open Security Framework for Smart Cryptographic Wallets

ByTony Nguyen

Aug 9, 2020

Introduction

Although Bitcoin, Ethereum and the general concept of Cryptocurrency is much more widespread then when I got into it, I am still surprised to find how difficult it is for my friends and family to get started. Whether they have to create paper wallets via myetherwallet.com and having to save their seed to a password manager (or for the less tech savy to a text file on their desktop) or trying to use Ledger the experience feels alien compared to pretty much every other software ecosystem.

CAuth2.0 is my proposal to solve this issue. The original goal was to create a user experience as close to what users commonly experience (email, password, 2FA) but with the same “level” of security as hardware wallets. At a high level the solution utilizes client-side encryption similar to secure password managers but combined with 2FA multi-signature workflows to ensure network security.

You can read the full framework here.

Key access: How does it work?

The framework proposes a client encrypted key storage system that ensures that the service-provider never has access to private keys. This methodology results in users having access to their keys using a Email + Password + Master Password. Admittedly the master password is an additional piece of information users must store however it has a added advantage of being disposable and customizable which is not the same as a seed or private key.

Vault Creation and Key Storage Process

Key Retrieval Process

Two-factor Multi-signature: How does it work?

By using smart-account functionality and a intermediary security layer, users are able to provide authorization for transactions via a second methodology i.e. Email or SMS.

Transaction Broadcasting Communication Flow

Sample Deployment Architecture

Conclusion

By addressing these challenges, users of CAuth2.0 can have a familiar experience for primary authentication/authorization (OAuth2.0) and transaction broadcasting (two-factor confirmations). The proposed framework is compatible with all Smart Account enabled blockchains and can be implemented in a multi-service provider ecosystem.

By Tony Nguyen

Related Post

.NET Security Software Development Uncategorized
Post Quantum Part 1: The storm beyond the horizon
Oct 15, 2023 Tony Nguyen
Elasticsearch python Software Development
Exporting data from Elasticsearch using Python
Apr 10, 2020 Tony Nguyen
Docker Software Development
How to access the Docker host from a Docker container
Jan 26, 2020 Tony Nguyen

You missed

.NET Security Software Development Uncategorized
Cryptocurrency Security Software Development
Elasticsearch python Software Development
Docker Software Development