Paper 2023/312

BIP32-Compatible Threshold Wallets

Poulami Das, Helmholtz Center for Information Security
Andreas Erwig, TU Darmstadt
Sebastian Faust, TU Darmstadt
Julian Loss, Helmholtz Center for Information Security
Siavash Riahi, TU Darmstadt

Cryptographic wallets have become an essential tool to secure users' secret keys and consequently their funds in Blockchain networks. The most prominent wallet standard that is widely adopted in practice is the BIP32 specification. This standard specifies so-called hierarchical deterministic wallets, which are organized in a tree-like structure such that each node in the tree represents a wallet instance and such that a parent node can derive a new child node in a deterministic fashion. BIP32 considers two types of child nodes, namely non-hardened and hardened nodes, which differ in the security guarantees they provide. While the corruption of a hardened wallet does not affect the security of any other wallet instance in the tree, the corruption of a non-hardened node leads to a breach of the entire scheme. In this work, we address this significant drawback of non-hardened nodes by laying out the design for the first hierarchical deterministic wallet scheme with thresholdized non-hardened nodes. We first provide a game-based notion of threshold signatures with rerandomizable keys and show an instantiation via the Gennaro and Goldfeder threshold ECDSA scheme (CCS'18). We further observe that the derivation of hardened child wallets according to the BIP32 specification does not translate easily to the threshold setting. Therefore, we devise a new and efficient derivation mechanism for hardened wallets in the threshold setting that satisfies the same properties as the original BIP32 derivation mechanism and therefore allows for efficient constructions of BIP32-compatible threshold wallets.

Available format(s)
Cryptographic protocols
Publication info
Cryptographic WalletsBIP32Threshold Signatures
Contact author(s)
poulami das @ cispa de
andreas erwig @ tu-darmstadt de
sebastian faust @ tu-darmstadt de
lossjulian @ gmail com
siavash riahi @ tu-darmstadt de
2023-06-06: last of 2 revisions
2023-03-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Poulami Das and Andreas Erwig and Sebastian Faust and Julian Loss and Siavash Riahi},
      title = {BIP32-Compatible Threshold Wallets},
      howpublished = {Cryptology ePrint Archive, Paper 2023/312},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.