Skip to main content
SpringerLink
Log in

Hierarchical Deterministic Bitcoin Wallets that Tolerate Key Leakage

  • Conference paper
  • First Online:
Book cover Financial Cryptography and Data Security (FC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8975))

Included in the following conference series:

Abstract

A Bitcoin wallet is a set of private keys known to a user and which allow that user to spend any Bitcoin associated with those keys. In a hierarchical deterministic (HD) wallet, child private keys are generated pseudorandomly from a master private key, and the corresponding child public keys can be generated by anyone with knowledge of the master public key. These wallets have several interesting applications including Internet retail, trustless audit, and a treasurer allocating funds among departments. A specification of HD wallets has even been accepted as Bitcoin standard BIP32.

Unfortunately, in all existing HD wallets—including BIP32 wallets—an attacker can easily recover the master private key given the master public key and any child private key. This vulnerability precludes use cases such as a combined treasurer-auditor, and some in the Bitcoin community have suspected that this vulnerability cannot be avoided.

We propose a new HD wallet that is not subject to this vulnerability. Our HD wallet can tolerate the leakage of up to m private keys with a master public key size of O(m). We prove that breaking our HD wallet is at least as hard as the so-called “one more” discrete logarithm problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Electrum lightweight Bitcoin wallet, November 2011. https://electrum.org/

  2. Moneytree (2013). https://github.com/BitVault/money-tree, https://bitcointalk.org/index.php?topic=296139

  3. Coinkite (2014). https://coinkite.com

  4. Bellare, M., Palacio, A.: GQ and Schnorr identification schemes: proofs of security against impersonation under active and concurrent attacks. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 162–177. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Buterin, V.: Deterministic wallets, their advantages and their understated flaws. Bitcoin Magazine, November 2013. http://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/

  6. Certicom Research: SEC 2: Recommended Elliptic Curve Domain Parameters, v2.0 (2000). http://www.secg.org/

  7. Koblitz, N., Menezes, A.: Another look at non-standard discrete log and Diffie-Hellman problems. J. Math. Cryptology 2(4), 311–326 (2008)

    Article  MathSciNet  Google Scholar 

  8. Koblitz, N., Menezes, A.: Intractable problems in cryptography. In: Proceedings of the 9th Conference on Finite Fields and Their Applications, vol. 518, pp. 279–300. Contemporary Mathematics (2010)

    Google Scholar 

  9. Maxwell, G.: Deterministic wallets, June 2011. https://bitcointalk.org/index.php?topic=19137

  10. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf

  11. National Institute of Standards and Technology: FIPS-186-4: Digital Signature Standard (DSS), July 2013. http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

  12. Wuille, P.: BIP32: Hierarchical Deterministic Wallets, February 2012. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

Download references

Acknowledgements

Research at the Perimeter Institute is supported by the Government of Canada through Industry Canada and by the Province of Ontario through the Ministry of Research and Innovation. GG also acknowledges support from CryptoWorks21. DS is supported by Australian Research Council (ARC) Discovery Project DP130104304.

Author information

Authors and Affiliations

  1. Perimeter Institute for Theoretical Physics, Waterloo, Ontario, Canada

    Gus Gutoski

  2. School of Electrical Engineering and Computer Science and School of Mathematical Sciences, Queensland University of Technology, Brisbane, Queensland, Australia

    Douglas Stebila

Authors
  1. Gus Gutoski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Douglas Stebila .

Editor information

Editors and Affiliations

  1. University of Innsbruck, Innsbruck, Austria

    Rainer Böhme

  2. NTT Laboratories, Tokyo, Japan

    Tatsuaki Okamoto

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gutoski, G., Stebila, D. (2015). Hierarchical Deterministic Bitcoin Wallets that Tolerate Key Leakage. In: Böhme, R., Okamoto, T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47854-7_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-47854-7_31

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-47853-0

  • Online ISBN: 978-3-662-47854-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation