Express your opinions on Emerging Solutions Improving Wallet security

ABCbits

legendary

Activity: 2856

Merit: 7410

Crypto Swap Exchange

Quote from: Findingnemo on September 23, 2023, 11:36:42 AM

Quote from: ?? on ??

Did you include wrong reference? Those link only talk about Zcash and Zcash wallet.

I don't see it as the wrong reference, because on the second link, I can see the link to the edge wallet app.

This is what they are mentioning as Zero-knowledge proof authentication for wallets as

That is why I said this is just nothing but previous-era coinbase wallet, using email to register, and password/PIN for login which means custodian wallet, and that is not preferred for storage at all.

I see, i initially though what OP wanted to show directly mentioned on https://z.cash/ecosystem/edge-wallet/. Although Edge wallet doesn't call their feature as "Zero-knowledge proof authentication".

Quote from: shubh3010 on September 23, 2023, 09:11:42 PM

Threshold signature-based authentication provides a great alternative to already popular multi-sig wallets. As mentioned in this article https://www.blockdaemon.com/blog/why-threshold-signature-wallets-are-better-than-multisig-wallet-top-5-reasons, it does add more value. I'm only concerned with this approach because you still would have to manage and communicate multiple parts of the key, which may cause delays in performing transactions.

Reason 1-3 already solved with Taproot, see link i mentioned above. While AFAIK reason 4-5 can't be solved with Taproot. Although i expect changing to value of n and m on n-of-m (stated on reason 5) rarely happen in practice.

shubh3010

newbie

Activity: 3

Merit: 3

Really wonderful to see all your opinions and analysis

!

I do agree that a continuous behavioural biometric authentication solution is technically and ethically far-fetched. This concept ends up storing user biometric information, which violates the core blockchain principle. Technically, they would have to store such massive data, raising security and cost concerns. The ease of using this wallet would be severely impacted because of performance overhead and hardware requirements.

Threshold signature-based authentication provides a great alternative to already popular multi-sig wallets. As mentioned in this article https://www.blockdaemon.com/blog/why-threshold-signature-wallets-are-better-than-multisig-wallet-top-5-reasons, it does add more value. I'm only concerned with this approach because you still would have to manage and communicate multiple parts of the key, which may cause delays in performing transactions.

Zero-knowledge proof authentication is still in its early phase. It is difficult for me to provide a judgment on it. As you guys have mentioned, it is still a custodian wallet, but when it comes to privacy, keyless authentication is still better than a custodian wallet. You don't have to worry about losing your private key and maintain anonymity.

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

secp256k1 curve/ private/ public keys are currently considered the safest "vault" on the planet, even central reserve banks are not this much secure, after all bank vaults are hidden underground without public access, while bitcoin keys are in the open, so I don't think they need any more protection.

One of the worst services I have seen is custodian wallets, and the biggest mistake of any one with coins is to use such wallets. It doesn't matter what they offer, what matters is that once you deposit your coins, you no longer in reality have any control over your funds, since they can at any moment take your coins and wave their hands while getting away.

Unless of course if there is such advanced wallets available as open source wallets, then we could compile and use it on our own systems with 100% control over private keys.

Findingnemo

hero member

Activity: 2310

Merit: 757

Bitcoin = Financial freedom

Quote from: ?? on ??

Did you include wrong reference? Those link only talk about Zcash and Zcash wallet.

I don't see it as the wrong reference, because on the second link, I can see the link to the edge wallet app.

This is what they are mentioning as Zero-knowledge proof authentication for wallets as

That is why I said this is just nothing but previous-era coinbase wallet, using email to register, and password/PIN for login which means custodian wallet, and that is not preferred for storage at all.

Findingnemo

hero member

Activity: 2310

Merit: 757

Bitcoin = Financial freedom

Quote from: shubh3010 on September 22, 2023, 10:12:38 PM

1 - Continuous user behavioral biometrics authentication for wallets
references- https://iopscience.iop.org/article/10.1088/1742-6596/1631/1/012104/pdf

The crypto community pays attention to privacy more than anything so they will not psyched for a wallet that gathers information from the users and what you are trying to create looks more dangerous

If this is the concept then the wallet will keep collecting biometric details from the user?

