Papers
Topics
Authors
Recent
Search
2000 character limit reached

Evolving Bitcoin Custody

Published 18 Oct 2023 in cs.CR | (2310.11911v1)

Abstract: The broad topic of this thesis is the design and analysis of Bitcoin custody systems. Both the technology and threat landscape are evolving constantly. Therefore, custody systems, defence strategies, and risk models should be adaptive too. We introduce Bitcoin custody by describing the different types, design principles, phases and functions of custody systems. We review the technology stack of these systems and focus on the fundamentals; key-management and privacy. We present a perspective we call the systems view. It is an attempt to capture the full complexity of a custody system, including technology, people, and processes. We review existing custody systems and standards. We explore Bitcoin covenants. This is a mechanism to enforce constraints on transaction sequences. Although previous work has proposed how to construct and apply Bitcoin covenants, these require modifying the consensus rules of Bitcoin, a notoriously difficult task. We introduce the first detailed exposition and security analysis of a deleted-key covenant protocol, which is compatible with current consensus rules. We demonstrate a range of security models for deleted-key covenants which seem practical, in particular, when applied in autonomous (user-controlled) custody systems. We conclude with a comparative analysis with previous proposals. Covenants are often proclaimed to be an important primitive for custody systems, but no complete design has been proposed to validate that claim. To address this, we propose an autonomous custody system called Ajolote which uses deleted-key covenants to enforce a vault sequence. We evaluate Ajolote with; a model of its state dynamics, a privacy analysis, and a risk model. We propose a threat model for custody systems which captures a realistic attacker for a system with offline devices and user-verification. We perform ceremony analysis to construct the risk model.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (295)
  1. Bitcoin contracting primitives working group. https://github.com/ariard/bitcoin-contracting-primitives-wg.
  2. Blockchain Commons. https://github.com/BlockchainCommons.
  3. Blockchain Commons: Gordian Seed Tool. https://github.com/BlockchainCommons/GordianSeedTool-iOS.
  4. CryptoCurrency Security Standard. https://cryptoconsortium.notion.site/CryptoCurrency-Security-Standard-e372d9cad52f4615aa3ad0c47c24ea21.
  5. Foundation Devices, Inc.: Foundation Passport. https://foundationdevices.com/passport/.
  6. Google: Use Google Play Protect to help keep your apps safe and your data private. https://support.google.com/googleplay/answer/2812853?hl=en-GB#zippy=%2Chow-malware-protection-works%2Chow-google-resets-permissions-for-unused-apps.
  7. Hardware wallet. https://en.bitcoin.it/wiki/Hardware_wallet#Commercial_hardware_wallets_.28ordered_chronologically.29.
  8. Miniscript. https://bitcoin.sipa.be/miniscript/.
  9. Nunchuck. https://nunchuk.io/about-us/.
  10. Output Script Descriptors: a language for abstracting out the spending conditions of a Bitcoin transaction output. https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md.
  11. Package Relay design questions for the Bitcoin P2P network. https://github.com/bitcoin/bitcoin/issues/14895.
  12. Practical Revault. https://github.com/revault/practical-revault.
  13. Revault. https://github.com/revault/.
  14. Rusty’s Remarkably Unreliable Guide To Bitcoin Storage: 2018 Edition. https://github.com/rustyrussell/bitcoin-storage-guide.
  15. Script. https://en.bitcoin.it/wiki/Script.
  16. Sparrow wallet. https://sparrowwallet.com/.
  17. Wasabi. https://docs.wasabiwallet.io/using-wasabi/.
  18. YetiCold.com Bitcoin Storage. https://github.com/JWWeatherman/yeticold/blob/master/README.md.
  19. Microsoft Corporation: Security Design by Threat Modeling, 2005. https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee810542(v=cs.20).
  20. Certicom Research: SEC 2: Recommended Elliptic Curve Domain Parameters, 2010. http://www.secg.org/sec2-v2.pdf.
  21. Telecommunication Standardization Sector of ITU: Message Sequence Chart (MSC). 2011. https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-Z.120-201102-I!!PDF-E&type=items.
  22. National institute of standards and technology: Digital signature standard (dss). FIPS PUB 186-4 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION, 2013. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdfhttps://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.
  23. National Institute of Standards and Technology: FIPS 180-4: Secure Hash Standard (SHS), 2015. https://csrc.nist.gov/publications/detail/fips/180/4/final.
  24. Bip39-diceware, 2017. https://github.com/taelfrinn/Bip39-diceware.
  25. Common Criteria Development Board: Common Criteria for Information Technology Security Evaluation Part 1, 2017. https://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdf.
  26. Glacier Design Document, 2017. https://glacierprotocol.org/assets/design-doc-v0.9-beta.pdf.
  27. How does Blockstream Green’s multisig security work?, 2017. https://help.blockstream.com/hc/en-us/articles/900001391763-How-does-Blockstream-Green-s-multisig-security-work-.
  28. Multisig Wallets, 2017. https://electrum.readthedocs.io/en/latest/multisig.html.
  29. https://blog.samouraiwallet.com/post/173544815052/full-bech32-support-introducing-boltzmann-and.
  30. National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, 2018. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
  31. Square, Inc.: Subzero: HSM-backed Bitcoin Cold Storage. 2018. https://subzero.readthedocs.io/en/master/.
  32. Capital Markets and Technology Association: Digital Assets Custody Standard. 2020. https://www.cmta.ch/content/272/cmta-digital-assets-custody-standard-v1-public-consultation.pdf.
  33. Casa: Wealth Security Protocol. 2020. https://docs.keys.casa/wealth-security-protocol/.
  34. Generating Device Seeds Using Dice, 2020. https://medium.com/coinmonks/generating-device-seeds-using-dice-894082d43aea.
  35. Shift Crypto AG: BitBox02 threat model, 2020. https://shiftcrypto.ch/bitbox02/threat-model/.
  36. Enno Wallet Threat Model for Mobile Apps, 2021. https://github.com/Enno-Wallet-Enno-Cash/security-public/tree/main/threat-model.
  37. Apple: App security overview, 2022. https://support.apple.com/en-gb/guide/security/sec35dd877d0/1/web/1.
  38. Bip39 Offline Mnemonic Generator, 2022. https://github.com/veebch/Bip39-Dice.
  39. Center for Internet Security: The 18 CIS Critical Security Controls, 2022. https://www.cisecurity.org/controls/cis-controls-list.
  40. Coinkite Inc.: HSM Security Notes, 2022. https://coldcard.com/docs/hsm/security.
  41. Ledger Donjon: Threat Model, 2022. https://donjon.ledger.com/threat-model/#security-mechanisms.
  42. SatoshiLabs: Common security threats, 2022. https://trezor.io/learn/a/common-security-threats.
  43. Unfixable Seed Extraction on Trezor - A practical and reliable attack, 2019. https://blog.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/.
  44. Low-Bandwidth Threshold ECDSA via Pseudorandom Correlation Generators. Cryptology ePrint Archive, Paper 2021/1587, 2021. https://eprint.iacr.org/2021/1587.
  45. L. Abrams. Criminals are mailing altered Ledger devices to steal cryptocurrency, 2021. https://www.bleepingcomputer.com/news/cryptocurrency/criminals-are-mailing-altered-ledger-devices-to-steal-cryptocurrency/.
  46. Distributed Public Key Schemes Secure Against Continual Leakage. In Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing, PODC ’12, pages 155–164. ACM, 2012.
  47. The economics of digital currencies. 2014. https://www.bankofengland.co.uk/-/media/boe/files/quarterly-bulletin/2014/the-economics-of-digital-currencies.
  48. C. Allen and S. Appelcline. Cold Storage Self-Custody Scenario. 2019. https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/manuscript/02-scenario.md.
  49. C. Allen and S. Appelcline. Smart Custody Book, 2019. https://github.com/BlockchainCommons/SmartCustodyBook/blob/master/manuscript/.
  50. C. Allen and S. Appelcline. Multisig Self-Custody Scenario. 2022. https://github.com/BlockchainCommons/SmartCustody/blob/master/Docs/Scenario-Multisig.md.
  51. E. G. Amoroso. Fundamentals of Computer Security Technology. Prentice-Hall, Inc., 1994.
  52. R. J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Publishing, 2nd edition, 2008.
  53. G. Andresen. Address Format for pay-to-script-hash, 2011. https://github.com/bitcoin/bips/blob/master/bip-0013.mediawiki.
  54. G. Andresen. Pay to Script Hash, 2012. https://github.com/bitcoin/bips/blob/master/bip-0016.mediawiki.
  55. A. M. Antonopoulos. Mastering Bitcoin: Unlocking Digital Crypto-Currencies. O’Reilly Media, Inc., 1st edition, 2014.
  56. A Formal Treatment of Hardware Wallets. Financial Cryptography and Data Security, pages 426–445, 2019.
  57. Is it possible to verify if a transaction is spendable? Frontiers in Blockchain, 4, 2021.
  58. I2P - The Invisible Internet Project. http://mediatechnology.leiden.edu/images/uploads/docs/wt2015_i2p.pdf.
  59. K. Atlas. Best Practices for Heterogeneous Input Script Transactions, 2016. https://github.com/bitcoin/bips/blob/master/bip-0126.mediawiki.
  60. Care, Custody, & Control (CCC): Identification, quantification, and mitigation of cryptocurrency custodial risk. 2020. https://www.paulmcateer.com/wp-content/uploads/2021/01/CCC_Pub_Version.pdf.
  61. J.-P. Aumasson and O. Shlomovits. Attacking threshold wallets. Cryptology ePrint Archive, Paper 2020/1052, 2020. https://eprint.iacr.org/2020/1052.
  62. A. Back. Hashcash - A Denial of Service Counter-Measure. 2002. http://www.hashcash.org/papers/hashcash.pdf.
  63. Enabling Blockchain Innovations with Pegged Sidechains, 2014. https://blockstream.com/sidechains.pdf.
  64. But Why Does It Work? A Rational Protocol Design Treatment of Bitcoin. In J. B. Nielsen and V. Rijmen, editors, Advances in Cryptology – EUROCRYPT 2018, pages 34–65. Springer International Publishing, 2018.
  65. Bitcoin as a transaction ledger: A composable treatment. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10401 LNCS(Crypto 2017):324–356, 2017.
  66. Lockmix: a secure and privacy-preserving mix service for bitcoin anonymity. International Journal of Information Security, 19, 2020.
  67. Bitcoin covenants unchained. Leveraging Applications of Formal Methods, Verification and Validation: Applications, 2020.
  68. Computationally sound bitcoin tokens. 2021 IEEE 34th Computer Security Foundations Symposium (CSF), 2021.
  69. M. Bartoletti and R. Zunino. BitML: A Calculus for Bitcoin Smart Contracts. Cryptology ePrint Archive, Paper 2018/122, 2018. https://eprint.iacr.org/2018/122.
  70. M. Bartoletti and R. Zunino. Formal models of bitcoin contracts: A survey. Frontiers in Blockchain, 2019.
  71. Threshold ECDSA with an Offline Recovery Party. Mediterranean Journal of Mathematics, 2020.
  72. G. Bella. Formal Correctness of Security Protocols. 2007.
  73. A. Berentsen and F. Schar. The Case for Central Bank Electronic Money and the Non-case for Central Bank Cryptocurrencies. Federal Reserve Bank of St. Louis Review, Second Quarter 2018, pages 97–106, 2018.
