Cryptology ePrint Archive: Report 2019/698

A Formal Treatment of Deterministic Wallets

Poulami Das and Sebastian Faust and Julian Loss

Abstract: In cryptocurrencies such as Bitcoin or Ethereum, users control funds via secret keys. To transfer funds from one user to another, the owner of the money signs a new transaction that transfers the funds to the new recipient. This makes secret keys a highly attractive target for attacks and has led to prominent examples where millions of dollars worth in cryptocurrency were stolen. To protect against these attacks, a widely used approach are so-called hot/cold wallets. In a hot/cold wallet system, the hot wallet is permanently connected to the network, while the cold wallet stores the secret key and is kept without network connection. In this work, we propose the first comprehensive security model for hot/cold wallets and develop wallet schemes that are provably secure within these models. At the technical level, our main contribution is to provide a new, provably secure ECDSA-based hot/cold wallet scheme that can be integrated into legacy cryptocurrencies such as Bitcoin. Our scheme makes several subtle changes to the BIP32 proposal and requires a technically involved security analysis.

Category / Keywords: foundations / Wallets, cryptocurrencies, foundations

Original Publication (with minor differences): ACM CCS 2019

Date: received 12 Jun 2019, last revised 30 Aug 2019

Contact author: poulami kgp cse at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20190830:131324 (All versions of this report)

Short URL: ia.cr/2019/698


[ Cryptology ePrint archive ]