On Cryptocurrency Wallet Design

Author Ittay Eyal

Thumbnail PDF


  • Filesize: 1.43 MB
  • 16 pages

Document Identifiers

Author Details

Ittay Eyal
  • Technion, Haifa, Israel
  • IC3

Cite AsGet BibTex

Ittay Eyal. On Cryptocurrency Wallet Design. In 3rd International Conference on Blockchain Economics, Security and Protocols (Tokenomics 2021). Open Access Series in Informatics (OASIcs), Volume 97, pp. 4:1-4:16, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)


The security of cryptocurrency and decentralized blockchain-maintained assets relies on their owners safeguarding secrets, typically cryptographic keys. This applies equally to individuals keeping daily-spending amounts and to large asset management companies. Loss of keys and attackers gaining control of keys resulted in numerous losses of funds. The security of individual keys was widely studied with practical solutions available, from mnemonic phrases to dedicated hardware. There are also techniques for securing funds by requiring combinations of multiple keys. However, to the best of our knowledge, a crucial question was never addressed: How is wallet security affected by the number of keys, their types, and how they are combined? This is the focus of this work. We present a model where each key has certain probabilities for being safe, lost, leaked, or stolen (available only to an attacker). The number of possible wallets for a given number of keys is the Dedekind number, prohibiting an exhaustive search with many keys. Nonetheless, we bound optimal-wallet failure probabilities with an evolutionary algorithm. We evaluate the security (complement of failure probability) of wallets based on the number and types of keys used. Our analysis covers a wide range of settings and reveals several surprises. The failure probability general trend drops exponentially with the number of keys, but has a strong dependency on its parity. In many cases, but not always, heterogeneous keys (not all with the same fault probabilities) allow for superior wallets than homogeneous keys. Nonetheless, in the case of 3 keys, the common practice of requiring any pair is optimal in many settings. Our formulation of the problem and initial results reveal several open questions, from user studies of key fault probabilities to finding optimal wallets with very large numbers of keys. But they also have an immediate practical outcome, informing cryptocurrency users on optimal wallet design.

Subject Classification

ACM Subject Classification
  • Security and privacy → Formal security models
  • cryptocurrency
  • wallet
  • key-management
  • authentication


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Myrto Arapinis, Andriana Gkaniatsou, Dimitris Karakostas, and Aggelos Kiayias. A formal treatment of hardware wallets. In International Conference on Financial Cryptography and Data Security, pages 426-445. Springer, 2019. Google Scholar
  2. Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena, and Yanbin Lu. Password-protected secret sharing. In Proceedings of the 18th ACM conference on Computer and Communications Security, pages 433-444, 2011. Google Scholar
  3. Praveen Baratam. Secure cryptocurrency depository. URL: https://www.coinvault.tech/wp-content/uploads/2020/10/CoinVault-Secure-Cryptocurrency-Depository.pdf.
  4. Simon Barber, Xavier Boyen, Elaine Shi, and Ersin Uzun. Bitter to better, how to make Bitcoin a better currency. In Financial Cryptography and Data Security, pages 399-414. Springer, Bonaire, 2012. Google Scholar
  5. Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, and Edward W. Felten. Research perspectives on Bitcoin and second-generation cryptocurrencies. In Symposium on Security and Privacy, San Jose, CA, USA, 2015. IEEE. Google Scholar
  6. Joachim Breitner and Nadia Heninger. Biased nonce sense: Lattice attacks against weak ecdsa signatures in cryptocurrencies. In International Conference on Financial Cryptography and Data Security, pages 3-20. Springer, 2019. Google Scholar
  7. Randolph Church. Nunmerical analysis of certain free distributive structures. Duke Mathematical Journal, 6(3):732-734, 1940. URL: https://doi.org/10.1215/S0012-7094-40-00655-X.
  8. Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels. Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In 2020 IEEE Symposium on Security and Privacy (SP), pages 910-927. IEEE, 2020. Google Scholar
  9. Richard Dedekind. Über zerlegungen von zahlen durch ihre grössten gemeinsamen theiler. In Fest-Schrift der Herzoglichen Technischen Hochschule Carolo-Wilhelmina. Springer, 1897. Google Scholar
  10. Agoston E Eiben, James E Smith, et al. Introduction to evolutionary computing, volume 53. Springer, 2003. Google Scholar
  11. Shayan Eskandari, David Barrera, Elizabeth Stobert, and Jeremy Clark. A first look at the usability of bitcoin key management. In Workshop on Usable Security and Privacy (USEC). Internet Society, 2015. Google Scholar
  12. Benjamin Fabian, Tatiana Ermakova, Jonas Krah, Ephan Lando, and Nima Ahrary. Adoption of security and privacy measures in bitcoin-stated and actual behavior. Available at SSRN 3184130, 2018. Google Scholar
  13. Dinei Florencio and Cormac Herley. Is everything we know about password stealing wrong? IEEE Security & Privacy, 10(6):63-69, 2012. Google Scholar
  14. Rosario Gennaro and Steven Goldfeder. Fast multiparty threshold ecdsa with fast trustless setup. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1179-1194, 2018. Google Scholar
  15. Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan. Threshold-optimal dsa/ecdsa signatures and an application to bitcoin wallet security. In International Conference on Applied Cryptography and Network Security, pages 156-174. Springer, 2016. Google Scholar
  16. Andriana Gkaniatsou, Myrto Arapinis, and Aggelos Kiayias. Low-level attacks in bitcoin wallets. In International Conference on Information Security, pages 233-253. Springer, 2017. Google Scholar
  17. Stanislaw Jarecki, Aggelos Kiayias, Hugo Krawczyk, and Jiayu Xu. Highly-efficient and composable password-protected secret sharing (or: How to protect your bitcoin wallet online). In 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2016. Google Scholar
  18. Uri Kirstein, Shelly Grossman, Michael Mirkin, James Wilcox, Ittay Eyal, and Mooly Sagiv. Phoenix: A formally verified regenerating vault. arXiv preprint, 2021. URL: http://arxiv.org/abs/2106.01240.
  19. Yehuda Lindell and Ariel Nof. Fast secure multiparty ecdsa with practical distributed key generation and applications to cryptocurrency custody. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1837-1854, 2018. Google Scholar
  20. Malte Möser, Ittay Eyal, and Emin Gün Sirer. Bitcoin covenants. In International conference on financial cryptography and data security, pages 126-141. Springer, 2016. Google Scholar
  21. Adi Shamir. How to share a secret. Communications of the ACM, 22(11):612-613, 1979. Google Scholar
  22. Marie Vasek, Joseph Bonneau, Ryan Castellucci, Cameron Keith, and Tyler Moore. The bitcoin brain drain: Examining the use and abuse of bitcoin brain wallets. In International Conference on Financial Cryptography and Data Security, pages 609-618. Springer, 2016. Google Scholar
  23. Morgan Ward. Note on the order of the free distributive lattice, abstract 135. Bull. Amer. Math. Soc, 52, 1946. Google Scholar
  24. Doug Wiedemann. A computation of the eighth dedekind number. Order, 8(1):5-6, 1991. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail