Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks
- 1 Downloads
As the rising popularity of Bitcoin, people tend to use Bitcoin wallets to manage the keys for spending or receiving funds. Instead of generating randomly pairs of keys, which may need higher space complexity for key management, hierarchical deterministic (HD) wallets derive all the keys from a single seed, which is sufficient to recover all the keys, to reduce the complexity of key management. In an HD wallet, it allows users to generate child public keys from the parent public keys without knowing any of the corresponding private keys. This feature allows a permitted auditor to derive all the public keys for auditing. However, this feature makes HD wallets suffered from so-called privilege escalation attacks, where the leakage of any child private key along with its parent public key will expose the other child private keys. To confront with this security flaw, we propose a novel HD wallet scheme that gives out a signature with trapdoor hash functions instead of directly giving private keys for signing. Since it conceals private keys from any child nodes, it can prevent from privilege escalation attacks. Nevertheless, the proposed scheme also provides unlinkability between two public keys to achieve anonymity of user identities and high scalability to the derivations of huge amount of keys. Thus, the proposed scheme achieves user anonymity, public key derivation, and high scalability.
KeywordsBitcoin HD wallets BIP032 Privilege escalation attacks Schnorr signature Trapdoor hash function
This work was supported by Taiwan Information Security Center at National Sun Yat-sen University (TWISC@NSYSU) and the Intelligent Electronic Commerce Research Center from the Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education (MOE) in Taiwan.
This study was funded by the Ministry of Science and Technology of Taiwan (MOST 105-2923-E-110-001-MY3, MOST 107-2218-E-110-014).
Compliance with ethical standards
Conflict of interest
Chun-I Fan, Yi-Fan Tseng, Hui-Po Su, Ruei-Hau Hsu and Hiroaki Kikuchi declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
- 1.Arruda, T.V., Venturini, Y.R., Sakata, T.C.: Performance analysis of parallel modular multiplication algorithms for ECC in mobile devices. Revista de Sistemas de Informação da FSMA 13, 57–67 (2014)Google Scholar
- 2.Axon, L: Privacy-awareness in blockchain-based PKI. CDT Technical Paper Series 21/15 (2015) Google Scholar
- 3.Barcelo, J.: User privacy in the public bitcoin blockchain (2014). http://www.dtic.upf.edu/~jbarcelo/papers/20140704_User_Privacy_in_the_Public_Bitcoin_Blockchain/paper.pdf. Accessed 9 May 2016
- 4.Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Annual International Cryptology Conference, pp. 1–15. Springer (1996)Google Scholar
- 5.Buterin, V.: Deterministic wallets, their advantages and their understated flaws. Bitcoin Magazine (2013). https://bitcoinmagazine.com/articles/deterministic-wallets-advantages-flaw-1385450276
- 6.Courtois, N.T., Emirdag, P., Valsorda, F.: Private key recovery combination attacks: On extreme fragility of popular bitcoin key management, wallet and cold storage solutions in presence of poor RNG events. Cryptology ePrint Archive, Report 2014/848 (2014). https://eprint.iacr.org/2014/848
- 7.Courtois, N., Mercer, R.: Stealth address and key management techniques in blockchain systems. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy, vol. 1, pp. 559–566. ICISSP (2017). ISBN 978-989-758-209-7. https://doi.org/10.5220/0006270005590566
- 8.Dagher, G.G., Bünz, B., Bonneau, J., Clark, J., Boneh, D.: Provisions: privacy-preserving proofs of solvency for bitcoin exchanges. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 720–731 (2015)Google Scholar
- 9.Eskandari, S., Clark, J., Barrera, D., Stobert, E.: A first look at the usability of bitcoin key management. arXiv preprint arXiv:1802.04351 (2018)
- 10.Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J.A., Felten, E.W., Narayanan, A.: Securing bitcoin wallets via a new DSA/ECDSA threshold signature scheme. http://stevengoldfeder.com/papers/threshold_sigs.pdf (2015)
- 12.Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: International Conference on Financial Cryptography and Data Security, pp. 497–504. Springer (2015)Google Scholar
- 13.Kent, S.: Evaluating certification authority security. In: IEEE Aerospace Conference, pp. 319–327 (1998)Google Scholar
- 14.Latinov, L.: MD5, SHA-1, SHA-256 and SHA-512 speed performance. https://automationrhapsody.com/md5-sha-1-sha-256-sha-512-speed-performance/ (2018)
- 15.Levi, A., Caglayan, M.U.: The problem of trusted third party in authentication and digital signature protocols. In: Proceedings of the 12th International Symposium on Computer and Information Sciences (1997)Google Scholar
- 16.Nakamoto S.: Bitcoin: A peer-to-peer electronic cash system. http://bitcoin.org/bitcoin.pdf (2008)
- 17.Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 387–398. Springer (1996)Google Scholar
- 19.Schmidt, R., Möhring, M., Glück, D., Haerting, R., Keller, B., Reichstein, C.: Benefits from using bitcoin: empirical evidence from a European country. Int. J. Serv. Sci. Manag. Eng. Technol. (IJSSMET) 7(4), 48–62 (2016)Google Scholar
- 22.Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Annual International Cryptology Conference, pp. 355–367. Springer (2001)Google Scholar
- 23.Wuille, P.: Hierarchical deterministic wallets. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki (2012)