Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.5.899

A Private Key Management Guideline For Secure Blockchain-Based Services  

Noh, Siwan (Pukyong National University)
Rhee, Kyung-Hyune (Pukyong National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.5, 2022 , pp. 899-914 More about this Journal
Abstract
A blockchain-based decentralized service can offer reliable services without the centralized server by operating the system based on the consensus among byzantine participants. Participants can interact with the blockchain network through a digital signature mechanism but the private key management issue remains unresolved. NIST SP800-57 provides a key-management guidance but this guidance is not appropriate for blockchain-based services because it does not consider a decentralized environment. In this paper, we define the core functions of the blockchain wallet application for private key management and present security protections according to NIST SP800-57, as well as related techniques to satisfy them. Finally, we propose the private key management guideline for secure blockchain-based decentralized services.
Keywords
Blockchain; Wallet; Private Key Management;
Citations & Related Records
연도 인용수 순위
  • Reference
1 G. Li and L. You, "A Consortium Blockchain Wallet Scheme Basedon Dual-Threshold Key Sharing," Symmetry, vol. 13, no. 8, pp. 1444,Aug. 2021.
2 Gartner, "Hype Cycle for Blockchain 2021; More Action than Hype" https://blogs.gartner.com/avivah-litan/2021/07/14/hype-cycle-for-blockchain-2021-more-action-than-hype/ (accessed Apr. 18, 2022).
3 W3C, "Decentralized Identifiers (DIDs) v1.0," Jul. 2022.
4 "Digital vaccine passports aim to help South Koreans get back on the road",The Telegraph, Jun. 2021.
5 Deloitte, "Are Central BankDigital Currencies (CBDCs) the money of tomorrow?" https://www2.deloitte.com/lu/en/pages/banking-and-securities/articles/central-bank-digital-currencies-money-tomorrow.html. (accessedApr.18, 2022).
6 L. Lesavre, P. Varin, and D. Yaga,"Blockchain Networks: Token Design and Management Overview." NISTIR8301, Feb. 2021.
7 ITU-T, "X.1401: Security threatstodistributed ledger technology," T-REC-X.1401, Nov. 2019.
8 ISO, "ISO 22739: Blockchainanddistributed ledger technologies-Vocabulary," ISO 22739:2020, Jul.2020.
9 E. Barker, A. Roginsky, andR.Davis, "Recommendation for cryptographic key generation." NISTSP 800-133, Jun. 2020.
10 Coinbase, "Why digital signaturesareessential for blockchains" https://www.coinbase.com/cloud/discover/dev-foundations/digital-signatures (accessedApr. 19, 2022).
11 C. Muller, M. Brandenburger, C. Cachin, P. Felber, C. Gottel, and V. Schiavoni, "TZ4Fabric: Executing Smart Contracts with ARM TrustZone ?: (Practical Experience Report)," Proceedings of the 2020 International Symposium on Reliable Distributed Systems, pp. 31-40, Sep. 2020.
12 ethers, "Ethers.js" https://docs.ethers.io/v5/ (accessed Apr. 18, 2022).
13 GoQuorum, "GoQuorum Enterprise Et hereum Client" https://consensys.net/docs/goquorum/en/latest/ (accessed A pr. 18, 2022).
14 Hyperledger Foundation, "Hyperledger Besu" https://www.hyperledger.org/use/besu (accessed Apr. 18, 2022).
15 P. Wuille, "Hierarchical Deterministic Wallets," BIP-0032, Feb. 2012.
16 M. Palatinus and P. Rusnak, "Multi-Account Hierarchy for Deterministic Wallets," BIP-0044, Apr. 2014.
17 E. Barker, C. M. Gutierrez, R. Cresanti, and W. Jeffrey, "Recommendation for obtaining assurances for digital signature applications." NIST SP 800-89, Nov. 2006.
18 O. Hosam, "Hiding Bitcoins in Steganographic Fractals," Proceedings of the 2018 IEEE International Symposium on Signal Processing and Information Technology, pp. 512-519, Dec. 2018.
19 R. Soltani, U. T. Nguyen, and A. An,"Practical Key Recovery Model for Self-Sovereign Identity Based Digital Wallets," Proceedings of the 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligenceand Computing, Intl Conf on Cloudand Big Data Computing, Intl Conf on Cyber Science and Technology Congress, pp. 320-325, Aug. 2019.
20 F. Xiong, R. Xiao, W. Ren, R. Zheng,and J. Jiang, "A Key Protection Scheme Based on Secret Sharing for Blockchain-Based Construction Supply Chain System," IEEE Access, vol. 7,pp. 126773-126786, Aug. 2019.   DOI
21 Ethereum Development with Go,"Ethereum Keystores" https://goethereumbook.org/en/keystore/ (accessed Apr. 19, 2022).
22 W. M. Shbair, E. Gavrilov, andR.State, "HSM-based Key Management Solution for Ethereum Blockchain," Proceedings of the 2021 IEEEInternational Conference on Blockchain and Cryptocurrency, pp. 1-3, May 2021.
23 Samsung Developers, "Samsung Blockchain Keystore" https://developer.samsung.com/blockchain/keystore/overview.html (accessed Apr. 19, 2022).
