nChain is pleased to receive our 6th patent grant by the European Patent Office. This patent, issued on October 3, 2018, covers an invention for securing content on a server or device through the use of another trusted device such as a smartphone. It represents a more user-friendly and secure alternative to existing encryption methods, while being directly integrable into a cryptocurrency wallet; it can thereby take full advantage of a secure blockchain such as Bitcoin Cash. This patent is an extension of our previously granted patent on Deterministic Key Generation.
European Patent 3257006 is entitled “Personal device security using elliptic curve cryptography for secret sharing.” It describes how two personal devices can securely communicate through the use of a common secret, without the need to exchange sensitive private-key information in the process. Security is enhanced by requiring digital signatures, before forming a common secret, for every session where data is exchanged.
For two such devices, say a smartphone and laptop, the common secret (sometimes referred to as determined common secret or ‘DCS’) is formed out of the laptop’s newly generated private/public keypair and the smartphone’s newly generated private/public keypair. This common secret allows an encryption key to be established between the devices.
Typically, the smartphone will act as what we call a personal “security device” giving access to content on the laptop.
The next time the devices communicate a digital signature is required to send information, making it impossible for third parties to imitate either device. The trusted information then allows a new common secret (and therefore encryption key) to be recalculated for each session, ensuring ongoing security every time data needs to be exchanged. The information required to recalculate the encryption key is thereby solely kept on the security device (here the smartphone).
The invention offers several advantages over existing encryption methods for the security of business and user data:
- Ease of use: Users need not provide a PIN or pass phrase. The provision of a security device such as a smartphone is enough as it contains the message with the necessary information. Users are more likely to make use of such a convenient process, rather than having to type in an entire pass phrase for every access of data. Thus, the likelihood of users taking advantage of such a secure method is increased.
- By using a smartphone app to access data securely some risk factors can be significantly reduced. For example, the possibility for an attacker to determine a PIN is eliminated by using public key cryptography in the identification process. Also, the chance of forgetting or mistyping a long pass phrase, which would be of similar security, is reduced to users losing their smartphone and the backup of the smartphone.
- Because new key pairs are used for every encryption/decryption cycle, the likelihood of a successful attack is further reduced. The security is comparable to generating a new pass phrase for every encryption/decryption cycle, yet, because our mechanism is automated, it can be done at much greater convenience to the user.
- By letting the security device verify its identity through a secure ECDSA signature of the required message, attackers are prevented from accessing data, even if the sent message on the security device is captured and stolen, and the device can be imitated itself.
- More importantly, the encryption key is not stored on either device, and the required message for the encryption is kept on the security device, while the content is kept on the server; so for data to be stolen, both devices need to be accessed and linked simultaneously—making an attack significantly more difficult.
Beyond the above example of securely storing and accessing data on a laptop computer (which can be applied to specific files and folders also), the mechanism of establishing a common secret between personal devices can be applied to a broad range of use cases:
Passwords to sensitive online accounts, social media networks, bank accounts, or even an entire private key to a Bitcoin Cash (BCH) wallet can be stored and accessed securely, instead of having to split passwords or keys, and sending valuable information from one device to the other. This would offer more security at greater ease of use.
Using DCS for such purposes would pose a more convenient, and more secure method of two-factor authentication for online services such as exchanges or online bank services, as no additional data entry is required from the user, and no central server is involved in generating the encryption key.
While the invention is not limited to usage on the Bitcoin Cash (BCH) blockchain, we can integrate the mechanism of establishing a common secret between personal devices into standard BCH wallets; thus, we can take advantage of the strong security of the BCH blockchain, while increasing ease of use in a range of use cases.
DCS is a demonstrative example of how BCH can be used as a foundation for innovation in blockchain technology.
For more details, see our Chief Scientist’s blog post on the invention here: Personal Security Device – Craig Wright on Medium.
nChain’s European Patent for “Personal device security using elliptic curve cryptography for secret sharing” is available here – EP3257006B1.