Enhancing Multi-Signature Cryptocurrency Wallets with Risk-Based Authentication

Abstract

Cryptographic keys are among the most critical security tools in the world. At a basic level, these keys are passwords, and their effectiveness depends on remaining confidential and accessible to authorized users. Historically, key management was confined to a small group of technical experts because of the complexity of securing these secrets (i.e., private keys). However, due to blockchain and cryptocurrencies, millions of users are now directly managing their cryptographic keys. This shift has driven innovations to support individual key management and has created an opportunity to explore these innovations and propose further enhancements. This work examines these innovations, such as multi-signature keys and hierarchical deterministic seed phrases. We investigate the challenges between organizational and individual key and risk management practices and identify issues with multi-signature wallets. To address these challenges, we propose a novel risk-based authentication system that uses a hierarchical credential system to align risk with the confidence of a user’s identity and intent. From here, we design this system and evaluate its security and usability against a conventional multi-sig wallet using a hardware wallet paired with a mobile phone.We conclude by discussing how the underlying key management problem is closely related to identity and how there is a need to bind ownership and access of private keys to a more extensive set of credentials spanning social, physical, temporal, and geographic dimensions. We then recommend an approach that builds upon this work.