Skip to main content
Log in

Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript


As the rising popularity of Bitcoin, people tend to use Bitcoin wallets to manage the keys for spending or receiving funds. Instead of generating randomly pairs of keys, which may need higher space complexity for key management, hierarchical deterministic (HD) wallets derive all the keys from a single seed, which is sufficient to recover all the keys, to reduce the complexity of key management. In an HD wallet, it allows users to generate child public keys from the parent public keys without knowing any of the corresponding private keys. This feature allows a permitted auditor to derive all the public keys for auditing. However, this feature makes HD wallets suffered from so-called privilege escalation attacks, where the leakage of any child private key along with its parent public key will expose the other child private keys. To confront with this security flaw, we propose a novel HD wallet scheme that gives out a signature with trapdoor hash functions instead of directly giving private keys for signing. Since it conceals private keys from any child nodes, it can prevent from privilege escalation attacks. Nevertheless, the proposed scheme also provides unlinkability between two public keys to achieve anonymity of user identities and high scalability to the derivations of huge amount of keys. Thus, the proposed scheme achieves user anonymity, public key derivation, and high scalability.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2

Similar content being viewed by others


  1. Arruda, T.V., Venturini, Y.R., Sakata, T.C.: Performance analysis of parallel modular multiplication algorithms for ECC in mobile devices. Revista de Sistemas de Informação da FSMA 13, 57–67 (2014)

    Google Scholar 

  2. Axon, L: Privacy-awareness in blockchain-based PKI. CDT Technical Paper Series 21/15 (2015)

  3. Barcelo, J.: User privacy in the public bitcoin blockchain (2014). Accessed 9 May 2016

  4. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Annual International Cryptology Conference, pp. 1–15. Springer (1996)

  5. Buterin, V.: Deterministic wallets, their advantages and their understated flaws. Bitcoin Magazine (2013).

  6. Courtois, N.T., Emirdag, P., Valsorda, F.: Private key recovery combination attacks: On extreme fragility of popular bitcoin key management, wallet and cold storage solutions in presence of poor RNG events. Cryptology ePrint Archive, Report 2014/848 (2014).

  7. Courtois, N., Mercer, R.: Stealth address and key management techniques in blockchain systems. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy, vol. 1, pp. 559–566. ICISSP (2017). ISBN 978-989-758-209-7.

  8. Dagher, G.G., Bünz, B., Bonneau, J., Clark, J., Boneh, D.: Provisions: privacy-preserving proofs of solvency for bitcoin exchanges. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 720–731 (2015)

  9. Eskandari, S., Clark, J., Barrera, D., Stobert, E.: A first look at the usability of bitcoin key management. arXiv preprint arXiv:1802.04351 (2018)

  10. Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J.A., Felten, E.W., Narayanan, A.: Securing bitcoin wallets via a new DSA/ECDSA threshold signature scheme. (2015)

  11. Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: Böhme, R., Okamoto, T. (eds.) Financial Cryptography and Data Security, pp. 497–504. Springer, Berlin (2015)

    Chapter  Google Scholar 

  12. Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: International Conference on Financial Cryptography and Data Security, pp. 497–504. Springer (2015)

  13. Kent, S.: Evaluating certification authority security. In: IEEE Aerospace Conference, pp. 319–327 (1998)

  14. Latinov, L.: MD5, SHA-1, SHA-256 and SHA-512 speed performance. (2018)

  15. Levi, A., Caglayan, M.U.: The problem of trusted third party in authentication and digital signature protocols. In: Proceedings of the 12th International Symposium on Computer and Information Sciences (1997)

  16. Nakamoto S.: Bitcoin: A peer-to-peer electronic cash system. (2008)

  17. Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 387–398. Springer (1996)

  18. Rezai, A., Keshavarzi, P.: High-throughput modular multiplication and exponentiation algorithms using multibit-scan–multibit-shift technique. IEEE Trans. Very Larg. Scale (VLSI) Integr. Syst. 23(9), 1710–1719 (2015)

    Article  Google Scholar 

  19. Schmidt, R., Möhring, M., Glück, D., Haerting, R., Keller, B., Reichstein, C.: Benefits from using bitcoin: empirical evidence from a European country. Int. J. Serv. Sci. Manag. Eng. Technol. (IJSSMET) 7(4), 48–62 (2016)

    Google Scholar 

  20. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)

    Article  Google Scholar 

  21. Schoenmakers, B.: Security aspects of the ecash\(^{{\rm TM}}\) payment system. In: State of the Art in Applied Cryptography. Lecture Notes in Computer Science, vol. 1528. Springer, Berlin, Heidelberg (1998)

  22. Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Annual International Cryptology Conference, pp. 355–367. Springer (2001)

  23. Wuille, P.: Hierarchical deterministic wallets. (2012)

Download references


This work was supported by Taiwan Information Security Center at National Sun Yat-sen University (TWISC@NSYSU) and the Intelligent Electronic Commerce Research Center from the Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education (MOE) in Taiwan.


This study was funded by the Ministry of Science and Technology of Taiwan (MOST 105-2923-E-110-001-MY3, MOST 107-2218-E-110-014).

Author information

Authors and Affiliations


Corresponding author

Correspondence to Chun-I Fan.

Ethics declarations

Conflict of interest

Chun-I Fan, Yi-Fan Tseng, Hui-Po Su, Ruei-Hau Hsu and Hiroaki Kikuchi declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fan, CI., Tseng, YF., Su, HP. et al. Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks. Int. J. Inf. Secur. 19, 245–255 (2020).

Download citation

  • Published:

  • Issue Date:

  • DOI: