Enhancement of digital signature algorithm in bitcoin wallet

By

 Farah Maath Jasem, Ali Makki Sagheer, Abdullah M. Awad

     Bitcoin is a peer-to-peer electronic cash system largely used for online financial transactions. It gained popularity due to its anonymity, privacy, and comparatively low transaction cost. Its wallet heavily relies on Elliptic Curve Digital Signature Algorithm (ECDSA). Weaknesses in such algorithms can significantly affect the safety and the security of bitcoin wallets. In this paper, a secure key management wallet was designed based on several changes in the wallet parts. In the cold wallet, we employed an image-based passphrase to achieve a strong entropy source of master seed. The hot wallet, the proposed key_ Gen algorithm is modifying to the key generation step of the ECDSA that it is to generate a fresh key pair at each transaction. The final part ensures recovering all keys on both hot and cold wallets without daily backups in case of losing the wallet.

 The main components of the bitcoin system are Wallets, Peer to Peer (P2P) Bitcoin Network, Miners, and Blockchain . However, Bitcoin Wallets relies on public keys cryptography for user authentication, which allows the user to spend any Bitcoin associated with those keys. Loss of the private keys effectively means loss of funds and exposure of the public keys conveys. Moreover, Bitcoin provides a limited form of transaction unlikability . An attacker can use Blockchain to recursively link the history of the user?s transactions to a valid bitcoin address . Hence, user privacy. Moreover, the security of ECDSA and the bitcoin wallet keys management are the most important security and privacy issues at present in the cryptocurrency.

The proposed key management schema :Several proposed changes are aspired to increase the security of the bitcoin wallet against several known attacks. Moreover, overcoming the drawbacks of the standard model in the hot wallet, the cold wallet, and MS memorization. The proposed schema consists of three main correlated parts: Cold Wallet, Hot Wallet, and Recovery Wallet.

Cold wallet model is encompassed of five main steps, in which, several updates were made to the original model to overcome the drawbacks of the cold wallet original model. In the first step, MS _byte is generated by a modified BIP39 that it supported the Arabic language with the new encoding system. The second step, Master seed generation is one of the important factors to realize a secure bitcoin wallet is to generate the master seed of high entropy, ISPE algorithm is proposed to steganography the encoded bytes in an image selected by the user. ISPE uses the LSB algorithm to hide the encoded bytes of MS. Then, the master seed is generated using HMAC512, which accepts two inputs, Key and Data.

In the Hot wallet, the first part is the wallet initialization, which includes all the steps above such as the selection of language and number of mnemonic words, generate and save the secure image, and the number of passwords in a cold wallet, Merkel root, and creation of empty address book. In the second step, the user should select and export change and fast payment keys to the user hot wallet. Users with already configured wallets can immediately start sending and receiving bitcoins logging in and synchronizing their address book.

The proposed wallet recovery model  The proposed HDH connect cold and hot wallets where the deterministically derived passphrases in the cold wallet are further used to generate keys in the hot wallet. Therefore, the recovery of a user wallet is two steps process. Each step and show how the recovery is simplified due to the proposed image-based approach.

The findings prove that the proposed cold wallet is resisting against a dictionary attack and overcoming the memorizing problem. The proposed hot wallet model acquires good anonymity and privacy for bitcoin users by eliminating transaction likability without additional cost. The execution time for signing a transaction of the proposed model is~70 millisecond, which is then important in the bitcoin domain.

References:

 [1] S. Nakamoto, “Bitcoin : A Peer-to-Peer Electronic Cash System,” Satoshi Nakamoto Institute, pp. 1-9, 2008.

[2] H. Abdullah and A. H. Ibrahim, “Blockchain technology opportunities in kurdistan, applications and challenges,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 18, no. 1, pp. 405-411, April 2019.

[3] E. P. E. Deepika and E. R. Kaur, “Cryptocurrency: Trends, Perspectives and Challenges,” International Journal of Trend in Research and Development, vol. 4, no. 4, pp. 4-6, 2017.

[4] A. Biryukov and S. Tikhomirov, „Security and privacy of mobile wallet users in Bitcoin, Dash, Monero, and Zcash?, Pervasive Mob. Comput., vol. 59, 2019.

[5] D. I. Wang, “Secure Implementation of ECDSA Signatures in Bitcoin,” MSc in Information Security, pp. 1-78, 2014.

