Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
144 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Decentralizing Custodial Wallets with MFKDF (2306.08168v1)

Published 13 Jun 2023 in cs.CR

Abstract: The average cryptocurrency user today faces a difficult choice between centralized custodial wallets, which are notoriously prone to spontaneous collapse, or cumbersome self-custody solutions, which if not managed properly can cause a total loss of funds. In this paper, we present a "best of both worlds" cryptocurrency wallet design that looks like, and inherits the user experience of, a centralized custodial solution, while in fact being entirely decentralized in design and implementation. In our design, private keys are not stored on any device, but are instead derived directly from a user's authentication factors, such as passwords, soft tokens (e.g., Google Authenticator), hard tokens (e.g., YubiKey), or out-of-band authentication (e.g., SMS). Public parameters (salts, one-time pads, etc.) needed to access the wallet can be safely stored in public view, such as on a public blockchain, thereby providing strong availability guarantees. Users can then simply "log in" to their decentralized wallet on any device using standard credentials and even recover from lost credentials, thereby providing the usability of a custodial wallet with the trust and security of a decentralized approach.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (49)
  1. K. Huang, “Why Did FTX Collapse? Here’s What to Know.,” The New York Times, Nov. 2022. https://www.nytimes.com/2022/11/10/technology/ftx-binance-crypto-explained.html.
  2. M. Young, “Coinbase custodies 11% of entire crypto capitalization.” https://cointelegraph.com/news/coinbase-custodies-11-of-entire-crypto-capitalization.
  3. J. Wood, “Custodial Wallets vs. Non-Custodial Crypto Wallets,” Mar. 2022. https://www.coindesk.com/learn/custodial-wallets-vs-non-custodial-crypto-wallets/.
  4. N. Acheson, “After FTX: Rebuilding Trust in Crypto’s Founding Mission,” Nov. 2022. https://www.coindesk.com/layer2/2022/11/14/after-ftx-rebuilding-trust-in-cryptos-founding-mission/.
  5. A. Whitten and J. D. Tygar, “Why johnny can’t encrypt: A usability evaluation of PGP 5.0,” in 8th USENIX Security Symposium (USENIX Security 99), (Washington, D.C.), USENIX Association, Aug. 1999.
  6. N. Hartley, “Bitcoin: Missing hard drive could fund Newport crypto hub,” BBC News, Aug. 2022. https://www.bbc.com/news/uk-wales-62381682.
  7. N. Popper, “Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes,” The New York Times, Jan. 2021. https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html.
  8. C. B. C. Radio ·, “This man owns $321M in bitcoin — but he can’t access it because he lost his password | CBC Radio,” Jan. 2021. https://www.cbc.ca/radio/asithappens/as-it-happens-friday-edition-1.5875363/this-man-owns-321m-in-bitcoin-but-he-can-t-access-it-because-he-lost-his-password-1.5875366.
  9. V. Nair and D. Song, “Multi-factor key derivation function (mfkdf),” 2022. https://arxiv.org/abs/2208.05586.
  10. M. View, D. M’Raihi, F. Hoornaert, D. Naccache, M. Bellare, and O. Ranen, “HOTP: An HMAC-Based One-Time Password Algorithm,” Request for Comments RFC 4226, Internet Engineering Task Force, Dec. 2005. https://datatracker.ietf.org/doc/rfc4226.
  11. M. View, J. Rydell, M. Pei, and S. Machani, “TOTP: Time-Based One-Time Password Algorithm,” Tech. Rep. RFC 6238, Internet Engineering Task Force, May 2011. https://datatracker.ietf.org/doc/rfc6238.
  12. “Yubikey: Strong two-factor authentication.” https://www.yubico.com/.
  13. F. Corva, “Cryptocurrency Wallets.” https://www.finder.com/cryptocurrency/wallets.
  14. S. Suratkar, M. Shirole, and S. Bhirud, “Cryptocurrency wallet: A review,” in 2020 4th International Conference on Computer, Communication and Signal Processing (ICCCSP), pp. 1–7, 2020.
  15. I. Eyal, “On cryptocurrency wallet design,” in 3rd International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2021), Schloss Dagstuhl-Leibniz-Zentrum für Informatik, 2022.
  16. “Binance.US | Buy, Sell, & Trade Crypto & Altcoins In The US.” https://www.binance.us/.
  17. “Coinbase - Buy and Sell Bitcoin, Ethereum, and more with trust.” https://www.coinbase.com/.
  18. “Kraken Cryptocurrency Exchange.” https://www.kraken.com/.
  19. “Top Cryptocurrency Exchanges Ranked By Volume.” https://coinmarketcap.com/rankings/exchanges/.
  20. “Top Cryptocurrency Decentralized Exchanges Ranked.” https://coinmarketcap.com/rankings/exchanges/dex/.
  21. R. McMillan, “The Inside Story of Mt. Gox, Bitcoin’s $460 Million Disaster | WIRED.” https://www.wired.com/2014/03/bitcoin-exchange/.
