Bitpay announces BitAuth

Decentralized Authentication. Chew on that for a bit. But why is it needed? Here’s what Bitpay said about this: Today, BitPay is excited to announce our proposal for a new passwordless authentication protocol, based on the same cryptography used in the Bitcoin protocol. By eliminating server-side storage of passwords, we can drastically reduce the impact of […]
Nigel Dollentas
Posted by Nigel Dollentas July 2, 2014 2 Mins Read
Decentralized Authentication. Chew on that for a bit. But why is it needed? Here’s what Bitpay said about this: Today, BitPay is excited to announce our proposal for a new passwordless authentication protocol, based on the same cryptography used in the Bitcoin protocol. By eliminating server-side storage of passwords, we can drastically reduce the impact of […]

Decentralized Authentication. Chew on that for a bit. But why is it needed? Here’s what Bitpay said about this:

Today, BitPay is excited to announce our proposal for a new passwordless authentication protocol, based on the same cryptography used in the Bitcoin protocol. By eliminating server-side storage of passwords, we can drastically reduce the impact of a compromised server.We’ve given long and careful thought to how best to protect the security of our customers’ data, of especially critical importance when dealing with financial information. Existing authentication schemes that you might be familiar with include username and password, client-side SSL certificates, or even shared secrets — in the end of our review, we found each of these to be lacking in various ways, so we made the decision to build BitAuth.

But how? How is a decentralized authentication system possible? Inspired by the same elliptic-curve  cryptography as Bitcoin, Bitpay proposes to use SIN, or system identification number. Originally proposed by Jeff Garzik, Bitcoin Core Developer, SIN is intended to be a fully decentralized, anonymous, secure identity. SIN also has the following features:

  •  Ownership may be digitally proven
  • Start as anonymous; opt out of anonymity by attaching identifying key-value pairs (real.name = “John Smith”, gov.us.ssn = “123-45-6789”).
  • Disposable

On top of these, there is the chance for two SIN’s, type-1 and type-2.

Type-1, also known as a persistent SIN, is more of a scarce SIN intentionally costing a lot to deter spam and validation, just like Bitcoins.

Type -2, also known as ephemeral SIN, acts more like Bitcoin addresses, which is where the disposable feature comes from.

Note this is all a proposal, but here is how Bitpay would do it:

How BitAuth Works

bitauth

This system would provide numerous benefits listed below:

  • Only a compromise of the client machine can endanger the system’s security.
  • Because the private key is never revealed to the server, it does not need to be exchanged between the server and client over a side channel like in HMAC.
  • Easy to implement wherever the Bitcoin protocol is implemented.
  • Decoupled from Bitcoin addresses, allowing for a more explicit separation from financial transactions and allowing for greater privacy.
  • Identity becomes portable — the same identity can be used on multiple services, letting you take your identity with you.

As of now, Bitpay has a Github (see below) where people can test out the new authentication system. It’s only fitting that if we are dealing with decentralized currency, the security that handles it is decentralized as well.

Source: http://blog.bitpay.com/2014/07/01/bitauth-for-decentralized-authentication.html

Github: https://github.com/bitpay/bitauth

Photo Source: Bing Images and Microsoft Paint (editing)

Tags: