A Formal Treatment of Hardware Wallets

Bitcoin, being the most successful cryptocurrency, has been repeatedly attacked with many users losing their funds. The industry’s response to securing the user’s assets is to offer tamper-resistant hardware wallets. Although such wallets are considered to be the most secure means for managing an account, no formal attempt has been previously done to identify, model and formally verify their properties. This paper provides the first formal model of the Bitcoin hardware wallet operations. We identify the properties and security parameters of a Bitcoin wallet and formally define them in the Universal Composition (UC) Framework. We present a modular treatment of a hardware wallet ecosystem, by realizing the wallet functionality in a hybrid setting defined by a set of protocols. This approach allows us to capture in detail the wallet’s components, their interaction and the potential threats. We deduce the wallet’s security by proving that it is secure under common cryptographic assumptions, provided that there is no deviation in the protocol execution. Finally, we define the attacks that are successful under a protocol deviation, and analyze the security of commercially available wallets.

[1]  Hung-Min Sun,et al.  A Study of User-Friendly Hash Comparison Schemes , 2009, 2009 Annual Computer Security Applications Conference.

[2]  Aggelos Kiayias,et al.  Low-Level Attacks in Bitcoin Wallets , 2017, ISC.

[3]  Massimo Bartoletti,et al.  A formal model of Bitcoin transactions , 2018, IACR Cryptol. ePrint Arch..

[4]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[5]  Tyler Moore,et al.  The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets , 2016, Financial Cryptography.

[6]  Jae-Kwang Lee,et al.  The Analysis and Countermeasures on Security Breach of Bitcoin , 2014, ICCSA.

[7]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[8]  Juan Pablo Hourcade,et al.  Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems , 2017, CHI.

[9]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[10]  Paulo Martins,et al.  TrustZone-backed bitcoin wallet , 2017, CS2@HiPEAC.

[11]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[12]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[13]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[14]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[15]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[16]  Ersin Uzun,et al.  Usability Analysis of Secure Pairing Methods , 2007, Financial Cryptography.

[17]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[18]  Joseph Bonneau,et al.  The Bitcoin Brain Drain : A Short Paper on the Use and Abuse of Bitcoin Brain Wallets , 2016 .

[19]  Blase Ur,et al.  Can Unicorns Help Users Compare Crypto Key Fingerprints? , 2017, CHI.

[20]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[21]  Stefan Savage,et al.  Botcoin: Monetizing Stolen Cycles , 2014, NDSS.

[22]  Christian Decker,et al.  BlueWallet: The Secure Bitcoin Wallet , 2014, STM.