  74. Deanonymisation of clients in Bitcoin P2P network. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, abs/1405.7418, 2014. http://arxiv.org/abs/1405.7418.
  75. A. Biryukov and I. Pustogarov. Bitcoin over Tor isn’t a good idea. CoRR, abs/1410.6079, 2014. http://arxiv.org/abs/1410.6079.
  76. B. Bishop. On-chain vaults prototype, 2020. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-April/017755.html.
  77. Blockchain Commons. Uniform Resources (UR): An Introduction, 2021. https://github.com/BlockchainCommons/crypto-commons/blob/master/Docs/ur-1-overview.md.
  78. Using Level-1 Homomorphic Encryption to Improve Threshold DSA Signatures for Bitcoin Wallet Security. Progress in Cryptology – LATINCRYPT 2017, 2019.
  79. Mixcoin: Anonymity for bitcoin with accountable mixes. Cryptology ePrint Archive, Paper 2014/077, 2014. https://eprint.iacr.org/2014/077.
  80. CHECKSEQUENCEVERIFY, 2015. https://github.com/bitcoin/bips/blob/master/bip-0112.mediawiki.
  81. Y. Bulut and I. Sertkaya. Security problem definition and security objectives of cryptocurrency wallets in common criteria. Bilişim Teknolojileri Dergisi, 13(2):157 – 165, 2020.
  82. V. Buterin. Deterministic Wallets, Their Advantages and their Understated Flaws, 2013. https://bitcoinmagazine.com/technical/deterministic-wallets-advantages-flaw-1385450276.
  83. Exposure-resilient Functions and All-or-nothing Transforms. In Proceedings of the 19th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT’00, pages 453–469. Springer-Verlag, 2000.
  84. UC Non-Interactive, Proactive, Threshold ECDSA with Identifiable Aborts. Cryptology ePrint Archive, Paper 2021/060, 2021. https://eprint.iacr.org/2021/060.
  85. M. Carlos and G. Price. Understanding the weaknesses of human-protocol interaction. In J. Blyth, S. Dietrich, and L. J. Camp, editors, Financial Cryptography and Data Security, pages 13–26. Springer Berlin Heidelberg, 2012.
  86. Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations. Cryptology ePrint Archive, Paper 2019/503, 2019. https://eprint.iacr.org/2019/503.
  87. Bandwidth-efficient threshold EC-DSA revisited: Online/Offline Extensions, Identifiable Aborts, Proactivity and Adaptive Security. Cryptology ePrint Archive, Paper 2021/291, 2021. https://eprint.iacr.org/2021/291.
  88. L. Childs and K. Carpenter. Passport Security Model, 2021. https://github.com/Foundation-Devices/passport-firmware/blob/main/SECURITY/SECURITY.md.
  89. A. Chow. Partially Signed Bitcoin Transaction Format, 2017. https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki.
  90. A. Chow. PSBT Version 2, 2017. https://github.com/bitcoin/bips/blob/master/bip-0370.mediawiki.
  91. D. Coutts and E. de Vries. Formal specification for a Cardano wallet. 2018. https://iohk.io/en/research/library/papers/formal-specification-for-a-cardano-wallet/.
  92. How to Prove Schnorr Assuming Schnorr: Security of Multi- and Threshold Signatures. Cryptology ePrint Archive, Paper 2021/1375, 2021. https://eprint.iacr.org/2021/1375.
  93. Better keep cash in your boots - hardware wallets are the new single point of failure. In Proceedings of the 2021 ACM CCS Workshop on Decentralized Finance and Security, DeFi ’21, page 1–8. Association for Computing Machinery, 2021.
  94. Securing DNSSEC Keys via Threshold ECDSA from Generic MPC, pages 654–673. 2020.
  95. Fast Threshold ECDSA with Honest Majority. Cryptology ePrint Archive, Paper 2020/501, 2020. https://eprint.iacr.org/2020/501.
  96. Darosior. ANYPREVOUT in place of CTV. 2022. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-April/020276.html.
  97. The Exact Security of BIP32 Wallets. Cryptology ePrint Archive, Paper 2021/1287, 2021. https://eprint.iacr.org/2021/1287.
  98. J. D. Davidson and W. Rees-Mogg. The Sovereign Individual: How to Survive and Thrive During the Collapse of the Welfare State. Simon & Schuster, Inc., 1996.
  99. Eltoo: A Simple Layer 2 Protocol for Bitcoin. 2018. https://blockstream.com/eltoo.pdf.
  100. C. Decker and A. Towns. SIGHASH_ANYPREVOUT for Taproot, 2021. https://github.com/bitcoin/bips/blob/master/bip-0118.mediawiki.
  101. C. Decker and R. Wattenhofer. Information propagation in the Bitcoin network. In IEEE P2P 2013 Proceedings, pages 1–10, 2013.
  102. C. Decker and R. Wattenhofer. A fast and scalable payment network with bitcoin duplex micropayment channels. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9212:3–18, 2015.
  103. A fair protocol for data trading based on bitcoin transactions. Future Generation Computer Systems, 107:832–840, 2020.
  104. Resilient custody of crypto-assets, and threshold multisignatures. Mathematics, 8:10, 2020.
  105. P. Dikshit and K. Singh. Weighted threshold ECDSA for securing bitcoin wallet. ACCENTS Transactions on Information Security, 2:43–51, 2016.
