BitPay Seeks to Decentralize Digital Identification with BitAuth
BitPay's latest contribution to bitcoin's infrastructure, BitAuth, finds the company tackling digital identity with bitcoin technology.
Georgia-based bitcoin merchant processor BitPay has launched a project that leverages bitcoin technology to facilitate a decentralized authentication system.
Called BitAuth, the system uses cryptographic signatures in place of server-side password storage. This solves a common security problem for IT administrators, because a breach can potentially leak customer authentication information.
Bitcoin core developer and BitPay employee Jeff Garzik conceived some of the concepts that made BitAuth a reality.
Garzik told CoinDesk:
The news follows BitPay’s previous foray into making technology improvements with cryptographic systems.
How BitAuth works
BitAuth shares characteristics with bitcoin technology by using the same elliptic curve cryptography, but it introduces a system identification number (SIN), which is outlined on the Bitcoin Wiki.
Essentially, a SIN uses a cryptographic key pair to sign transactions with a server for authentication purposes.
With BitAuth, users would still authenticate with a conventional login and password combination. However, that information would only be stored locally, also known as client-side, and is only used to facilitate sending a private key to a remote server for access purposes.
To ensure that each authentication session is unique, every time a user releases a private key it is signed with a public key on a remote server and a nonce (a single-use randomized string) is generated as a session identifier.
Web breaches exposing identifiable information have been a problem for large companies of late, as evidenced by major data losses affecting eBay, PF Changs, Target and Verizon. Furthermore, such events could potentially threaten the bitcoin industry.
Garzik said that BitAuth can reduce the issues that threaten digital identities, by attaching SINs to identities, or obscuring IDs with non-identifiable information.
Garzik told CoinDesk:
Additionally, Garzik said that BitAuth's trustless properties can enable an improved experience for everyone:
Not just a concept
The announcement is also notable given the recent criticisms levied by developers regarding the lack of improvements to bitcoin's infrastructure. For example, experts like Mike Hearn have said that bitcoin as a software project is underfunded and needs attention to ensure continued progress.
BitPay’s Stephen Pair recently told CNBC that Visa and MasterCard will eventually ‘leverage’ bitcoin, a possibility that might be advanced by the creation of secure technical tools such as BitAuth and Bitcore for developers.
Those wishing to engage with BitAuth can now do so: BitPay has a GitHub repo dedicated to the project, and there is also a BitAuth chat room hosted on Gitter.
Disclaimer: CoinDesk founder Shakil Khan is an investor in BitPay.
Login image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.