Georgia-based bitcoin merchant processor BitPay has launched a project that leverages bitcoin technology to facilitate a decentralized authentication system.
Called BitAuth, the system uses cryptographic signatures in place of server-side password storage. This solves a common security problem for IT administrators, because a breach can potentially leak customer authentication information.
Bitcoin core developer and BitPay employee Jeff Garzik conceived some of the concepts that made BitAuth a reality.
Garzik told CoinDesk:
The news follows BitPay’s previous foray into making technology improvements with cryptographic systems.
How BitAuth works
BitAuth shares characteristics with bitcoin technology by using the same elliptic curve cryptography, but it introduces a system identification number (SIN), which is outlined on the Bitcoin Wiki.
Essentially, a SIN uses a cryptographic key pair to sign transactions with a server for authentication purposes.
With BitAuth, users would still authenticate with a conventional login and password combination. However, that information would only be stored locally, also known as client-side, and is only used to facilitate sending a private key to a remote server for access purposes.
To ensure that each authentication session is unique, every time a user releases a private key it is signed with a public key on a remote server and a nonce (a single-use randomized string) is generated as a session identifier.
Web breaches exposing identifiable information have been a problem for large companies of late, as evidenced by major data losses affecting eBay, PF Changs, Target and Verizon. Furthermore, such events could potentially threaten the bitcoin industry.
Garzik said that BitAuth can reduce the issues that threaten digital identities, by attaching SINs to identities, or obscuring IDs with non-identifiable information.
Garzik told CoinDesk:
Additionally, Garzik said that BitAuth's trustless properties can enable an improved experience for everyone:
Not just a concept
The announcement is also notable given the recent criticisms levied by developers regarding the lack of improvements to bitcoin's infrastructure. For example, experts like Mike Hearn have said that bitcoin as a software project is underfunded and needs attention to ensure continued progress.
BitPay’s Stephen Pair recently told CNBC that Visa and MasterCard will eventually ‘leverage’ bitcoin, a possibility that might be advanced by the creation of secure technical tools such as BitAuth and Bitcore for developers.
Disclaimer: CoinDesk founder Shakil Khan is an investor in BitPay.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.