Paper 2019/698

A Formal Treatment of Deterministic Wallets

Poulami Das, Sebastian Faust, and Julian Loss


In cryptocurrencies such as Bitcoin or Ethereum, users control funds via secret keys. To transfer funds from one user to another, the owner of the money signs a new transaction that transfers the funds to the new recipient. This makes secret keys a highly attractive target for attacks and has led to prominent examples where millions of dollars worth in cryptocurrency were stolen. To protect against these attacks, a widely used approach are so-called hot/cold wallets. In a hot/cold wallet system, the hot wallet is permanently connected to the network, while the cold wallet stores the secret key and is kept without network connection. In this work, we propose the first comprehensive security model for hot/cold wallets and develop wallet schemes that are provably secure within these models. At the technical level, our main contribution is to provide a new, provably secure ECDSA-based hot/cold wallet scheme that can be integrated into legacy cryptocurrencies such as Bitcoin. Our scheme makes several subtle changes to the BIP32 proposal and requires a technically involved security analysis.

Available format(s)
Publication info
Published elsewhere. Minor revision. ACM CCS 2019
Contact author(s)
poulami kgp cse @ gmail com
2020-01-03: last of 9 revisions
2019-06-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Poulami Das and Sebastian Faust and Julian Loss},
      title = {A Formal Treatment of Deterministic Wallets},
      howpublished = {Cryptology ePrint Archive, Paper 2019/698},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.