Express your opinions on Emerging Solutions Improving Wallet security

[shubh3010]

Hi all !

I was researching the emerging solutions that help increase the security of blockchain-based digital wallets. It would be great for my research assignment if you all express your opinions and high level analysis on the below techniques regarding security, technical feasibility, likelihood of adoption, Ease of use, performance etc.

1 - Continuous user behavioral biometrics authentication for wallets
references- https://iopscience.iop.org/article/10.1088/1742-6596/1631/1/012104/pdf


2 - Threshold signature-based wallets

references- https://cryptoapis.io/blog/78-what-is-the-threshold-signature-scheme


3 - Zero-knowledge proof authentication for wallets - Like Edge wallet for Zcash

Reference -
https://youtu.be/VHkZnuM-VLE?si=lMg_VjJcJOsWno_s
https://z.cash/ecosystem/edge-wallet/

Comments on any of the solution is highly appreciated.

[digaran]

Here move your topic to this board, https://bitcointalk.org/index.php?board=6.0 because is more tech oriented than bitcoin general discussion.
I love to get to learn new things, while I absolutely have zero knowledge about zero knowledge proof, which btw was the subject of late Hal Finney's speech at a cryptography conference in 90's ( I think 98?), seems to be something which has been around for decades, only in the few recent years developers started working on it's applications.

Let me read about them and get back to you with zero useful inputs.😉

Edit: I just read about threshold signature, it's a wallet as a service, Ok now my question, what happens if I and 5 other people use this scheme and suddenly I drop and one of the 5 dies? Without having any backup of the shared keys, me and other 4 guys should do what exactly? Nothing because there is no solution for that problem.

[shubh3010]

How to move this ? Or should I create a duplicate one ?

[LoyceMobile]

How to move this ?

See bottom left.

[satscraper]

1 - Continuous user behavioral biometrics authentication for wallets
references- https://iopscience.iop.org/article/10.1088/1742-6596/1631/1/012104/pdf



Comments on any of the solution is highly appreciated.

I have read this article. I would refuse to open on-line wallet, that gathers  and stores the movement biometrics of mouse owned by me on the ground that  even if wallet provider is one who belongs to true penny, there is a not zero probability that gathered data will  leak against his will. You realize that this is a threat to my privacy, don't you?

[Findingnemo]

1 - Continuous user behavioral biometrics authentication for wallets
references- https://iopscience.iop.org/article/10.1088/1742-6596/1631/1/012104/pdf

The crypto community pays attention to privacy more than anything so they will not psyched for a wallet that gathers information from the users and what you are trying to create looks more dangerous



If this is the concept then the wallet will keep collecting biometric details from the user?

If there is any security breach in your security system, data will be leaked and our details will be available on the darknet for a few bucks. So the scammers can use it to steal more money from us like bank accounts, credit cards, and what else?

2 - Threshold signature-based wallets

references- https://cryptoapis.io/blog/78-what-is-the-threshold-signature-scheme

This is nothing but a multi-signature concept But I want some clarification for this part "TSS transactions are data light since they contain the same amount of data as a normal single signature transaction. Being data light means they are faster and cheaper to verify with lower transaction fees (mining fees or gas). "
Cause if it's multi sig the TX fee will be higher but the ref said it will be the same as a single sig transaction so if you can make such a wallet then it will be a deal breaker but practically it is not possible (correct me if I am wrong).

3 - Zero-knowledge proof authentication for wallets - Like Edge wallet for Zcash

Reference -
https://youtu.be/VHkZnuM-VLE?si=lMg_VjJcJOsWno_s
https://z.cash/ecosystem/edge-wallet/

Edge wallet is a multi-crypto hot wallet, which is nothing but the previous era coinbase wallet which is highly not recommended for storing cryptos even if it's a small amount. So I recommend you to go with something that is non-custodial, no data collection and open-sourced if possible because that is what people from the crypto community wants to use for storing their cryptos.

[Findingnemo]

Did you include wrong reference? Those link only talk about Zcash and Zcash wallet.

I don't see it as the wrong reference, because on the second link, I can see the link to the edge wallet app.

This is what they are mentioning as Zero-knowledge proof authentication for wallets as



That is why I said this is just nothing but previous-era coinbase wallet, using email to register, and password/PIN for login which means custodian wallet, and that is not preferred for storage at all.

[digaran]

secp256k1 curve/ private/ public keys are currently considered the safest "vault" on the planet, even central reserve banks are not this much secure, after all bank vaults are hidden underground without public access, while bitcoin keys are in the open, so I don't think they need any more protection.

One of the worst services I have seen is custodian wallets, and the biggest mistake of any one with coins is to use such wallets.  It doesn't matter what they offer, what matters is that once you deposit your coins, you no longer in reality have any control over your funds, since they can at any moment take your coins and wave their hands while getting away.

Unless of course if there is such advanced wallets available as open source wallets, then we could compile and use it on our own systems with 100% control over private keys.

[shubh3010]

Really wonderful to see all your opinions and analysis  !

I do agree that a continuous behavioural biometric authentication solution is technically and ethically far-fetched. This concept ends up storing user biometric information, which violates the core blockchain principle. Technically, they would have to store such massive data, raising security and cost concerns. The ease of using this wallet would be severely impacted because of performance overhead and hardware requirements.

Threshold signature-based authentication provides a great alternative to already popular multi-sig wallets. As mentioned in this article https://www.blockdaemon.com/blog/why-threshold-signature-wallets-are-better-than-multisig-wallet-top-5-reasons, it does add more value. I'm only concerned with this approach because you still would have to manage and communicate multiple parts of the key, which may cause delays in performing transactions.

Zero-knowledge proof authentication is still in its early phase. It is difficult for me to provide a judgment on it. As you guys have mentioned, it is still a custodian wallet, but when it comes to privacy, keyless authentication is still better than a custodian wallet. You don't have to worry about losing your private key and maintain anonymity.