W-OTS+ up my Sleeve: A Hidden Secure Fallback for Cryptocurrency Wallets

Mario Yaksetig
xx labs
Cayman Islands

Joint work with David Chaum and Mario Larangeira

12:00pm (noon) – 1pm
Friday, March 31, 2023
Remotely via WebEx: https://umbc.webex.com/meet/sherman
Recording of Talk


We introduce a new key-generation mechanism where a user generates a “backup key”, securely nested inside the secret key of a cryptocurrency wallet. Our main motivation is that, in case the secret key is leaked, established techniques such as digital signatures or zero-knowledge proofs of knowledge become void since the secret key is exposed. A well-established result in this key-compromise setting is that an adversary who gained access to the leaked secret key, and an honest secret key owner, effectively become indistinguishable, because both parties have access to the same key. Our design does not have this limitation.

Using our construction, which relies on a “backup key” that is kept secret, users can generate “proofs-of-ownership” that can be produced only by the true owners of the key pair. When instantiated properly, our design offers the ability of integrating a quantum secure fallback securely nested in the ECDSA secret key.

To our knowledge, this extra level of security is novel. If used in digital wallets for cryptocurrencies, our mechanism could mitigate losses from leaks of account private keys. Blockchain bridges or high-value NFT collections can also benefit from this construction, because it provides more security to the owners and potentially prevents funds from being immediately stolen, even when the secret key of the cryptocurrency wallet is compromised. Furthermore, this construction represents a step towards simplifying the migration of traditional public-key pairs to post-quantum cryptography.

We introduce our novel construction, provide tight proofs of security for the key generation and signing components, and a formal-methods analysis using Verifpal to ensure that the formal-methods results match our initial security results. This construction is compatible with the main cryptocurrency wallet designs based on ECDSA and is modular to allow for the hiding of any quantum secure key pair.

About the Speaker:

Mario Yaksetig (mario@xx.network) is a former MS student intern at UMBC under the supervision of Alan T. Sherman. Presently, Mario works with David Chaum on the design and analysis of cryptographic protocols.


Alan T. Sherman, sherman@umbc.edu

Upcoming CDL Meetings:

  • April 14 – Speaker TBD
  • April 28 – Speaker TBD
  • May 12 – Speaker TBD
  • March 20-24, UMBC spring break. May 5, CSEE Research Day (Library 7 th floor)

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.

The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public.