Dedicated cryptocurrency hardware wallets are expensive; however, inexpensive FIDO U2F hardware second factor devices are becoming more popular as Google, Facebook, and others add support and can enable the same level of security. Adoption of these devices will grow as privacy and security become a larger global concern.
What it does
How I built it
Challenges I ran into
The FIDO U2F plaintext message format was reverse engineered from several U2F server implementations, taking about 14h to perfect.
Ethereum at present does not natively support the secp256r1 ecdsa curve. We leveraged an ECDSA Solidity contract, which exacerbated the difficulty of determining the cause of signature verification failures. Byzantium adds support for faster elliptic curve primitive that enable optimization and will be an important feature.
Passing variable length parameters in Web3 is not supported, and passing large parameters is non-obvious. Debug support for solidity is non-existent and runtime errors are virtually useless.
Accomplishments that we’re proud of
Getting everything to work end-to-end!
What we learned
Solidity, Web3, Truffle, react, DSA, elliptic curves, DSA serialization standards, FIDO standards.
What's next for kEth
Optimization and generalization of the smart contract will be crucial to making this successful.