Secure Hierarchical Bitcoin Wallet Scheme Against Privilege Escalation Attacks

• Published in: 2018 IEEE Conference on Dependable and Secure Computing (DSC) pp. 1 - 8
• Main Authors: Fan, Chun-I, Tseng, Yi-Fan, Su, Hui-Po, Hsu, Ruei-Hau, Kikuchi, Hiroaki
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2018
• Subjects: BIP032; Bitcoin; Elliptic curve cryptography; Hash functions; HD wallets; Indexes; Message authentication; Privilege escalation attacks; Schnorr signature; Trapdoor hash function
• DOI: 10.1109/DESEC.2018.8625151

As the rising popularity of Bitcoin, people tend to use Bitcoin wallets to managing the keys for spending or receiving funds. Instead of generating pairs of keys randomly which are hard to be stored, hierarchical deterministic (HD) wallets derive all the keys from a single seed, thus storing that seed is sufficient to recover keys. In an HD wallet, it allows users to generate child public keys from parent public keys without knowledge of any private key. A suitable case for this feature is that an auditor is permitted to derive all the public keys for auditing, However, this impressive feature makes HD wallets suffered from so-called privilege escalation attacks that the leakage of any one of child private key along with its parent public key will cause the exposure of the other child private keys. To confront with this severe problem, we propose a novel HD wallet scheme that gives out a signature with trapdoor hash functions instead of directly giving anyone private keys for signing. Since it conceals private keys from any child nodes, it can prevent from privilege escalation attacks. Nevertheless, the proposed scheme also provides unlinkability between two public keys in order to achieve anonymity of user identity and high scalability to the derivations of keys. Thus, the proposed scheme achieves user anonymity, public key derivation and high scalability.