This work presents Arcula, a new design for hierarchical deterministic
wallets that brings identity-based addresses to the blockchain. Arcula is built
on top of provably secure cryptographic primitives. It generates all its
cryptographic secrets from a user-provided seed and enables the derivation of
new public keys based on the identities of users, without requiring any secret
information. Unlike other wallets, it achieves all these properties while being
secure against privilege escalation. We formalize the security model of
hierarchical deterministic wallets and prove that an attacker compromising an
arbitrary number of users within an Arcula wallet cannot escalate his
privileges and compromise users higher in the access hierarchy. Our design
works out-of-the-box with any blockchain that enables the verification of
signatures on arbitrary messages. We evaluate its usage in a real-world
scenario on the Bitcoin Cash network