Cryptocurrencies with Two-Factor Authentication
Blockchain based cryptocurrencies have been gaining in popularity for a variety ofreasons. However a burning problem with these cryptocurrencies is that there is no recovery mechanismif something goes wrong. What if you lose your private key? Even worse, what if an attacker steals yourkey (e.g., by exploiting a vulnerability in the wallet software)? There is no bank to call, and, no authorityto rely upon to get your funds back.The number of high profile attacks on cryptocurrencies has been rising steadily. In the Mt. Gox inci-dent, about $450 million worth of Bitcoins were stolen from the Mt. Gox wallet. Accidental deletion ofa code library from leading software company Parity Technologies saw 513,774.16 ETH or $421 millionrendered forever inaccessible. And just months before that incident, the same company lost 150,000ETH, or $123 million, due to a code error. Earlier this year, Tokyo-based cryptocurrency exchangeCoincheck was hacked and funds worth $530 million were stolen from its NEM wallet.The well-known DAO hack forced Ethereum to adopt a hard fork which created two version of thecurrency: Ethereum and Ethereum classic. To deal with such problems in future, Ethereum developershave proposed EIP 867. An EIP, or, ethereum improvement protocol, is the process by which codechanges get accepted onto the Ethereum platform. However EIP 867 has proven to be controversial sinceit will again bifurcate the currency into two versions: the very problem it was trying to solve.The problem of attackers stealing money is of course not unique to blockchain based cryptocurren-cies. The (traditional) banking industry has been dealing with such issues for decades where a number ofmitigating approaches have worked pretty well. This includes the now pervasive two-factor authentica-tion, and a number of security policies. Examples of common security policies include: a waiting period(say 24 hours) for transferring money to a new recipient, and, an overall daily outgoing transfer limit.Bypassing these restrictions could either require additional verifications (such as two-factor authentica-tion), or may not be allowed at all. Different banks could follow different security policies which mightalso vary by the type of account (business vs personal), and, by the state/region and the local laws.Thegoal of this project would be to take the lessons learnt in the traditional banking domain, and, show thatthey can be applied fruitfully to Blockchains as well (while still preserving their decentralized nature).
