Paper 2019/698

A Formal Treatment of Deterministic Wallets

Poulami Das, Sebastian Faust, and Julian Loss

Abstract

In cryptocurrencies such as Bitcoin or Ethereum, users control funds via secret keys. To transfer funds from one user to another, the owner of the money signs a new transaction that transfers the funds to the new recipient. This makes secret keys a highly attractive target for attacks and has led to prominent examples where millions of dollars worth in cryptocurrency were stolen. To protect against these attacks, a widely used approach are so-called hot/cold wallets. In a hot/cold wallet system, the hot wallet is permanently connected to the network, while the cold wallet stores the secret key and is kept without network connection. In this work, we propose the first comprehensive security model for hot/cold wallets and develop wallet schemes that are provably secure within these models. At the technical level, our main contribution is to provide a new, provably secure ECDSA-based hot/cold wallet scheme that can be integrated into legacy cryptocurrencies such as Bitcoin. Our scheme makes several subtle changes to the BIP32 proposal and requires a technically involved security analysis.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Minor revision. ACM CCS 2019
Keywords
Walletscryptocurrenciesfoundations
Contact author(s)
poulami kgp cse @ gmail com
History
2020-01-03: last of 9 revisions
2019-06-13: received
See all versions
Short URL
https://ia.cr/2019/698
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/698,
      author = {Poulami Das and Sebastian Faust and Julian Loss},
      title = {A Formal Treatment of Deterministic Wallets},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/698},
      year = {2019},
      url = {https://eprint.iacr.org/2019/698}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.