(PDF) Weighted threshold ECDSA for securing bitcoin wallet

A Formal Treatment of Hardware Wallets

Cryptology ePrint Archive: Report 2019/034
Date: 2019-01-14
Author(s): Myrto Arapinis, Andriana Gkaniatsou, Dimitris Karakostas, Aggelos Kiayias

Link to Paper


Abstract
Bitcoin, being the most successful cryptocurrency, has been repeatedly attacked with many users losing their funds. The industry's response to securing the user's assets is to offer tamper-resistant hardware wallets. Although such wallets are considered to be the most secure means for managing an account, no formal attempt has been previously done to identify, model and formally verify their properties. This paper provides the first formal model of the Bitcoin hardware wallet operations. We identify the properties and security parameters of a Bitcoin wallet and formally define them in the Universal Composition (UC) Framework. We present a modular treatment of a hardware wallet ecosystem, by realizing the wallet functionality in a hybrid setting defined by a set of protocols. This approach allows us to capture in detail the wallet's components, their interaction and the potential threats. We deduce the wallet's security by proving that it is secure under common cryptographic assumptions, provided that there is no deviation in the protocol execution. Finally, we define the attacks that are successful under a protocol deviation, and analyze the security of commercially available wallets.

References
  1. KeepKey. https://keepkey.com/ (2018), [Online; accessed 1-Sep-2018]
  2. Ledger Receive Attack. https://www.docdroid.net/Jug5LX3/ledger-receive-address-attack.pdf (2018), [Online; accessed 19-Sep-2018]
  3. Trezor. https://trezor.io/ (2018), [Online; accessed 1-Sep-2018]
  4. Alois, J.: Ethereum parity hack may impact eth 500.000 or 146 million (2017)
  5. Atzei, N., Bartoletti, M., Lande, S., Zunino, R.: A formal model of bitcoin transactions. Financial Cryptography and Data Security. LNCS, Springer (2018)
  6. Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: A composable treatment. pp. 324–356 (2017)
  7. Bamert, T., Decker, C., Wattenhofer, R., Welten, S.: Bluewallet: The secure bitcoin wallet. In: International Workshop on Security and Trust Management. pp. 65–80. Springer (2014)
  8. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In: Security and Privacy (SP), 2015 IEEE Symposium on. pp. 104–121. IEEE (2015)
  9. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. pp. 136–145 (2001)
  10. Canetti, R.: Universally composable signatures, certification and authentication. Cryptology ePrint Archive, Report 2003/239 (2003), http://eprint.iacr.org/2003/239
  11. Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. Cryptology ePrint Archive, Report 2002/059 (2002), http://eprint.iacr.org/2002/059
  12. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: Analysis and applications. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 281–310. Springer (2015)
  13. Gentilal, M., Martins, P., Sousa, L.: Trustzone-backed bitcoin wallet. In: Proceedings of the Fourth Workshop on Cryptography and Security in Computing Systems. pp. 25–28. ACM (2017)
  14. Gkaniatsou, A., Arapinis, M., Kiayias, A.: Low-level attacks in bitcoin wallets. In: International Conference on Information Security. pp. 233–253. Springer (2017)
  15. Heilman, E., Kendler, A., Zohar, A.: Eclipse attacks on bitcoin’s peer-to-peer network.
  16. Hsiao, H.C., Lin, Y.H., Studer, A., Studer, C., Wang, K.H., Kikuchi, H., Perrig, A., Sun, H.M., Yang, B.Y.: A study of user-friendly hash comparison schemes. In: Computer Security Applications Conference, 2009. ACSAC’09. Annual. pp. 105–114. IEEE (2009)
  17. Huang, D.Y., Dharmdasani, H., Meiklejohn, S., Dave, V., Grier, C., McCoy, D., Savage, S., Weaver, N., Snoeren, A.C., Levchenko, K.: Botcoin: Monetizing stolen cycles. In: NDSS. Citeseer (2014)
  18. Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ecdsa). International journal of information security 1(1), 36–63 (2001)
  19. Lim, I.K., Kim, Y.H., Lee, J.G., Lee, J.P., Nam-Gung, H., Lee, J.K.: The analysis and countermeasures on security breach of bitcoin. In: International Conference on Computational Science and Its Applications. pp. 720–732. Springer (2014)
  20. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)
  21. Parker, L.: Bitcoin stealing malware evolves again. https://bravenewcoin.com/news/bitcoin-stealing-malware-evolves-again/ (2016), [Online; accessed 1-Sep-2018]
  22. Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 643–673. Springer (2017)
  23. Penard, W., van Werkhoven, T.: On the secure hash algorithm family. Cryptography in Context pp. 1–18 (2008)
  24. Tan, J., Bauer, L., Bonneau, J., Cranor, L.F., Thomas, J., Ur, B.: Can unicorns help users compare crypto key fingerprints? In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. pp. 3787–3798. ACM (2017)
  25. Uzun, E., Karvonen, K., Asokan, N.: Usability analysis of secure pairing methods. In: International Conference on Financial Cryptography and Data Security. pp. 307–324. Springer (2007)
  26. Vasek, M., Bonneau, J., Ryan Castellucci, C.K., Moore, T.: The bitcoin brain drain: a short paper on the use and abuse of bitcoin brain wallets. Financial Cryptography and Data Security, Lecture Notes in Computer Science. Springer (2016)
  27. Volotikin, S.: Software attacks on hardware wallets. Black Hat USA 2018 (2018)
  28. Wuille, P.: Hierarchical Deterministic Wallets. https://en.bitcoin.it/wiki/BIP_0032 (2018), [Online; accessed 1-Sep-2018]
submitted by dj-gutz to myrXiv [link] [comments]

Bitcoin Millionaire Mindset & Investing Advice Java Video 3 Methods with Parameters Is Bitcoin in a Super Bubble? LTE-A SON for Femtocells How to use tradingview professionally? Part 1 (Zero To Hero #50) by D K Sinha #TechnicalAnalysis

Currently Bitcoin uses secp256k1 with the ECDSA algorithm, though the same curve with the same public/private keys can be used in some other algorithms such as Schnorr. secp256k1 was almost never used before Bitcoin became popular, but it is now gaining in popularity due to its several nice properties. Bitcoin uses the ECDSA algorithm to produce the above-mentioned keys. The purpose of our work is to present some useful motifs for the domain parameters of base point (P) and the order (n) of the subgroup produced by it, while choosing the elliptic curve and the Galois field on which we formulate the algorithm, in order to obtain safer private ... Secp256k1 refers to ECDSA parameters of the curve used in Bitcoin and is defined in Standards for Efficiency Cryptography (SEC) [6]. Secp256k1 has almost never been used before Bitcoin became popular, Python ECDSA has deployed RFC 6979 instead of generating a random number since September 9, 2013 6 Bitcoin Knots is a derivative of Bitcoin Core, which also generates the number k with nonce_function_rfc6979(). 7 Bitcoinjs-lib, a pure JavaScript Bitcoin library for node.js and browsers, also has deployed RFC 6979 by deterministicGenerateK ... The Bitcoin system’s signature algorithm is based on elliptic curves , and their scheme is to prevent double-spending attacks through ECDSA signature vulnerabilities . That is, if the signature uses the same random number twice, the private key of the signature will be exposed.

[index] [32266] [9113] [8070] [14044] [1175] [30893] [33095] [1574] [32247] [16973]

Bitcoin Millionaire Mindset & Investing Advice

Bitcoin millionaire Simon Dixon on mindset and investing advice when it comes to bitcoin and cryptocurrencies. Simon Dixon is the CEO & co-founder of online investment platform Bank To The Future ... Double Hack: Bitcoin Bandits Take Over Twitter While Russia Spies On Covid Vaccine Researchers - Duration: 12:31. The Late Show with Stephen Colbert 1,338,014 views. New Live Bitcoin Trading With Crypto Trading Robot DeriBot on Deribit DeriBot Backup 965 watching Live now How to backtest your trading strategy even if you don't know coding - Duration: 10:32. Bitcoin Volume Signal? Yesterday's Swing Trading Setups Reviewed - BTCUSD + Crypto ... Trade Journal Recap 2018-04-26 by Easycators. 10:49. ... How to Customize the ThinkOrSwim PreMarket Gap ... APA Style 7th Edition: Reference Lists (Journal Articles, Books, Reports, Theses, Websites, more!) - Duration: 23:48. Samuel Forlenza, PhD Recommended for you

#