26 research outputs found
Arcula: A Secure Hierarchical Deterministic Wallet for Multi-asset Blockchains
This work presents Arcula, a new design for hierarchical deterministic
wallets that brings identity-based addresses to the blockchain. Arcula is built
on top of provably secure cryptographic primitives. It generates all its
cryptographic secrets from a user-provided seed and enables the derivation of
new public keys based on the identities of users, without requiring any secret
information. Unlike other wallets, it achieves all these properties while being
secure against privilege escalation. We formalize the security model of
hierarchical deterministic wallets and prove that an attacker compromising an
arbitrary number of users within an Arcula wallet cannot escalate his
privileges and compromise users higher in the access hierarchy. Our design
works out-of-the-box with any blockchain that enables the verification of
signatures on arbitrary messages. We evaluate its usage in a real-world
scenario on the Bitcoin Cash network
Stealth address and key management techniques in blockchain systems
Bitcoin is an open source payment system with a market capitalization of about 15 G$. During the years several key management solutions have been proposed to enhance bitcoin. The common characteristic of these techniques is that they allow to derive public keys independently of the private keys, and that these keys match. In this paper we overview the historical development of such techniques, specify and compare all major variants proposed or used in practical systems. We show that such techniques can be designed based on 2 distinct ECC arithmetic properties and how to combine both. A major trend in blockchain systems is to use by Stealth Address (SA) techniques to make different payments made to the same payee unlikable. We review all known SA techniques and show that early variants are less secure. Finally we propose a new SA method which is more robust against leakage and against various attacks
A Two-Party Hierarchical Deterministic Wallets in Practice
The applications of Hierarchical Deterministic Wallet are rapidly growing in various areas such as cryptocurrency exchanges and hardware wallets. Improving privacy and security is more important than ever. In this study, we proposed a protocol that fully support a two-party computation of BIP32. Our protocol, similar to the distributed key generation, can generate each party’s secret share, the common chain-code, and the public key without revealing a seed and any descendant private keys. We also provided a simulation-based proof of our protocol assuming a rushing, static, and malicious adversary in the hybrid model. Our master key generation protocol produces up to total of two bit leakages from a honest party given the feature that the seeds will be re-selected after each execution. The proposed hardened child key derivation protocol leads up to a one bit leakage in the worst situation of simulation from a honest party and will be accumulated with each execution. Fortunately, in reality, this issue can be largely mitigated by adding some validation criteria of boolean circuits and masking the input shares before each execution. We then implemented the proposed protocol and ran in a single thread on a laptop which turned out with practically acceptable execution time. Lastly, the outputs of our protocol can be easily integrated with many threshold sign protocols
CryptoWills: How to Bequeath Cryptoassets
In this paper, we put forth the problem of bequeathing cryptoassets. In this problem, a testator wishes to bequeath cryptoassets - e.g. secrets, static keys or cryptocurrency - to their heirs. Crucially, the testator should retain control of their assets before their passing. Additionally testator needs to maintain privacy, i.e. beneficiaries must not learn the bequest, moreover, beneficiaries must not be able to determine whether they will inherit at all before testator\u27s decease. We formally define the security goals of a cryptographic will (cryptowill) protocol and subsequently present schemes fulfilling the required security properties
Blockchain Stealth Address Schemes
In a blockchain system, address is an essential primitive which is used in transaction. The , which has an underlying address info of two public keys ( ), was developed by Monero blockchain in 2013, in which a one-time public key is used as the transaction destination, to protect the recipient privacy. At almost same time, scheme was proposed as for Bitcoin, which makes it possible to share an () between sender and receiver, where is a public key and is a 256-bits chain code, and only receiver knows the corresponding private key of this . With the scheme, the sender may derive the child public key with the child number by him/herself, without needing to request a new address for each payment from the receiver, make each transaction have a different destination key for privacy. This paper introduces an improved stealth address scheme which has an underlying address data of , where is a child number and . The sender gets the receiver’s address info , generates a random secret number and calculate a Pedersen commitment where , then the sender may use this commitment or as the destination key for the output and packs the somewhere into the transaction. This improved stealth address scheme makes it possible to manage multiple stealth addresses in one wallet, therefore the user is able to share different addresses for different senders
Account Management in Proof of Stake Ledgers
Blockchain protocols based on Proof-of-Stake (PoS) depend — by nature — on the active participation of stakeholders. If users are offline and abstain from the PoS consensus mechanism, the system’s security is at risk, so it is imperative to explore ways to both maximize the level of participation and minimize the effects of non-participation. One such option is stake representation, such that users can delegate their participation rights and, in the process, form stake pools . The core idea is that stake pool operators always participate on behalf of regular users, while the users retain the ownership of their assets. Our work provides a formal PoS wallet construction that enables delegation and stake pool formation. While investigating the construction of addresses in this setting, we distil and explore address malleability, a security property that captures the ability of an attacker to manipulate the delegation information associated with an address. Our analysis consists of identifying multiple levels of malleability, which are taken into account in our paper’s core result. We then introduce the first ideal functionality of a PoS wallet’s core which captures the PoS wallet’s capabilities and is realized as a secure protocol based on standard cryptographic primitives. Finally, we cover how to use the wallet core in conjunction with a PoS ledger, as well as investigate how delegation and stake pools affect a PoS system’s security
Evolving Bitcoin Custody
The broad topic of this thesis is the design and analysis of Bitcoin custody
systems. Both the technology and threat landscape are evolving constantly.
Therefore, custody systems, defence strategies, and risk models should be
adaptive too.
We introduce Bitcoin custody by describing the different types, design
principles, phases and functions of custody systems. We review the technology
stack of these systems and focus on the fundamentals; key-management and
privacy. We present a perspective we call the systems view. It is an attempt to
capture the full complexity of a custody system, including technology, people,
and processes. We review existing custody systems and standards.
We explore Bitcoin covenants. This is a mechanism to enforce constraints on
transaction sequences. Although previous work has proposed how to construct and
apply Bitcoin covenants, these require modifying the consensus rules of
Bitcoin, a notoriously difficult task. We introduce the first detailed
exposition and security analysis of a deleted-key covenant protocol, which is
compatible with current consensus rules. We demonstrate a range of security
models for deleted-key covenants which seem practical, in particular, when
applied in autonomous (user-controlled) custody systems. We conclude with a
comparative analysis with previous proposals.
Covenants are often proclaimed to be an important primitive for custody
systems, but no complete design has been proposed to validate that claim. To
address this, we propose an autonomous custody system called Ajolote which uses
deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a
model of its state dynamics, a privacy analysis, and a risk model. We propose a
threat model for custody systems which captures a realistic attacker for a
system with offline devices and user-verification. We perform ceremony analysis
to construct the risk model.Comment: PhD thesi
Möbius: Trustless Tumbling for Transaction Privacy
Cryptocurrencies allow users to securely transfer money without relying on a trusted intermediary, and the transparency of their underlying ledgers also enables public verifiability. This openness, however, comes at a cost to privacy, as even though the pseudonyms users go by are not linked to their real-world identities, all movement of money among these pseudonyms is traceable. In this paper, we present Möbius, an Ethereum-based tumbler or mixing service. Möbius achieves strong notions of anonymity, as even malicious senders cannot identify which pseudonyms belong to the recipients to whom they sent money, and is able to resist denial-of-service attacks. It also achieves a much lower off-chain communication complexity than all existing tumblers, with senders and recipients needing to send only two initial messages in order to engage in an arbitrary number of transactions