Two-factor Authentication Scheme Based on Smart Contract

doi:10.3969/j.issn.1006-2475.2023.10.018

Abstract

Abstract: Due to the rise of cryptocurrencies underpinned by blockchain and cryptography， the traditional centralized transaction model has been broken. But while it brings many conveniences， it also exposes flaws. When the user key of the cryptocurrency is lost or an attacker exploits the contract vulnerability to illegally transfer funds， the system lacks additional authentication and fund custody functions， which will cause the user to lose control of the funds. In view of these problems, the proposed proposal will write the user’s account fund tracking management rules into the smart contract, and force the user to call the two-factor authentication scheme （combined with non-interactive zero-knowledge proof， Merkle tree， ElGamal algorithm and other methods） to verify the legal identity and prevent attackers from illegally transferring funds under specific abnormal circumstances. The results of comparison with other schemes show that the scheme has a certain improvement in safety and efficiency.

Key words: Key words: NIZK, ElGamal algorithm, Merkle tree, identity authentication

CLC Number:

TP391

LIU Xin, LIU Yi. Two-factor Authentication Scheme Based on Smart Contract[J]. Computer and Modernization, 2023, 0(10): 121-126.

References ［27］

［1］	MEHAR M I， SHIER C L， GIAMBATTISTA A， et al. Understanding a revolutionary and flawed grand experiment in blockchain: The DAO attack［J］. Journal of Cases on Information Technology， 2019，21（1）:19-32.
［2］	Binance. Binance security breach update［EB/OL］. （2019-05-17）［2022-09-28］. https://binance.zendesk.com/hc/en-us/articles/360028031711.
［3］	Citowise Developments. Citowise wallet［EB/OL］. （2019-07-13）［2022-09-28］. https://cryptocompare.com/wallets/citowise.
［4］	BONNEAU J， MILLER A， CLARK J， et al. SoK: Research perspectives and challenges for bitcoin and cryptocurrencies［C］// Proceedings of the 2015 IEEE Symposium on Security and Privacy. 2015:104-121.
［5］	BAGHERZANDI A， JARECKI S， SAXENA N， et al. Password-protected secret sharing［C］// Proceedings of the 18th ACM Conference on Computer and Communications Security. 2011:433-444.
［6］	FRANKENFIELD J. Blockchain wallet: What it is， how it works， security issues［EB/OL］. （2022-01-13）［2022-09-28］. https://www.investopedia.com/terms/b/blockchain-wallet.asp.
［7］	HOMOLIAK I， BREITENBACHER D， HUJNAK O， et al. SmartOTPs: An air-gapped 2-factor authentication for smart-contract wallets［C］// Proceedings of the 2nd ACM Conference on Advances in Financial Technologies. 2020:145-162.
［8］	ZHOU J， QU R， SUN L Y. Securing blockchain wallets efficiently based on threshold ECDSA scheme without trusted center［C］// Proceedings of the 2021 Asia-Pacific Conference on Communications Technology and Computer Science. 2021:47-51.
［9］	MAXWELL G， POELSTRA A， SEURIN Y， et al. Simple Schnorr multi-signatures with applications to bitcoin［J］. Designs， Codes and Cryptography， 2019，87（9）:2139-2164.
［10］	MOSER M， EYAL I， GUN SIRER E. Bitcoin covenants［C］// Proceedings of the 2016 International Conference on Financial Cryptography and Data Security. 2016:126-141.
［11］	BREUER F， GOYAL V， MALAVOLTA G. Cryptocurrencies with security policies and two-factor authentication［C］// Proceedings of the 2021 IEEE European Symposium on Security and Privacy. 2021:140-158.
［12］	DE CRISTOFARO E， DU H L， FREUDIGER J， et al. A comparative usability study of two-factor authentication［J］. arXiv preprint arXiv:1309.5344， 2013.
［13］	GOLDWASSER S， MICALI S， RACKOFF C. The knowledge complexity of interactive proof systems［J］. SIAM Journal on Computing， 1989，18（1）:186-208.
［14］	BLUM M， FELDMAN P， MICALI S. Non-interactive zero-knowledge and its applications［C］// Proceedings of the 20th Annual ACM Symposium on Theory of Computing. 1988:103-112.
［15］	BLUM M， DE SANTIS A， MICALI S. Noninteractive zero-knowledge［J］. SIAM Journal on Computing， 1991，20（6）:1084-1118.
［16］	POINTCHEVAL D， STERN J. Security proofs for signature schemes［C］// Proceedings of the 15th Annual International Conference on the Theory and Applications of Cryptographic Techniques. 1996:387-398.
［17］	AMRUTIYA V， JHAMB S， PRIYADARSHI P， et al. Trustless two-factor authentication using smart contracts in blockchains［C］// Proceedings of the 2019 International Conference on Information Networking. 2019:66-71.
［18］	ATENIESE G， FAONIO A， MAGRI B， et al. Certified bitcoins［C］// Proceedings of the 2014 International Conference on Applied Cryptography and Network Security. 2014:80-96.
［19］	MANN C， LOEBENBERGER D. Two-factor authentication for the bitcoin protocol［J］. International Journal of Information Security， 2017，16（2）:213-226.
［20］	BAMERT T， DECKER C， WATTENHOFER R， et al. BlueWallet: The secure bitcoin wallet［C］// Proceedings of the 2014 International Workshop on Security and Trust Management. 2014:65-80.
［21］	WOOD G. Ethereum: A secure decentralised generalised transaction ledger［R］. Ethereum Project Yellow Paper， 2014，151:1-32.
［22］	COURTOIS N， SONG G Y， CASTELLUCCI R. Speed optimizations in bitcoin key recovery attacks［J］. Tatra Mountains Mathematical Publications， 2016，67（1）:55-68.
［23］	ARAPINIS M， GKANIATSOU A， KARAKOSTAS D， et al. A formal treatment of hardware wallets［M］// Financial Cryptography and Data Security. 2019:426-445.
［24］	Kraken. Kraken identifies critical flaw in trezor hardware wallets［EB/OL］. （2020-09-23）［2022-09-28］. https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets.
［25］	MILLER A， XIA Y， CROMAN K， et al. The honey badger of BFT protocols［C］// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016:31-42.
［26］	TORRES C F， STEICHEN M， STATE R. The art of the scam: Demystifying honeypots in Ethereum smart contracts［C］// Proceedings of the 28th USENIX Security Symposium. 2019:1591-1607.
［27］	DHAKAL V， FEIT A M， KRISTENSSON P O， et al. Observations on typing from 136 million keystrokes［C］// Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. 2018. DOI: 10.1145/3173574.3174220.

[1]	TANG Shi-qi, ZHOU Rui-ping, XIE Shi-bin, LIU Meng-chi, XIAO Wen, . Cross-language Multi-label Sentiment Classification Based on Stacked Denoising AutoEncoder [J]. Computer and Modernization, 2023, 0(11): 6-12.
[2]	LIU Jing-le, LUO Xiang, GONG Cheng-rong, ZHANG Guo-peng. Prediction of Diabetes Mellitus Using LightGBM Classifier with RF-RFECV [J]. Computer and Modernization, 2023, 0(11): 36-43.
[3]	LUO Ming-jie, FENG Kai-ping. Lightweight Facial Expression Recognition Method Based on Sandglass Structure and Attention Mechanism [J]. Computer and Modernization, 2023, 0(11): 89-94.
[4]	YAN Zi-xian, DONG Bao-liang, TANG Si-mi. Improved YOLOv7 Algorithm for Low-resolution Ship Object Detection in Complex Backgrounds#br# [J]. Computer and Modernization, 2023, 0(11): 120-126.
[5]	ZHENG Hai-li, CHEN Ping-hua. Sequence Recommendation Model Based on Dynamic Convolution and Self-attention [J]. Computer and Modernization, 2023, 0(10): 9-16.
[6]	JIA Xiao-yao, . Breast Cancer Prediction and Feature Analysis Model Based on CatBoost and SHAP [J]. Computer and Modernization, 2023, 0(10): 32-38.
[7]	XING Shi-shuai, LIU Dan-feng, WANG Li-guo, PAN Yue-tao, MENG Ling-hong, YUE Xiao-han. Image Super-resolution Reconstruction Based on Spatial Attention Residual Network [J]. Computer and Modernization, 2023, 0(10): 45-52.
[8]	GONG Dingxi, CAO Changrong. Plant Leaf Classification Based on CNN [J]. Computer and Modernization, 2014, 0(4): 12-15.
[9]	WU Ning, GUAN Shengqi, XU Shuaihua. Fabric Defect Detection Based on Periodicity and Local Directivity of Texture Edge [J]. Computer and Modernization, 2014, 0(4): 16-19.
[10]	YIN Shile， ZENG Zhiyong. An Improved Nystrom Spectral Clustering for Image Segmentation [J]. Computer and Modernization, 2014, 0(4): 20-23.
[11]	SUI Jiankai1, LIU Huiyi1,YAN Shuo2. Feature Matching Method Based on Random Forests Classifier [J]. Computer and Modernization, 2014, 0(4): 81-85.
[12]	WU Chun， LIANG Zhengyou. Cochannel Speech Separation Based on Clustering [J]. Computer and Modernization, 2014, 0(4): 86-88.
[13]	LIU Yang, FU Zhonghua, TANG Ling. A Dualchannel Acoustic Echo Canceler on Windows Platform [J]. Computer and Modernization, 2014, 0(4): 199-202.