Georgia-based bitcoin merchant processor BitPay has launched a project that leverages bitcoin technology to facilitate a decentralized authentication system.
Called BitAuth, the system uses cryptographic signatures in place of server-side password storage. This solves a common security problem for IT administrators, because a breach can potentially leak customer authentication information.
Garzik told CoinDesk:
"Replacing passwords with digital signatures is not a very original idea. [But] digital identity is going to be a key technology for the future."
The news follows BitPay’s previous foray into making technology improvements with cryptographic systems.
How BitAuth works
BitAuth shares characteristics with bitcoin technology by using the same elliptic curve cryptography, but it introduces a system identification number (SIN), which is outlined on the Bitcoin Wiki.
Essentially, a SIN uses a cryptographic key pair to sign transactions with a server for authentication purposes.
With BitAuth, users would still authenticate with a conventional login and password combination. However, that information would only be stored locally, also known as client-side, and is only used to facilitate sending a private key to a remote server for access purposes.
To ensure that each authentication session is unique, every time a user releases a private key it is signed with a public key on a remote server and a nonce (a single-use randomized string) is generated as a session identifier.
Web breaches exposing identifiable information have been a problem for large companies of late, as evidenced by major data losses affecting eBay, PF Changs, Target and Verizon. Furthermore, such events could potentially threaten the bitcoin industry.
Garzik said that BitAuth can reduce the issues that threaten digital identities, by attaching SINs to identities, or obscuring IDs with non-identifiable information.
Garzik told CoinDesk:
“[BitAuth] is as anonymous, or not, as you choose. At a minimum, public keys are revealed to external parties.”
Additionally, Garzik said that BitAuth's trustless properties can enable an improved experience for everyone:
“What makes the SIN proposal unique is that [they] are decentralized, as anonymous as you want them to be, digitally secure, capable replacements for website username/password, and most of all, extensible to any system that may be covered by hashes."
Not just a concept
The announcement is also notable given the recent criticisms levied by developers regarding the lack of improvements to bitcoin's infrastructure. For example, experts like Mike Hearn have said that bitcoin as a software project is underfunded and needs attention to ensure continued progress.
BitPay’s Stephen Pair recently told CNBC that Visa and MasterCard will eventually ‘leverage’ bitcoin, a possibility that might be advanced by the creation of secure technical tools such as BitAuth and Bitcore for developers.
Disclaimer: CoinDesk founder Shakil Khan is an investor in BitPay.
Login image via Shutterstock