Cryptology ePrint Archive: Report 2018/956

Key-Insulated and Privacy-Preserving Signature Scheme with Publicly Derived Public Key

Zhen Liu and Guomin Yang and Duncan S. Wong and Khoa Nguyen and Huaxiong Wang

Abstract: Since the introduction of Bitcoin in 2008, cryptocurrency has been undergoing a quick and explosive development. At the same time, privacy protection, one of the key merits of cryptocurrency, has attracted much attention by the community. A deterministic wallet algorithm and a stealth address algorithm have been widely adopted in the community, due to their virtues on functionality and privacy-protection, which come from a key derivation mechanism that an arbitrary number of derived keys can be generated from a master key. However, these algorithms suffer a fatal vulnerability which may cause fatal damages. In particular, when a minor fault happens (say, one derived key is compromised somehow), the damage is not limited to the leaked derived key, instead, it spreads to the master key and the whole system collapses.

In this paper, to provide a formal treatment for the problem, we introduce and formalize a new signature variant, called Key-Insulated and Privacy-Preserving Signature Scheme with Publicly Derived Public Key (PDPKS), which forms a convenient and robust cryptographic tool for offering the virtues of deterministic wallet and steal address, while eliminating the security vulnerabilities. Specifically, PDPKS allows anyone to derive new signature verification keys for a user, say Alice, based on her long-term public-key, while only Alice can derive the signing keys corresponding to those verification keys. In terms of privacy, given a derived verification key and valid signatures with respect to it, an adversary is not able to tell which long-term public key, out of a set of known long-term public keys, is the one from which the verification key was derived, and given two verification keys and corresponding valid signatures, an adversary cannot tell whether the verification keys are derived from the same long-term public key. A distinguishing security feature of PDPKS, with the above functionality and privacy features, is that the derived keys are independent/insulated from each other, namely, compromising the signing key associated with a verification key does not allow an adversary to forge a valid signature for another verification key, even if both verification keys are derived from the same long-term public key.

We formalize the notion of PDPKS and propose a practical and proven secure construction, which could be a convenient and secure cryptographic tool for building privacy-preserving cryptocurrencies and supporting promising use cases in practice, as it can used to implement secure stealth addresses, and can be used to implement deterministic wallets and the related appealing use cases, without security concerns.

Category / Keywords: Signature Scheme, Publicly Derived Public Key, Key-Insulated Security, Privacy, Cryptocurrency, Stealth Addresses, Deterministic Wallets

Date: received 8 Oct 2018, last revised 1 Nov 2018

Contact author: liuzhen at sjtu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20181102:041932 (All versions of this report)

Short URL: ia.cr/2018/956


[ Cryptology ePrint archive ]