  106. Strong Federations: An Interoperable Blockchain Solution to Centralized Third Party Risks. CoRR, abs/1612.05491, 2016.
  107. Tor: The Second-Generation Onion Router. 13th USENIX Security Symposium (USENIX Security 04), 13, 2004.
  108. Ripemd-160: A strengthened version of ripemd. In D. Gollmann, editor, Fast Software Encryption, pages 71–82. Springer Berlin Heidelberg, 1996.
  109. Secure Two-party Threshold ECDSA from ECDSA Assumptions. Cryptology ePrint Archive, Paper 2018/499, 2018. https://eprint.iacr.org/2018/499.
  110. Threshold ECDSA from ECDSA Assumptions: The Multiparty Case. Cryptology ePrint Archive, Paper 2019/523, 2019. https://eprint.iacr.org/2019/523.
  111. D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198–208, 1983.
  112. T. Dryja. Discreet Log Contracts. https://adiabat.github.io/dlc.pdf.
  113. C. M. Ellison. Ceremony design and analysis. IACR Cryptology ePrint Archive, 2007:399, 2007.
  114. M. Erhardt. An Evaluation of Coin Selection Strategies, 2016. http://murch.one/wp-content/uploads/2016/11/erhardt2016coinselection.pdf.
  115. A first look at the usability of bitcoin key management. In Workshop on Usable Security (USEC), 2015.
  116. I. Eyal. On cryptocurrency wallet design. IACR Cryptology ePrint Archive, 2021.
  117. Secure hierarchical bitcoin wallet scheme against privilege escalation attacks. International Journal of Information Security, 19, 2020.
  118. Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees. CoRR, abs/1805.11060, 2018.
  119. The impact of DDoS and other security shocks on Bitcoin currency exchanges: Evidence from Mt. Gox. Journal of Cybersecurity, 3:137–144, 2017.
  120. Hypertext Transfer Protocol – HTTP/1.1. IETF Request for Comments, RFC 2616, 1999. https://www.rfc-editor.org/info/rfc2616.
  121. L. Fournier. CTV dramatically improves DLCs. 2022. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-January/019808.html.
  122. Fresheneesz. Tordl Wallet Protocols. https://github.com/fresheneesz/TordlWalletProtocols.
  123. Under Pressure. A User-Centered Threat Model for Cryptocurrency Owners. Proceedings of the 2021 4th International Conference on Blockchain Technology and Applications, 2021.
  124. Blockchain and Cryptocurrency in Human Computer Interaction: A Systematic Literature Review and Research Agenda. Proceedings of the 2022 ACM Designing Interactive Systems Conference, 2022.
  125. Attack Trees for Practical Security Assessment: Ranking of Attack Scenarios with ADTool 2.0. International Conference on Quantitative Evaluation of Systems, 2016.
  126. Threshold ECDSA for Decentralized Asset Custody. Cryptology ePrint Archive, Paper 2020/498, 2020. https://eprint.iacr.org/2020/498.
  127. The Bitcoin backbone protocol: Analysis and applications. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9057:281–310, 2015.
  128. The Bitcoin Backbone Protocol with Chains of Variable Difficulty. In J. Katz and H. Shacham, editors, Advances in Cryptology – CRYPTO 2017, pages 291–323. Springer International Publishing, 2017.
  129. Threshold schnorr with stateless deterministic signing from standard assumptions. Cryptology ePrint Archive, Paper 2021/1055, pages 127–156, 2021. https://eprint.iacr.org/2021/1055.
  130. R. Gennaro and S. Goldfeder. Fast Multiparty Threshold ECDSA with Fast Trustless Setup. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, pages 1179–1194. ACM, 2018.
  131. Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcoin Wallet Security. Cryptology ePrint Archive, Paper 2016/013, 2016. https://eprint.iacr.org/2016/013.
  132. Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, 2005.
  133. On the Privacy Provisions of Bloom Filters in Lightweight Bitcoin Clients. In Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC ’14, pages 326–335. ACM, 2014.
  134. SoK: How private is Bitcoin? Classification and Evaluation of Bitcoin Mixing Techniques. Cryptology ePrint Archive, Paper 2021/629, 2021. https://eprint.iacr.org/2021/629.
  135. Usability of Cryptocurrency Wallets Providing CoinJoin Transactions. Cryptology ePrint Archive, Paper 2022/285, 2022. https://eprint.iacr.org/2022/285.
  136. Low-level attacks in bitcoin wallets. Information Security, pages 233–253, 2017.
  137. When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies. Proceedings on Privacy Enhancing Technologies, 2018, 2017.
  138. Gregory Maxwell. Coinjoin: Bitcoin privacy for the real world, 2013. https://bitcointalk.org/index.php?topic=279249.0.
  139. J. Groth and V. Shoup. Design and analysis of a distributed ECDSA signing service. Cryptology ePrint Archive, Paper 2022/506, 2022. https://eprint.iacr.org/2022/506.
  140. J. Groth and V. Shoup. On the Security of ECDSA with Additive Key Derivation and Presignatures. Cryptology ePrint Archive, Paper 2021/1330, 2022. https://eprint.iacr.org/2021/1330.
  141. C. Guillemet. Extracting seeds from Wallets, 2019. https://blog.ledger.com/Extracting-Seeds/.
  142. C. Guillemet and J.-B. Bédrune. On the security model of software wallets, 2021. https://blog.ledger.com/software-wallets/.
  143. C. Guillemet and O. Hériveaux. Extracting seed from Ellipal wallet, 2019. https://blog.ledger.com/Ellipal-Security/.
  144. M. Guri. BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets. CoRR, abs/1804.08714, 2018. http://arxiv.org/abs/1804.08714.
