W-OTS~+ Up My Sleeve! A Hidden Secure Fallback for Cryptocurrency Wallets

摘要

We introduce a new key generation mechanism where users can generate a "back up key", securely nested inside the secret key of a signature scheme. Our main motivation is that in case of leakage of the secret key, established techniques based on zero-knowledge proofs of knowledge are void since the key becomes public. On the other hand, the "back up key", which is secret, can be used to generate a "proof of ownership", i.e., only the real owner of this secret key can generate such a proof. To the best of our knowledge, this extra level of security is novel, and could have already been used in practice, if available, in digital wallets for cryptocurrencies that suffered massive leakage of account private keys. In this work, we formalize the notion of "Proof of Ownership" and "Fallback" as new properties. Then, we introduce our construction, which is compatible with major designs for wallets based on ECDSA, and adds a W-OTS~+ signing key as a "back up key". Thus offering a quantum secure fallback. This design allows the hiding of any quantum secure signature key pair, and is not exclusive to W-OTS~+. Finally, we briefly discuss the construction of multiple generations of proofs of ownership.