Paper 2021/1287
The Exact Security of BIP32 Wallets
Poulami Das, Andreas Erwig, Sebastian Faust, Julian Loss, and Siavash Riahi
Abstract
In many cryptocurrencies, the problem of key management has become one of the most fundamental security challenges. Typically, keys are kept in designated schemes called 'Wallets', whose main purpose is to store these keys securely. One such system is the BIP32 wallet (Bitcoin Improvement Proposal 32), which since its introduction in 2012 has been adopted by countless Bitcoin users and is one of the most frequently used wallet system today. Surprisingly, very little is known about the concrete security properties offered by this system. In this work, we propose the first formal analysis of the BIP32 system in its entirety and without any modification. Building on the recent work of Das et al. (CCS `19), we put forth a formal model for hierarchical deterministic wallet systems (such as BIP32) and give a security reduction in this model from the existential unforgeability of the ECDSA signature algorithm that is used in BIP32. We conclude by giving concrete security parameter estimates achieved by the BIP32 standard, and show that by moving to an alternative key derivation method we can achieve a tighter reduction offering an additional 20 bits of security (111 vs. 91 bits of security) at no additional costs.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. ACM CCS 2021
- Keywords
- WalletscryptocurrenciesfoundationsBIP32
- Contact author(s)
-
poulami das @ tu-darmstadt de
andreas erwig @ tu-darmstadt de
sebastian faust @ tu-darmstadt de
lossjulian @ gmail com
siavash riahi @ tu-darmstadt de - History
- 2021-09-27: revised
- 2021-09-24: received
- See all versions
- Short URL
- https://ia.cr/2021/1287
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1287, author = {Poulami Das and Andreas Erwig and Sebastian Faust and Julian Loss and Siavash Riahi}, title = {The Exact Security of {BIP32} Wallets}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/1287}, year = {2021}, url = {https://eprint.iacr.org/2021/1287} }