24 W. Dai, J. Deng, Q. Wang, C. Cui, D. Zou, and H. Jin, "SBLWT: A Secure Blockchain Lightweight Wallet Based on Trustzone," IEEE Access, vol. 6, pp. 40638-40648, Jul. 2018.   DOI
25 Y. Wang, J. Li, S. Zhao, and F. Yu, "Hybridchain: A Novel Architecture for Confidentiality-Preserving and Performant Permissioned Blockchain Using Trusted Execution Environment," IEEE Access, vol. 8, pp. 190652-190662, Oct. 2020.   DOI
26 J. Han, M. Song, H. Eom, andY.Son, "An efficient multi-signaturewallet in blockchain using bloom filter." Proceedings of the 36thAnnual ACM Symposiumon AppliedComputing, pp. 273-281, Mar. 2021.
27 D.-P. Le, G. Yang, and A. Ghorbani,"A New Multisignature Schemewith Public Key Aggregation for Blockchain," Proceedings of the 201917th International Conferenceon Privacy, Security and Trust, pp. 1-7,Aug. 2019.
28 G. Andresen, "Pay to Script Hash," BIP-0016, Jan. 2012.
29 D. Boneh, M. Drijvers, and G. Neven, "Compact Multi-signatures for Smaller Blockchains," Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, pp. 435-464, Dec. 2018.
30 R. Kojima, D. Yamamoto, T.Shimoyama, K. Yasaki, and K.Nimura, "A New Schnorr Multi-Signatures to Support Both Multiple Messages Signing and KeyAggregation," Journal of InformationProcessing, vol. 29, pp. 525-536,2021.
31 L. Zhou, L. Wang, Y. Sun, andP. Lv,"BeeKeeper: A Blockchain-Based IoT System With Secure Storageand Homomorphic Computation," IEEE Access, vol. 6, pp. 43472-43488, Jun.2018.   DOI
32 J. P. Aumasson and O. Shlomovits,"Attacking Threshold Wallets,", IACRePrint 2020-1052, Sep. 2020.
33 G. Maxwell, A. Poelstra, Y. Seurin,and P. Wuille, "Simple Schnorrmulti-signatures with applicationsto Bitcoin," Designs, Codes and Cryptography, vol. 87, no. 9, pp. 2139-2164, Feb. 2019.   DOI
34 National Intelligence Service, "ACryptographic Guideline for Blockchain Technology Adoptioninthe Pulbic Institution," Dec. 2020.
35 M. Palatinus, P. Rusnak, A. Voisine, and S. Bowe, "Mnemonic code for generating deterministic keys," BIP-0039, Sep. 2013.
36 Play to Earn Online, "Play To Earn Games: Earn NFTs & Play-To-EarnCrypto News." https://www.playtoearn.online/ (accessed Apr. 18, 2022).
37 K. Grauer, W. Kueshner and H.Updegrave, "The 2022 Crypto CrimeReport: Original data and researchinto cryptocurrency-based crime," Chainalysis, Feb. 2022.
38 E. Barker, "Recommendationfor keymanagement: Part 1." NISTSP800-57 Part 1, May 2020.
39 D. Yaga, P. Mell, N. Roby, and K. Scarfone, "Blockchain Technology Overview," NIST IR 8202, Oct. 2018.
40 Gnosis, "Multisignature Wallet," https://github.com/Gnosis/MultiSigWallet (accessed Apr. 19, 2022).
41 C. Nevile, "Enterprise Ethereum Alliance Client Specification v7," Enterprise Ethereum Alliance, Apr. 2022.
42 Go Ethereum, "Go Ethereum" https://geth.ethereum.org/ (accessed Apr. 18, 2022).
43 Hyperledger Foundation, "Hyperledger Fabric" https://www.hyperledger.org/use/fabric (accessed Apr. 18, 2022).
44 J. Stanley, "Steganographic Bitcoin seeds: Hiding cash in plain sight," https://incoherency.co.uk/blog/stories/steganographic-bitcoin-seeds.html (accessed Apr. 18, 2022).
45 W. Dai, Q. Wang, Z. Wang, X. Lin, D. Zou, and H. Jin, "Trustzone-based secure lightweight wallet for hyperledger fabric," Journal of Parallel and Distributed Computing, vol. 149, pp. 66-75, Mar. 2021.   DOI
46 Z. Jian, Q. Ran, and S. Liyan, "Securing Blockchain Wallets Efficiently Based on Threshold ECDSA Scheme Without Trusted Center," Proceedings of the 2021 Asia-Pacific Conference on Communications Technology and Computer Science, pp. 47-51, Jan. 2021.
47 E. Androulaki, A. Barger, V. Bortnikov, C. Cachin, K. Christidis, A.D. Caro, D. Enyeart, C. Ferris, G. Laventman, Y. Manevich, S. Muralidharan, C. Murthy, B. Nguyen, M. Sethi, G. Singh, K. Smith, A. Sorniotti, C. Stathakopoulou, M.Vukolic, S.W. Cocco, and J. Yellick,"Hyperledger Fabric: A Distributed Operating System for PermissionedBlockchains," Proceedings of thethirteenth Euro Sys conference, pp. 1-15, Apr. 2018.
48 H. P. Singh, K. Stefanidis, and F.Kirstein, "A Private Key Recovery Scheme Using Partial Knowledge," Proceedings of the 2021 11th IFIPInternational Conference on NewTechnologies, Mobility and Security,pp. 1-5, Apr. 2021.
49 W. Zheng, K. Wang, and F.-Y. Wang,"GAN-Based Key Secret-Sharing Scheme in Blockchain," IEEE transactions on cybernetics, vol. 51,no. 1, pp. 393-404, Jan. 2021.   DOI
50 C. D. Gonzalez, D. F. Mena, A. M. Munoz, O. Rojas, and G. Sosa-Gomez, "Electronic Voting System Using an Enterprise Blockchain," Applied Sciences, vol. 12, no. 2, pp. 531, Jan. 2022.