Search on TFTC
Issue #1317: NFC is allowing for more robust security models

Issue #1317: NFC is allowing for more robust security models

Feb 13, 2023
Marty's Ƀent

Issue #1317: NFC is allowing for more robust security models

This Bent is a bit overdue considering Coinkite's TAPSIGNER product dropped last Summer, but you freaks know what they say, "better late than never." If you watch the tutorial above you'll learn that the TAPSIGNER is an NFC enabled card that holds a private key. By creating wallets using a TAPSIGNER on compatible mobile apps like Nunchuk, users now have the ability to create a more robust security set up for bitcoin they choose to access via their mobile devices.

The increased security manifests because the TAPSIGNER + mobile wallet combination creates a quasi two-factor authentication flow for signing and broadcasting transactions. Compared to a pure mobile wallet set up where a user stores a private key on their device that allows them to sign and broadcast transactions directly from an app, adding a TAPSIGNER to the mix makes it impossible for attackers to access a user's bitcoin if they steal their phone. To successfully steal a user's bitcoin they would need to get the phone, the TAPSIGNER, and correctly guess the user's PIN. One can imagine a scenario in which a user loses their phone. By adding a TAPSIGNER to the transaction signing flow, they don't have to worry about someone finding their phone and being able to steal their bitcoin. As long as their TAPSIGNER is secure in their meat space wallet or some other secure location, the bitcoin is secure.

With all that being said, there is one drawback to a single signature wallet dependent on a TAPSIGNER. It isn't possible to verify destination addresses on the TAPSIGNER itself since it is a card form factor without a screen. Users will have to trust that the address the mobile app they're using to construct and broadcast a transaction is displaying the address they actually want to send bitcoin to. This problem is mitigated by including the TAPSIGNER key in a multi-signature quorum that has hardware devices in the mix that can be used to verify addresses on the device. However, I should note that I believe a TAPSIGNER-dependent single signature wallet is fine. I have been using them for months without any issues. You freaks should just be aware of the tradeoffs.

When it comes to the potential impact a product like TAPSIGNER can have for bitcoin security I think it is going to be massive. Especially if you consider the fact that most people will be using their mobile devices to access bitcoin when it becomes widely adopted. The relatively cheap price point for this hardware device makes it accessible to people in developing markets who have a pressing need for more secure mobile-first key set ups. The physical two-factor authentication flow that TAPSIGNER introduces is a massive improvement on the status quo in my opinion.

Beyond that, I think the TAPSIGNER is especially cool because it expands the design landscape of bitcoin key signing with NFC in a way that wasn't done at a commercial level until the product was released. NFC flows are a superior user experience flow compared to plugging in a hardware device and signing a transaction. There are no clunky devices or chords needed. Simply pull out a nondescript card from your meat space wallet and hold it to the back of your phone or NFC-enabled computer. It's a design flow that feels apt for the world we live in today. And whether bitcoiners recognize it or not, better user experience will lead to wider adoption.

Final thought...

Marathon of a weekend that involved Italian food, axes, scooters, a trampoline park, birthday cake, and another Sunday night by the fire.

You have your place to buy Bitcoin, but have you tried River? It’s where all the Bitcoiners are now going. See why at\
CrowdHealth BTC is now accepting memberships starting June 1st and later. Use code TFTC during sign-up and the first 1000 members will receive a discounted membership of $99/ month for the first 6 months.
This rag was delivered to you via Ghost. If you are thinking about starting a newsletter or website and are looking for the most robust and sovereign option you should check out Ghost. For sovereign payments connect your Ghost site to Scrib.


Current Block Height

Current Mempool Size

Current Difficulty