Deepening Blockchain Governance Toolkit with Two-Factor Authentication 2FA

Datarella demoed a new PoC for off-chain governance with our friends from tyntec at the TADSummit in Lisbon, Portugal this week. Using tyntec’s 2FA service we were able to demonstrate a proof of concept for using strong authenication to secure an Ethereum transaction. This is one elementary piece of the puzzle for creating robust governance structures for the blockchain.

What’s blocking the blockchain from going mainstream? Datarella and tyntec at TADSummit Lisbon 2018

One of the main issues holding back adoption of blockchain-based applications is that we’re still at a pretty basic level when it comes to governance.  Much ink has been spilled over the parity multisig wallet bug and the hack of the DAO. The exact causes of those incidents are beyond the scope of this article but both have to do with complexity and with finality.

One of the major selling points of Ethereum it utilizes the solidity programming language, which is Turing complete. This is both a blessing and a curse. It’s a blessing because this makes it technically possible to build very complex smart contracts which are capable of doing just about anything – that’s a big part of the promise of blockchain. The curse part of the equation is the fact that these complex programs may have unforseen bugs which end up irrevocably committing transactions on a large scale to public blockchains.  This is where finality comes into play. Once approved Ethereum transactions are subject to increasing probabilistic finality. 

In layman’s terms this means that there are no chargebacks, no refunds, no do overs and no room for error. The combination of complexity and probabilistic finality means that if we want to build blockchain applications that are ready for mass adoption we will need significantly improved safeguards and governance before transactions are committed to the blockchain.

In order to be useful, systems that transfer value have to exhibit some kind of finality. When you use a credit card to purchase a latte at your local store the money is transferred on a centralized ledger maintained by visa or mastercard. The money stays transferred unless there is a dispute. If you discover fraudulent charges on your card you just call your bank and prove your identity.  They roll back the charges on your account and an insurer takes care of the damage done. In other words, in the credit card system, finality is limited but sufficient and flexible. In the blockchain world what you commit to the chain remains on the chain. If you loose your private key or a bug in some complex code allows an unintended value transfer, it’s game over.

We can’t change the finality of blockchain and in most public cases we don’t want to. What would be nice is if we could put additonal controls on what the holder of a private key can do. This is useful as a component of our developing blockchain governance toolkit in a number of situations.

Some example use cases:

  • Resetting access to a wallet
  • Restricting malicous transaction attempts
  • Enabling multiparty quorum transactions without relying on complex on-chain multisig wallets
  • Off-chain voting mechanisms

Take a look at the video of the demo above. What we’ve implemented is a smart contract which requires a one time password provided by the tyntec 2FA API in addition to the private key before any transaction can be finalized on-chain. This opens the door to all sorts of governace options which we’re working on for our product RAAY and as part of the Codelegit arbitration libraries which we provide to the Blockchain Arbitration Forum.

We’d like to thank the awesome team of tyntec for their continuing collaboration on this. We’re really looking forward to the role such tech can play in moving blockchain-based governance procedures forward.