Enhancing User Security in Crypto Wallets with 2FA and TOTP: A Proposal for Account Abstraction

BACKGROUND

Blockchain technology has the potential to revolutionize the way we store and transfer value, but it can also be complex and intimidating for many users. Account abstraction has simplified the user experience for interacting with blockchain technology, but cyber attacks and unauthorized access to user accounts remain a risk. By implementing two-factor authentication with time-based one-time passwords, we can combine the user-friendly interface of account abstraction with an additional layer of security to provide a more secure crypto wallet for a wider audience.

THE SOLUTION

IMPLEMENTATION

A. SETTING UP 2FA FOR A SECURED ACCOUNT

  1. The user generates a random TOTP secret and a QR code and uses an Authenticator app to save the code.
  2. The future TOTPs are generated from the TOTP secret, and a merkle tree is built using these TOTPs to delegate the secured account (abstraction account) for a specific time frame. For example: if the delegation timeframe is 5 minutes and the time-step size of Google Authenticator is 30 seconds, then a merkle tree is built from 10 TOTPs.
  3. The merkle tree hashes (merkle tree proofs) are stored off-chain.
  4. The generated TOTPs and TOTP secrets are deleted using the Authenticator app by scanning the QR code.
  5. The merkle top root is submitted on-chain.

B. USING TOTP IN A SECURED ACCOUNT

  1. The secured account requests TOTP for every transaction.
  2. The TOTP generated from the Authenticator app and the merkle tree proofs are used to authenticate.

About Fewcha Wallet

Fewcha Wallet is the first pure Move self-custody crypto wallet for tokens, NFTs, and Defi on Move Blockchains (Aptos and SUI). Fewcha makes it easy, safe, and fun for everyone to explore the Web3 universe.

Developed by a team with 15+ years of experience in software engineering combined with 5 years of blockchain development, Fewcha is aimed to be the #1 trusted crypto wallet for the Aptos & SUI ecosystem.

2 Likes