[6] S. Alani, Z. Zakaria, and M. M. Hamdi, “A Study Review on Mobile Ad-Hoc Network : Characteristics , Applications , Challenges and Routing Protocols Classification,” International Journal of Advanced Science and Technology, vol. 28, no. 1, pp. 394-405, 2019.

[7] H. L. H. S. Warnars, Y. Lanita, A. Prasetyo, and R. Randriatoamanana, “Smart integrated payment system for public transportation in jakarta,” Buletin of Electrical Engineering and Informatic, vol. 6, no. 3, pp. 241-249, 2017.

[8] J. Bucko, D. Pal?ová, and M. Vejacka, “Security and Trust in Cryptocurrencies,” in Central European Conference in Finance and Economics, pp. 14–24, 2015.

[9] S. Goswami, “Scalability Analysis of Blockchains Through Blockchain Simulation,” Bachelor of Technology-Computer Science, University of Nevada, Las Vegas, pp. 1-58, 2017.

[10] S. Alani, Z. Zakaria, and H. Lago, “A new energy consumption technique for mobile Ad-Hoc networks,” International Journal of Electrical & Computer Engineering, vol. 9, no. 5, pp. 4147-4153, Oct 2019.

[11] A. Houria, B. M. Abdelkader, and G. Abderezzak, “A comparison between the secp256r1 and the koblitz secp256k1 bitcoin curves,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 13, no. 3, pp. 910-918, 2019.

[12] E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, “Recommendation for key management part 1: General (revision 3),” NIST Special Publication, vol. 800, Part 1, no. 57, pp. 1-147, 2012.

[13] H. Hosseinian, H. Shahinzadeh, G. B. Gharehpetian, Z. Azani, and M. Shaneh, “Blockchain outlook for deployment of IoT in distribution networks and smart homes,” International Journal of Electrical and Computer Engineering, vol. 10, no. 3, pp. 2787-2796, June 2020.

[14] A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder, “Bitcoin and Cryptocurrency Technologies,” Princeton University Press, 2016.

[15] A. M. Fahad, A. A. Ahmed, A. H. Alghushami, and S. Alani, “Detection of Black Hole Attacks in Mobile Ad Hoc Networks via HSA-CBDS Method,” in Springer Nature Switzerland, Springer International Publishing, vol. 866, pp. 46-55, 2019.

[16] S. Goldfeder et al., “Securing Bitcoin wallets via a new DSA/ECDSA threshold signature scheme,” pp. 1-26, 2015.

[17] P. Dikshit and K. Singh, “Efficient weighted threshold ECDSA for securing bitcoin wallet,” 2017 ISEA Asia Security and Privacy (ISEASP), Surat, pp. 1-9, 2017.

[18] P. Dikshit and K. Singh, „Efficient weighted threshold ECDSA for securing bitcoin wallet?, in 2017 ISEA Asia Security and Privacy (ISEASP), pp. 1–9, 2017.

[19] T. Volety, S. Saini, T. McGhin, C. Z. Liu, and K.-K. R. Choo, “Cracking Bitcoin wallets: I want what you have in the wallets,” Future Generation Computer Systems, vol. 91, pp. 136-143, Feb 2019.

[20] O. Hosam, “Hiding Bitcoins in Steganographic Fractals,” 2018 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), Louisville, KY, USA, pp. 512-519, 2018.

[21] A. M. A. Farah Maath Jasim Ali Makki Sagheer, “Enhancing The Security Of The Bitcoin Wallet Master Seed,” College of Computer Science and Information Technology,University of Anbar, Ramadi, Iraq, pp. 609-615, 2019.

[22] S. Eskandari, D. Barrera, E. Stobert, and J. Clark, “A First Look at the Usability of Bitcoin Key Management,” in arXiv, vol. 8, no. 7, pp. 1-10, 2015.

[23] A. M. Odat and M. A. Otair, “Image Steganography using Modified Least Significant Bit,” Indian Journal of Science and Technology, vol. 9, no. 39, pp. 1-5, 2016.

[24] D. Wheeler, “zxcvbn Realistic password strength estimation,” Dropbox Tech Blog, April, 2012.

[25] S. Eskandari, J. Clark, D. Barrera, and E. Stobert, “A first look at the usability of bitcoin key management,” arXiv, pp. 1-10, 2018.