  22. D. Yaffe-Bellany, “How Sam Bankman-Fried’s FTX Crypto Empire Collapsed - The New York Times.” https://www.nytimes.com/2022/11/14/technology/ftx-sam-bankman-fried-crypto-bankruptcy.html.
  23. “Hardware Wallet - State-of-the-art security for crypto assets.” https://www.ledger.com.
  24. Trezor, “Trezor Hardware Wallet (Official) | Bitcoin & Crypto Security.” https://trezor.io/.
  25. R. Browne, “Man makes last-ditch effort to recover $280 million in bitcoin he accidentally threw out.” https://www.cnbc.com/2021/01/15/uk-man-makes-last-ditch-effort-to-recover-lost-bitcoin-hard-drive.html.
  26. M. Palatinus, P. Rusnak, A. Voisine, and S. Bowe, “Mnemonic code for generating deterministic keys.” https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki.
  27. “Best Cryptocurrency Wallet | Ethereum Wallet | ERC20 Wallet.” https://trustwallet.com/.
  28. MetaMask, “The crypto wallet for Defi, Web3 Dapps and NFTs | MetaMask.” https://metamask.io/.
  29. A. Hanamsagar, S. S. Woo, C. Kanich, and J. Mirkovic, “How Users Choose and Reuse Passwords,” 2016.
  30. D. Florencio and C. Herley, “A Large Scale Study of Web Password Habits,” Tech. Rep. MSR-TR-2006-166, Microsoft, Nov. 2006. https://www.microsoft.com/en-us/research/publication/a-large-scale-study-of-web-password-habits/.
  31. “2020 state of the internet.” https://www.akamai.com/site/en/documents/state-of-the-internet/soti-security-credential-stuffing-in-the-media-industry-report-2020.pdf.
  32. D. Handa, “What is Out-of-Band Authentication (OOBA)?.” https://www.pingidentity.com/en/resources/blog/post/what-is-out-of-band-authentication-ooba.html.
  33. K. A. Taher, T. Nahar, and S. A. Hossain, “Enhanced cryptocurrency security by time-based token multi-factor authentication algorithm,” in 2019 International Conference on Robotics,Electrical and Signal Processing Techniques (ICREST), pp. 308–312, 2019.
  34. I. Homoliak, D. Breitenbacher, A. Binder, and P. Szalachowski, “An air-gapped 2-factor authentication for smart-contract wallets,” arXiv preprint arXiv:1812.03598, 2018.
  35. S. He, Q. Wu, X. Luo, Z. Liang, D. Li, H. Feng, H. Zheng, and Y. Li, “A social-network-based cryptocurrency wallet-management scheme,” IEEE Access, vol. 6, pp. 7654–7663, 2018.
  36. F. Zhu, W. Chen, Y. Wang, P. Lin, T. Li, X. Cao, and L. Yuan, “Trust your wallet: A new online wallet architecture for bitcoin,” in 2017 International Conference on Progress in Informatics and Computing (PIC), pp. 307–311, IEEE, 2017.
  37. J. Benet, “Ipfs-content addressed, versioned, p2p file system,” arXiv preprint arXiv:1407.3561, 2014.
  38. A. Shamir, “How to share a secret,” Commun. ACM, vol. 22, p. 612–613, nov 1979. https://doi.org/10.1145/359168.359176.
  39. V. Nair, “Javascript Implementation of a Multi-Factor Key Derivation Function (mfkdf).” https://github.com/multifactor/mfkdf.
  40. P. Laux, “Ethereum wallet.” https://github.com/PaulLaux/eth-hot-wallet.
  41. A. Biryukov, D. Dinu, and D. Khovratovich, “Argon2: New generation of memory-hard functions for password hashing and other applications,” in IEEE EuroS&P, pp. 292–302, 2016.
  42. N. Fotiou, V. A. Siris, and G. C. Polyzos, “Enabling self-verifiable mutable content items in ipfs using decentralized identifiers,” in 2021 IFIP Networking Conference (IFIP Networking), pp. 1–6, IEEE, 2021.
  43. “Pinata | Your home for NFT media.” https://www.pinata.cloud/.
  44. “Fleek: Build on the New Internet.” https://fleek.co/.
  45. “Ethereum Name Service (ENS).” ens.domains.
  46. R. Dingledine, N. Mathewson, and P. Syverson, “Tor: The Second-Generation Onion Router:,” tech. rep., Defense Technical Information Center, Jan. 2004. http://www.dtic.mil/docs/citations/ADA465464.
  47. G. Fanti, S. B. Venkatakrishnan, S. Bakshi, B. Denby, S. Bhargava, A. Miller, and P. Viswanath, “Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees,” May 2018. http://arxiv.org/abs/1805.11060.
  48. “Decentralized Storage Network.” https://filecoin.io/filecoin.pdf.
  49. B. Kaliski, “PKCS #5: Password-Based Cryptography Specification Version 2.0,” Request for Comments RFC 2898, Internet Engineering Task Force, Sept. 2000. https://datatracker.ietf.org/doc/rfc2898.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets