Bitcoin Interview with the Bitcoin Authenticator Development Team
Nuno Menezes · @https://twitter.com/Blawpaw | Jan 17, 2015 | 08:07
The Rundown
Security has become a very important issue when it comes to Bitcoin wallets, and the ecosystem is always in constant demand for new features and innovative developments. The Bitcoin Authenticator is a new open project aiming to bring new developments and innovations to the Bitcoin security industry, and the first to introduce a Bitcoin wallet that offers a practical decentralized wallet security solution. The development team has also designed a decentralized, two-factor authentication (2FA) application that sits on top of the wallet. The Alpha version of the Authenticator is already completed and the team recently announced the Bitcoin Authenticator alpha release.
The Authenticator application was built to grant additional, decentralized 2FA security features to any web wallet and Desktop wallet software. However, the team decided to work on their own wallet software and has now launched its alpha version. This version is already customized with an Authenticator application enabling 2FA extra security. With decentralized, two-factor authentication built right into the wallet, users will no longer require third party services demanding users to sacrifice privacy over security.
To learn more about this project, Bitcoinist had a conversation with the development team:
Please tell us a little bit about the Bitcoin Authenticator and how you come up with the idea.
The idea for a 2FA Android app was originally conceived in response to the server-based multisig wallets that were popping up last year. While the server-based approach provides a good level of security, they are centralized and the server necessarily must see all of your transactions ― meaning you must trust the server with your sensitive financial information. And because the server must require you to authenticate yourself from another device (otherwise the 2FA doesn’t add any additional security), the ultimate security endpoints are still your computer and your phone. The server really does nothing but provide an additional attack vector while compromising your privacy.
So we remove the server and set up a P2P connection between your desktop and smartphone. It provides just as much security as the sever-based approach (if not more because there isn’t a server to hack) but only you see your transactions.
Since the Android app has been developed, we’ve moved on to developing a wallet to go with it. We’re hoping it will be one of (if not the most) secure and private lightweight wallets when it’s finished.
Tell me about the development team; comment about the developers and other people involved in the project.
It’s an open source project but basically the Team is just me, Chris Pacia and Alon Muroch. Both of us have been involved in the Bitcoin space for several years now.
We would like to hear about the project milestones and if the Bitcoin Authenticator will be accessible to any desktop wallet, such as Multibit.
The original goal was to try to persuade wallet developers to add support for the Android app into their wallets, but believe it or not we’ve found it easier to just make our own wallet to go with it, which is what we are working on now. We would certainly welcome other wallets using the Android app and we would be happy to help them integrate it. We’ll probably know more about the demand from other wallets after we’ve released a production version of our wallet.
Can you refer some of the technical details and specifications? How does the interoperability with wallet software works?
The Android app makes an outgoing socket connection to the wallet. During the initial handshake the Android app gives a master public key to the wallet which the wallet can use to derive child public keys for use in P2SH (multisig) addresses. The Android app retains the corresponding private keys. Transactions are sent directly to the mobile device over the same channel (using Google Cloud Messaging to refresh the IP if it has changed). 
The Android device prompts the user to approve the transaction and the signed transaction is sent back to the wallet for broadcast. It’s all pretty standard, other wallets should not have a difficult time using it at all.
In the future, we would like to transition off of P2SH addresses and use threshold signatures as more private multisig alternative.
Do you have any kind of Community support? What kind of support do you have?
We received a good deal of support from the bitcoinj community (bitcoinj is the java library we use). Mike Hearn in particular has been very helpful in the development process. Overall we have received very positive feedback from the Bitcoin community at large.
Do you currently have any agreements or financial support from companies or private investors?
At the moment, we are looking for investors. We would like to work full time and hire a few more developers.
The Wallet is in its alpha phase so it would be expected for you to have already planned some future implementations and new changes. Are you planning any new upgrades or special developments?
Threshold signatures are one upgrade we hope to integrate in a near future. It will allow us to do multisig while using standard pay-to-pubkey-hash addresses.
We are also working with the guys from Onename to improve the security of the Openname protocol. The goal is to be able to send payments to a human readable user name rather than to a Bitcoin address. Behind the scenes the wallet will query the blockchain to get the matching address and perform a number of checks to make sure it belongs to the right person. And there are a number of other cool things we have planned like a P2P anonymous messaging layer that will allow us to send payments and payment requests directly to the recipient, peer-to-peer coinjoin/coinshuffle mixing, and built-in anonymous messaging.
And finally a number of other financial services will be built right into the wallet. When it’s done, it will have taken bitcoin wallet software up to a new level.
Finally, we would like you to comment on your expectations for the future of your project.
By having an outcome that hopefully, pushes it into a more secure and private direction, we hope to have a positive impact and bring some changes to the security industry within the Bitcoin ecosystem.
What do you think about decentralized 2FA security for desktop wallets? Let us know in the comments bellow!
