Blockchain applications and 2 factor authentication

The past year numerous applications and business models have been developed on top of blockchain technology. One of the recurring challenges is securing the private key of the participants. In every blockchain this is the responsibility of the user and for obvious reasons it’s paramount to get this right. In most clients the private key is encrypted with a single password. In the early days of Bitcoin this was optional and there was malware in circulation that scanned a victim’s PC for unencrypted key files. Some users lost their funds and so the hunt for better security began.

Hardware wallets were a good step up and many were developed for Bitcoin. More recently a hardware wallet for Ethereum also appeared (see here) and many more will follow. This form of 2 Factor Authentication, or 2FA, is popular but requires the user to keep a physical device with him. Most users know these devices from their banks and based on research by banks we know that they’re quite unpopular.

Another form of 2FA is the use of the Secure Element in a smartphone. This is also known as a Trusted Execution Environment (TEE) and when the guys from Ledger Wallet showed off their first implementation in February 2015 I was generally impressed. The use of a TEE is an increasingly popular concept for securing blockchain transactions but some smartphone manufacturers (Yes you Apple) have locked down the functionality of their TEE. For Ledger this meant that their TEE solution never made it to market, they do still offer a beta of their original concept for a limited number of smartphones. For the tech savvy reader: The Apple implementation of the TEE is called the Secure Enclave. Our tests showed that Apple enabled it to store and sign only specific versions of the ECDSA curves such as Secp256r1 which is NOT used by any of the blockchain applications out there. For those hoping Apple will add support: It’s called Apple Pay and they will charge you for it. Of course you can run your own consortium blockchain and replace secp256k1 with little effort but that breaks compatibility with the public Ethereum and Bitcoin blockchain.

To meet our requirements (such as vender-independency) we’ve been looking at white box cryptography solutions to safely store a key in a smartphone application. There are some interesting solutions in the market such as the Private Arithmetic solution from Philips, they designed a software module that supports the safe generation and usage of a private key. It’s been reviewed by Brightsight and UL and they concluded that it did not leak any information through side channels and was resistant to reverse engineering. We’re currently exploring this application for use in our Digital Signing solution.

We’ve learned that there are many ways to apply 2 factor authentication security for signing transactions in blockchain-based applications. If you’re interested in learning more about securing your blockchain application please get in touch.

Blockchain - POC in a Week


  • Sander van Loosbroek
    Sander van Loosbroek

    Sander van Loosbroek is leading the distributed ledger research and development activities for Cegeka, a European IT service provider. Since 2015 Cegeka developed several Trade Finance blockchain Proof-of-Concepts and won an EFMA award for the Digital Trade Chain application it built for KBC.

Related articles

Blockchain technology in financial institutions

On Monday the 6th of November, Sander van Loosbroek had the pleasure of presenting his point of view on recent blockchain developments in the financial sector. His biggest take-away? It is becoming impossible to keep track of all the launched blockchain initiatives.

How blockchain will eliminate the Bill of Lading in trade finance

International trade is all about who owns the goods and how are they paid for. Since the transfer of goods never aligns precisely with payment, this is a complex industry that is largely driven by paper. The main reason for this is that ownership of goods is still transferred by a Bill of Lading or similar paper document, causing delays and costs for all parties involved.

What is blockchain technology?

Blockchain is the result of over 25 years of research into how to solve the fundamental problem of double spending value online. The internet we use today was built for copying information from one computer to another. This means that you can view a copy of a website to read the news, view this video or communicate with friends on social media.