Secure hierarchical Bitcoin wallet scheme against privilege escalation attacks

  • Chun-I FanEmail author
  • Yi-Fan Tseng
  • Hui-Po Su
  • Ruei-Hau Hsu
  • Hiroaki Kikuchi
Special Issue Paper


As the rising popularity of Bitcoin, people tend to use Bitcoin wallets to manage the keys for spending or receiving funds. Instead of generating randomly pairs of keys, which may need higher space complexity for key management, hierarchical deterministic (HD) wallets derive all the keys from a single seed, which is sufficient to recover all the keys, to reduce the complexity of key management. In an HD wallet, it allows users to generate child public keys from the parent public keys without knowing any of the corresponding private keys. This feature allows a permitted auditor to derive all the public keys for auditing. However, this feature makes HD wallets suffered from so-called privilege escalation attacks, where the leakage of any child private key along with its parent public key will expose the other child private keys. To confront with this security flaw, we propose a novel HD wallet scheme that gives out a signature with trapdoor hash functions instead of directly giving private keys for signing. Since it conceals private keys from any child nodes, it can prevent from privilege escalation attacks. Nevertheless, the proposed scheme also provides unlinkability between two public keys to achieve anonymity of user identities and high scalability to the derivations of huge amount of keys. Thus, the proposed scheme achieves user anonymity, public key derivation, and high scalability.


Bitcoin HD wallets BIP032 Privilege escalation attacks Schnorr signature Trapdoor hash function 



This work was supported by Taiwan Information Security Center at National Sun Yat-sen University (TWISC@NSYSU) and the Intelligent Electronic Commerce Research Center from the Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education (MOE) in Taiwan.


This study was funded by the Ministry of Science and Technology of Taiwan (MOST 105-2923-E-110-001-MY3, MOST 107-2218-E-110-014).

Compliance with ethical standards

Conflict of interest

Chun-I Fan, Yi-Fan Tseng, Hui-Po Su, Ruei-Hau Hsu and Hiroaki Kikuchi declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. 1.
    Arruda, T.V., Venturini, Y.R., Sakata, T.C.: Performance analysis of parallel modular multiplication algorithms for ECC in mobile devices. Revista de Sistemas de Informação da FSMA 13, 57–67 (2014)Google Scholar
  2. 2.
    Axon, L: Privacy-awareness in blockchain-based PKI. CDT Technical Paper Series 21/15 (2015) Google Scholar
  3. 3.
    Barcelo, J.: User privacy in the public bitcoin blockchain (2014). Accessed 9 May 2016
  4. 4.
    Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Annual International Cryptology Conference, pp. 1–15. Springer (1996)Google Scholar
  5. 5.
    Buterin, V.: Deterministic wallets, their advantages and their understated flaws. Bitcoin Magazine (2013).
  6. 6.
    Courtois, N.T., Emirdag, P., Valsorda, F.: Private key recovery combination attacks: On extreme fragility of popular bitcoin key management, wallet and cold storage solutions in presence of poor RNG events. Cryptology ePrint Archive, Report 2014/848 (2014).
  7. 7.
    Courtois, N., Mercer, R.: Stealth address and key management techniques in blockchain systems. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy, vol. 1, pp. 559–566. ICISSP (2017). ISBN 978-989-758-209-7.
  8. 8.
    Dagher, G.G., Bünz, B., Bonneau, J., Clark, J., Boneh, D.: Provisions: privacy-preserving proofs of solvency for bitcoin exchanges. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 720–731 (2015)Google Scholar
  9. 9.
    Eskandari, S., Clark, J., Barrera, D., Stobert, E.: A first look at the usability of bitcoin key management. arXiv preprint arXiv:1802.04351 (2018)
  10. 10.
    Goldfeder, S., Gennaro, R., Kalodner, H., Bonneau, J., Kroll, J.A., Felten, E.W., Narayanan, A.: Securing bitcoin wallets via a new DSA/ECDSA threshold signature scheme. (2015)
  11. 11.
    Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: Böhme, R., Okamoto, T. (eds.) Financial Cryptography and Data Security, pp. 497–504. Springer, Berlin (2015)CrossRefGoogle Scholar
  12. 12.
    Gutoski, G., Stebila, D.: Hierarchical deterministic bitcoin wallets that tolerate key leakage. In: International Conference on Financial Cryptography and Data Security, pp. 497–504. Springer (2015)Google Scholar
  13. 13.
    Kent, S.: Evaluating certification authority security. In: IEEE Aerospace Conference, pp. 319–327 (1998)Google Scholar
  14. 14.
    Latinov, L.: MD5, SHA-1, SHA-256 and SHA-512 speed performance. (2018)
  15. 15.
    Levi, A., Caglayan, M.U.: The problem of trusted third party in authentication and digital signature protocols. In: Proceedings of the 12th International Symposium on Computer and Information Sciences (1997)Google Scholar
  16. 16.
    Nakamoto S.: Bitcoin: A peer-to-peer electronic cash system. (2008)
  17. 17.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 387–398. Springer (1996)Google Scholar
  18. 18.
    Rezai, A., Keshavarzi, P.: High-throughput modular multiplication and exponentiation algorithms using multibit-scan–multibit-shift technique. IEEE Trans. Very Larg. Scale (VLSI) Integr. Syst. 23(9), 1710–1719 (2015) CrossRefGoogle Scholar
  19. 19.
    Schmidt, R., Möhring, M., Glück, D., Haerting, R., Keller, B., Reichstein, C.: Benefits from using bitcoin: empirical evidence from a European country. Int. J. Serv. Sci. Manag. Eng. Technol. (IJSSMET) 7(4), 48–62 (2016)Google Scholar
  20. 20.
    Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991) CrossRefGoogle Scholar
  21. 21.
    Schoenmakers, B.: Security aspects of the ecash\(^{{\rm TM}}\) payment system. In: State of the Art in Applied Cryptography. Lecture Notes in Computer Science, vol. 1528. Springer, Berlin, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Annual International Cryptology Conference, pp. 355–367. Springer (2001)Google Scholar
  23. 23.
    Wuille, P.: Hierarchical deterministic wallets. (2012)

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringNational Sun Yat-sen UniversityKaohsiungTaiwan
  2. 2.Department of Computer ScienceNational Chengchi UniversityTaipeiTaiwan
  3. 3.Department of Frontier Media ScienceMeiji UniversityTokyoJapan

Personalised recommendations