  145. G. Gutoski and D. Stebila. Hierarchical deterministic Bitcoin wallets that tolerate key leakage (short paper). In Proceedings of the 19th International Conference on Financial Cryptography and Data Security (FC 2015). Springer, 2015.
  146. Deleting Secret Data with Public Verifiability. IEEE Transactions on Dependable and Secure Computing, 13(6):617–629, 2016.
  147. M. S. Haque. An Evolutionary Approach of Attack Graphs and Attack Trees: A Survey of Attack Modeling. 2017. http://dcsl.cs.ua.edu/papers/SAM9712.pdf.
  148. D. A. Harding and P. Todd. Opt-in Full Replace-by-Fee Signaling, 2015. https://github.com/bitcoin/bips/blob/master/bip-0125.mediawiki.
  149. M. Harrigan and C. Fretter. The Unreasonable Effectiveness of Address Clustering. 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress, 2016.
  150. F. A. Hayek. Denationalisation of Money - The Argument Refined: Second (Extended) Edition. The Institute of Economic Affairs, 1978.
  151. A. Hayes. Covenant, 2020. https://www.investopedia.com/terms/c/covenant.asp.
  152. Security analysis of cryptocurrency wallets in android-based applications. IEEE Network, PP:1–6, 2020.
  153. M. Hearn and M. Corallo. Connection Bloom filtering, 2012. https://github.com/bitcoin/bips/blob/master/bip-0037.mediawiki.
  154. Eclipse Attacks on Bitcoin Peer-to-Peer Network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144. USENIX Association, 2015.
  155. O. Helmer. An experimental application of the delphi method to the use of experts. Management Science, 9:458–467, 1963.
  156. The Value of Attack-Defence Diagrams. Principles of Security and Trust, pages 163–185, 2016.
  157. S. Hommel. Vault-mbed, 2020. https://github.com/fmr-llc/Vault-mbed.
  158. A security reference architecture for blockchains. In 2019 IEEE International Conference on Blockchain (Blockchain), pages 390–397, 2019.
  159. A comprehensive survey on smart contract construction and execution: paradigms, tools, and systems. Patterns, 2:100179, 2021.
  160. Security Threats from Bitcoin Wallet Smartphone Applications: Vulnerabilities, Attacks, and Countermeasures. Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, page 89–100, 2021.
  161. D. W. Hubbard and R. Seiersen. How to Measure Anything in Cybersecurity Risk. 2016.
  162. International Standards Organization. ISO/IEC 27001 and related standards, 2022. https://www.iso.org/isoiec-27001-information-security.html.
  163. Determining an optimal threshold on the online reserves of a bitcoin exchange. Journal of Cybersecurity, 2018.
  164. Attack Trees with Sequential Conjunction. CoRR, abs/1503.02261, 2015.
  165. Comparative analysis of cryptocurrency wallets vs traditional wallets. Ekonomika, 2019.
  166. ATSSIA: Asynchronous Truly-Threshold Schnorr Signing for Inconsistent Availability, pages 71–91. 2022.
  167. Characterizing Entities in the Bitcoin Blockchain. 2018 IEEE International Conference on Data Mining Workshops (ICDMW), pages 55–62, 2018.
  168. S. Kanjalkar. TapScript OP_CODES documentation for elements. 2021. https://github.com/ElementsProject/elements/blob/master/doc/tapscript_opcodes.md#new-opcodes-for-additional-functionality.
  169. N. P. Karvelas and A. Kiayias. Efficient Proofs of Secure Erasure. In Security and Cryptography for Networks, pages 520–537. Springer International Publishing, 2014.
  170. B. Keceli. Bitmatrix: A Constant Product Market Maker Based on Recursive Covenants. 2021. https://docs.bitmatrix.app/v1/11_21_21/Bitmatrix_Paper_Early_Preview.pdf.
  171. Optimal security proofs for signatures from identification schemes. Cryptology ePrint Archive, Paper 2016/191, 2016. https://eprint.iacr.org/2016/191.
  172. P. Kim. The Glacier Protocol and Using Dice To Generate Keys, 2021. https://blog.keyst.one/the-glacier-protocol-and-using-dice-to-generate-keys-6677550c2b86.
  173. Phoenix: A Formally Verified Regenerating Vault. 2021. https://arxiv.org/pdf/2106.01240.pdf.
  174. SP 800-88 Rev. 1. Guidelines for Media Sanitization. National Institute of Standards & Technology, 2006.
  175. C. Komlo and I. Goldberg. FROST: Flexible Round-Optimized Schnorr Threshold Signatures. Cryptology ePrint Archive, Paper 2020/852, 2020. https://eprint.iacr.org/2020/852.
  176. Foundations of Attack–Defense Trees. Lecture Notes in Computer Science, 2010.
  177. DAG-Based Attack and Defense Modeling: Don’t Miss the Forest for the Attack Trees. Computer Science Review, 13, 2013.
  178. An Analysis of Anonymity in Bitcoin Using P2P Network Traffic. Financial Cryptography and Data Security, pages 469–485, 2014.
  179. Verifiable timed signatures made practical. Cryptology ePrint Archive, Paper 2020/1563, 2020. https://eprint.iacr.org/2020/1563.
  180. R. Kumar. Truth or Dare: Quantitative security risk analysis using attack trees. PhD thesis, 2018.
  181. R. Kumar and M. Stoelinga. Quantitative Security and Safety Analysis with Attack-Fault Trees. 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), 2017.
  182. J. Kurose and K. Ross. Computer Networking: A Top-down Approach. Always learning. Pearson, 2013.
  183. A Survey on Anonymity and Privacy in Bitcoin-Like Digital Cash Systems. IEEE Communications Surveys Tutorials, 2018.
  184. A review of attack graph and attack tree visual syntax in cyber security. Computer Science Review, 35:100219, 2020.
  185. J. Lau. OP_PUSHTXDATA, 2017. https://github.com/jl2012/bips/blob/vault/bip-0ZZZ.mediawiki.
  186. Y. Lindell. Fast Secure Two-Party ECDSA Signing. Advances in Cryptology – CRYPTO 2017, pages 613–644, 2017.
  187. Y. Lindell. Simple Three-Round Multiparty Schnorr Signing with Full Simulatability. Cryptology ePrint Archive, Paper 2022/374, 2022. https://eprint.iacr.org/2022/374.
  188. Y. Lindell and A. Nof. Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, pages 1837–1854. ACM, 2018.
  189. K. Loaec. Hardware wallets and “advanced” Bitcoin features, 2021. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-January/018352.html.
  190. K. Loaec and A. Poinsot. Revault: a multi-party Bitcoin vault architecture, 2020. https://revault.dev/assets/revault_documentation.pdf.
  191. Segregated Witness (Consensus layer), 2015. https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki.
  192. J. Lopp. The Challenges of Optimizing Unspent Output Selection, 2015. https://blog.lopp.net/the-challenges-of-optimizing-unspent-output-selection/.
  193. J. Lopp. A Treatise on Bitcoin Seed Backup Device Design. 2022. https://blog.lopp.net/a-treatise-on-bitcoin-seed-backup-device-design/.
  194. J. Lopp. Metal Bitcoin Seed Storage Reviews. 2022. https://jlopp.github.io/metal-bitcoin-storage-reviews/.
  195. S. Lucas. The origins of the halting problem. Journal of Logical and Algebraic Methods in Programming, 121:100687, 2021.
  196. Lukáš Kozák. Security Analysis of Hardware Crypto Wallets, 2020. https://dspace.cvut.cz/bitstream/handle/10467/88181/F8-BP-2020-Kozak-Lukas-thesis.pdf.
  197. Arcula: A secure hierarchical deterministic wallet for multi-asset blockchains. Cryptology ePrint Archive, Paper 2019/704, 2019. https://eprint.iacr.org/2019/704.
  198. M. Mouchous. Mounting a low-cost laser bench, 2022. https://blog.ledger.com/laser-bench-low-price/.
  199. H. N. M. Sato, M. Shimaoka. General Security Considerations for Cryptoassets Custodians. 2019. https://tools.ietf.org/html/draft-vcgtf-crypto-assets-security-considerations-05.
  200. Uncovering impact of mental models towards adoption of multi-device crypto-wallets. Cryptology ePrint Archive, Paper 2022/075, 2022. https://eprint.iacr.org/2022/075.
  201. An adaptive threat model for security ceremonies. International Journal of Information Security, 14, 2014.
  202. BITE: Bitcoin Lightweight Client Privacy using Trusted Execution. In IACR Cryptology ePrint Archive, 2018.
  203. Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction. International Conference on Information Systems Security and Privacy, 2016.
  204. Decomposition and sequential-AND analysis of known cyber-attacks on critical infrastructure control systems. Journal of Cybersecurity, 6(1), 2020.
  205. Why preventing a cryptocurrency exchange heist isn’t good enough. Security Protocols XXVI, pages 225–233, 2018.
  206. B. McElrath. Re-Imagining Cold Storage with Timelocks. 2016. https://medium.com/@BobMcElrath/re-imagining-cold-storage-with-timelocks-1f293bfe421f.
  207. A fistful of bitcoins: Characterizing payments among men with no names. Communications of the ACM, 59, 2016.
  208. Handbook of Applied Cryptography. CRC Press, Inc., 1st edition, 1996.
  209. R. C. Merkle. A digital signature based on a conventional encryption function. In Annual International Cryptology Conference, 1987.
  210. Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools. In 2017 IEEE European Symposium on Security and Privacy (EuroS P), pages 319–333, 2017.
  211. T. Moore and N. Christin. Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk. Financial Cryptography and Data Security, pages 25–33, 2013.
  212. Revisiting the risks of bitcoin currency exchange closure. ACM Transactions on Internet Technology, 18:1–18, 2018.
  213. Bitcoin Covenants. In FC ’16: Proceedings of the the 20th International Conference on Financial Cryptography, 2016.
  214. S. Nakamoto. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008. https://bitcoin.org/bitcoin.pdf.
  215. G. Naumenko and A. Riard. CoinPool: efficient off-chain payment pools for Bitcoin. 2022. https://coinpool.dev/.
  216. Using encryption for authentication in large networks of computers. Communications ACM, 21(12):993–999, 1978.
  217. J. Newbery. What is meant by transaction ‘pinning’?, 2018. https://bitcoin.stackexchange.com/questions/80803/what-is-meant-by-transaction-pinning/80804#80804.
  218. Bitcoin Secure Multisig Setup (BSMS), 2020. https://github.com/bitcoin/bips/blob/master/bip-0129.mediawiki#Security.
  219. Attack Defense Trees with Sequential Conjunction. 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE), 2019.
  220. Liquid: A Bitcoin Sidechain, 2020. https://blockstream.com/assets/downloads/pdf/liquid-whitepaper.pdf.
  221. MuSig2: Simple Two-Round Schnorr Multi-Signatures. Cryptology ePrint Archive, Report 2020/1261, 2020. https://eprint.iacr.org/2020/1261.
  222. MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces. Cryptology ePrint Archive, Report 2020/1057, 2020. https://eprint.iacr.org/2020/1057.
  223. J. O’Beirne. A simple vault structure using OP_CTV. https://github.com/jamesob/simple-ctv-vault.
  224. Structure and Anonymity of the Bitcoin Transaction Graph. Future Internet, 5:237–250, 2013.
  225. R. O’Connor. TXHASH + CHECKSIGFROMSTACKVERIFY in lieu of CTV and ANYPREVOUT, 2022. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-January/019813.html.
  226. R. O’Connor and M. Piekarska. Enhancing Bitcoin Transactions with Covenants. In Financial Cryptography and Data Security, pages 191–198. Springer International Publishing, 2017.
  227. C. O’Flynn. Glitching Trezor using EMFI Through The Enclosure, 2019. https://colinoflynn.com/2019/03/glitching-trezor-using-emfi-through-the-enclosure/.
  228. O. Osuntokun and A. Akselrod. Compact Client Side Filtering for Light Clients, 2017. https://github.com/Roasbeef/bips/blob/master/gcs_light_client.mediawiki.
  229. R. O’Connor. Simplicity, 2017. https://blockstream.com/simplicity.pdf.
  230. C. Paar and J. Pelzl. Understanding Cryptography: A Textbook for Students and Practitioners. Springer Publishing Company, Incorporated, 1st edition, 2009.
  231. Mnemonic code for generating deterministic keys, 2013. https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki.
  232. Multi-Signatures for ECDSA and Its Applications in Blockchain. Information Security and Privacy, page 265–285, 2022.
  233. Analysis of the Blockchain Protocol in Asynchronous Networks. In J.-S. Coron and J. B. Nielsen, editors, Advances in Cryptology – EUROCRYPT 2017, pages 643–673. Springer International Publishing, 2017.
  234. Breaking Trezor One with Side Channel Attacks, 2019. https://blog.ledger.com/Breaking-Trezor-One-with-SCA/.
  235. D. Perito and G. Tsudik. Secure Code Update for Embedded Devices via Proofs of Secure Erasure. In D. Gritzalis, B. Preneel, and M. Theoharidou, editors, Computer Security – ESORICS 2010, pages 643–662. Springer Berlin Heidelberg, 2010.
  236. T. Perrin. The Noise Protocol Framework. 2018. https://noiseprotocol.org/noise.pdf.
  237. M. Pettit. Efficient Threshold-Optimal ECDSA. Cryptology ePrint Archive, Paper 2021/1386, 2021. https://eprint.iacr.org/2021/1386.
  238. A. Poelstra. Tapscript: New Opcodes, Reduced Limits and Covenants. 2022. https://blog.blockstream.com/tapscript-new-opcodes-reduced-limits-and-covenants/.
  239. A. Poinsot. James O’Beirne CTV vault using ANYPREVOUT in place of CTV. https://github.com/darosior/simple-anyprevout-vault.
  240. A journey into bitcoin metadata. Journal of Grid Computing, 2019.
  241. J. Poon and T. Dryja. The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments. 2016. https://lightning.network/lightning-network-paper.pdf.
  242. J. Postel. Internet protocol (ip). IETF Request for Comments, RFC 791, 1981. https://www.rfc-editor.org/info/rfc791.
  243. J. Postel. Transmission control protocol (tcp). IETF Request for Comments, RFC 793, 1981. https://www.rfc-editor.org/info/rfc793.
  244. J. Postel and J. Reynolds. File Transfer Protocol (FTP). 1985. https://www.rfc-editor.org/info/rfc959.
  245. S. Rashid. Extracting TREZOR Secrets from SRAM, 2017. https://saleemrashid.com/2017/08/17/extracting-trezor-secrets-sram/.
  246. SoK: Secure Data Deletion. In 2013 IEEE Symposium on Security and Privacy, pages 301–315, 2013.
  247. F. Reid and M. Harrigan. An Analysis of Anonymity in the Bitcoin System. Security and Privacy in Social Networks, pages 197–223, 2013.
  248. M. Rhodes-Ousley. Information Security The Complete Reference, Second Edition. The Complete Reference. Mcgraw-hill, 2013.
  249. A. Riard. Pinning : The Good, The Bad, The Ugly, 2020. https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-June/002758.html.
  250. A. Riard and G. Naumenko. Time-Dilation Attacks on the Lightning Network. Cryptoeconomic Systems, 2021. https://cryptoeconomicsystems.pubpub.org/pub/riard-lightning-dilation.
  251. D. Ron and A. Shamir. Quantitative Analysis of the Full Bitcoin Transaction Graph. Cryptology ePrint Archive, Paper 2012/584, 2012. https://eprint.iacr.org/2012/584.
  252. J. Rubin. Designing Bitcoin Contracts with Sapio. https://learn.sapio-lang.org/.
  253. J. Rubin. CHECKTEMPLATEVERIFY, 2020. https://github.com/bitcoin/bips/blob/master/bip-0119.mediawiki.
  254. J. Rubin. Building Vaults on Bitcoin, 2021. https://rubin.io/bitcoin/2021/12/07/advent-10/.
  255. ROAST: Robust Asynchronous Schnorr Threshold Signatures. Cryptology ePrint Archive, Paper 2022/550, 2022. https://eprint.iacr.org/2022/550.
  256. R. Russell. [PROPOSAL] OP_TX: generalized covenants reduced to OP_CHECKTEMPLATEVERIFY, 2022. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/020450.html.
  257. S. Volokitin. Software Attacks on Hardware Wallets - Black Hat, 2018. https://i.blackhat.com/us-18/Wed-August-8/us-18-Volokitin-Software-Attacks-On-Hardware-Wallets.pdf.
  258. Transforming the ‘weakest link’ — a human/computer interaction approach to usable and effective security. BT Technology Journal, 19, 2001.