If there is any security breach in your security system, data will be leaked and our details will be available on the darknet for a few bucks. Roll Eyes

So the scammers can use it to steal more money from us like bank accounts, credit cards, and what else?

Quote from: shubh3010 on September 22, 2023, 10:12:38 PM

2 - Threshold signature-based wallets

references- https://cryptoapis.io/blog/78-what-is-the-threshold-signature-scheme

This is nothing but a multi-signature concept But I want some clarification for this part "TSS transactions are data light since they contain the same amount of data as a normal single signature transaction. Being data light means they are faster and cheaper to verify with lower transaction fees (mining fees or gas). "
Cause if it's multi sig the TX fee will be higher but the ref said it will be the same as a single sig transaction so if you can make such a wallet then it will be a deal breaker but practically it is not possible (correct me if I am wrong).

Quote from: shubh3010 on September 22, 2023, 10:12:38 PM

3 - Zero-knowledge proof authentication for wallets - Like Edge wallet for Zcash

Reference -
https://youtu.be/VHkZnuM-VLE?si=lMg_VjJcJOsWno_s
https://z.cash/ecosystem/edge-wallet/

Edge wallet is a multi-crypto hot wallet, which is nothing but the previous era coinbase wallet which is highly not recommended for storing cryptos even if it's a small amount. So I recommend you to go with something that is non-custodial, no data collection and open-sourced if possible because that is what people from the crypto community wants to use for storing their cryptos.

satscraper

hero member

Activity: 714

Merit: 1298

Cashback 15%

Quote from: shubh3010 on September 22, 2023, 10:12:38 PM

1 - Continuous user behavioral biometrics authentication for wallets
references- https://iopscience.iop.org/article/10.1088/1742-6596/1631/1/012104/pdf

Comments on any of the solution is highly appreciated.

I have read this article. I would refuse to open on-line wallet, that gathers and stores the movement biometrics of mouse owned by me on the ground that even if wallet provider is one who belongs to true penny, there is a not zero probability that gathered data will leak against his will. You realize that this is a threat to my privacy, don't you?

LoyceMobile

hero member

Activity: 1643

Merit: 683

LoyceV on the road. Or couch.

Quote from: shubh3010 on September 23, 2023, 01:00:25 AM

How to move this ?

See bottom left.

shubh3010

newbie

Activity: 3

Merit: 3

How to move this ? Or should I create a duplicate one ?

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Here move your topic to this board, https://bitcointalk.org/index.php?board=6.0 because is more tech oriented than bitcoin general discussion.
I love to get to learn new things, while I absolutely have zero knowledge about zero knowledge proof, which btw was the subject of late Hal Finney's speech at a cryptography conference in 90's ( I think 98?), seems to be something which has been around for decades, only in the few recent years developers started working on it's applications.

Let me read about them and get back to you with zero useful inputs.😉

Edit: I just read about threshold signature, it's a wallet as a service, Ok now my question, what happens if I and 5 other people use this scheme and suddenly I drop and one of the 5 dies? Without having any backup of the shared keys, me and other 4 guys should do what exactly? Nothing because there is no solution for that problem.

shubh3010

newbie

Activity: 3

Merit: 3

Hi all !

I was researching the emerging solutions that help increase the security of blockchain-based digital wallets. It would be great for my research assignment if you all express your opinions and high level analysis on the below techniques regarding security, technical feasibility, likelihood of adoption, Ease of use, performance etc.

1 - Continuous user behavioral biometrics authentication for wallets
references- https://iopscience.iop.org/article/10.1088/1742-6596/1631/1/012104/pdf

2 - Threshold signature-based wallets

references- https://cryptoapis.io/blog/78-what-is-the-threshold-signature-scheme

3 - Zero-knowledge proof authentication for wallets - Like Edge wallet for Zcash

Reference -
https://youtu.be/VHkZnuM-VLE?si=lMg_VjJcJOsWno_s
https://z.cash/ecosystem/edge-wallet/

Comments on any of the solution is highly appreciated.

Topic: Express your opinions on Emerging Solutions Improving Wallet security (Read 169 times)