  259. Asset-centric analysis and visualisation of attack trees. In Graphical Models for Security: 7th International Workshop, GraMSec 2020, Boston, MA, USA, June 22, 2020, Revised Selected Papers, page 45–64. Springer-Verlag, 2020.
  260. B. Schneier. Attack Trees. 1999. https://www.schneier.com/academic/archives/1999/12/attack_trees.html.
  261. C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161–174, 1991.
  262. D. Sempreboni and L. Viganò. A mutation-based approach for the formal and automated analysis of security ceremonies. Journal of Computer Security, 2022.
  263. A. Shostack. Threat Modeling: Designing for Security. 2014.
  264. M. Skibinsky and A. Krotou. Generate a Seed Phrase using Dice., 2022. https://vault12.com/securemycrypto/cryptocurrency-security-how-to/dice-crypto-recovery-seed/1-gather-your-pencil-and-paper-your-dice-a-bip39-word-list-and-let-s-get-ready-to-roll.
  265. D. Stinson and R. Strobl. Provably Secure Distributed Schnorr Signatures and a (t, n) Threshold Scheme for Implicit Certificates. Information Security and Privacy, pages 417–434, 2001.
  266. Bitcoin Covenants: Three Ways to Control the Future. CoRR, abs/2006.16714, 2020. https://arxiv.org/abs/2006.16714.
  267. Custody Protocols Using Bitcoin Vaults. CoRR, abs/2005.11776, 2020. https://arxiv.org/abs/2005.11776.
  268. W. Swanson. Creating Bitcoin Private Keys with Dice, 2014. https://www.swansontec.com/bitcoin-dice.html.
  269. T. Perrin. The Noise Protocol Framework: Interactive handshake patterns (fundamental), 2018. https://noiseprotocol.org/noise.html#handshake-patterns/.
  270. A. Taaki. BIP Purpose and Guidelines, 2011. https://github.com/bitcoin/bips/blob/master/bip-0001.mediawiki.
  271. B. Teinturier. RBF Pinning with Counterparties and Competing Interest, 2020. https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-June/002739.html.
  272. J. Timón. Simple Proof-of-Reserves Transactions, 2015. https://github.com/bitcoin/bips/blob/master/bip-0099.mediawiki.
  273. A survey of smart contract formal specification and verification. ACM Computing Surveys, 54:1–38, 2021.
  274. A. Towns. SIGHASH_ANYPREVOUT for Taproot Scripts, 2019. https://github.com/ajtowns/bips/blob/bip-anyprevout/bip-anyprevout.mediawiki.
  275. Obscuro: A Bitcoin Mixer using Trusted Execution Environments. Cryptology ePrint Archive, Paper 2017/974, 2017. https://eprint.iacr.org/2017/974.
  276. L. Trevisan. CS276: Cryptography: Notes for Lecture 27, 2009. http://theory.stanford.edu/~trevisan/cs276/lecture27.pdf.
  277. Inspection Resistant Memory: Architectural Support for Security from Physical Examination. SIGARCH Comput. Archit. News, 40(3):130–141, 2012.
  278. L. Valenta and B. Rowan. Blindcoin: Blinded, accountable mixes for bitcoin. Financial Cryptography and Data Security, pages 112–126, 2015.
  279. Process memory investigation of the bitcoin clients electrum and bitcoin core. IEEE Access, PP:1–1, 2017.
  280. Dandelion: Redesigning the Bitcoin Network for Anonymity. CoRR, abs/1701.04439, 2017.
  281. L. Viganò. Formal methods for socio-technical security: (formal and automated analysis of security ceremonies). Coordination Models and Languages (COORDINATION 2022), 2022.
  282. Z. Voell. Sorry, Bitcoin is still Anarchist. 2018. https://medium.com/@zackvoell/sorry-bitcoin-is-still-anarchist-3e995d2fbbf1.
  283. S. Volokitin. Glitch in the Matrix: Exploiting Bitcoin Hardware Wallets, 2019. https://www.offensivecon.org/speakers/2019/sergei-volokitin.html.
  284. Mobt: A kleptographically-secure hierarchical-deterministic wallet for multiple offline bitcoin transactions. Future Generation Computer Systems, 101, 2019.
  285. Dynamic threshold ECDSA signature and application to asset custody in blockchain. Journal of Information Security and Applications, 61:102805, 2021.
  286. J. D. Weiss. A system security engineering process. In Proceedings of the 14th National Computer Security Conf., 1991.
  287. D. A. Wheeler. What is open security?, 2013. https://dwheeler.com/essays/open-security-definition.html.
  288. Schnorr Signatures for secp256k1, 2020. https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki.
  289. Validation of Taproot Scripts, 2020. https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki.
  290. P. Wuille. Hierarchical Deterministic Wallets, 2012. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki.
  291. Taproot: SegWit version 1 output spending rules, 2019. https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki.
  292. Y. E. Bulut and İ. Sertkaya. Security Problem Definition and Security Objectives of Cryptocurrency Wallets in Common Criteria, 2020. https://dergipark.org.tr/tr/download/article-file/1081388.
  293. Compact Zero-Knowledge Proofs for Threshold ECDSA with Trustless Setup. Cryptology ePrint Archive, Paper 2021/205, 2021. https://eprint.iacr.org/2021/205.
  294. Paralysis proofs: Secure dynamic access structures for cryptocurrency custody and more. In Proceedings of the 1st ACM Conference on Advances in Financial Technologies, AFT ’19, page 1–15. Association for Computing Machinery, 2019.
  295. ZmnSCPxj. Speedy covenants (OP_CAT2), 2022. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-May/{020434}.html.

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Authors (1)

  1. Jacob Tyge Goker Swambo 

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free