{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:40:16Z","timestamp":1760146816922,"version":"build-2065373602"},"reference-count":45,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2024,12,18]],"date-time":"2024-12-18T00:00:00Z","timestamp":1734480000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"JSPS KAKENHI","award":["JP23K28070 (formerly, JP23H03380)"],"award-info":[{"award-number":["JP23K28070 (formerly, JP23H03380)"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>With the widespread adoption and increasing application of blockchain technology, cryptocurrency wallets used in Bitcoin and Ethereum play a crucial role in facilitating decentralized asset management and secure transactions. However, wallet security relies heavily on private keys, with insufficient attention to the risks of theft and exposure. To address this issue, Chaum et al. (ACNS\u201921) proposed a \u201cproof of ownership\u201d method using a \u201cbackup key\u201d to prove ownership of private keys even when exposed. However, their interactive proof approach is inefficient in large-scale systems and vulnerable to side-channel attacks due to the long key generation time. Other related schemes also suffer from low efficiency and complex key management, increasing the difficulty of securely storing backup keys. In this paper, we present an efficient, non-interactive proof generation approach for ownership of secret keys using a single backup key. Our approach leverages non-interactive zero-knowledge proofs and symmetric encryption, allowing users to generate multiple proofs with one fixed backup key, simplifying key management. Additionally, our scheme resists quantum attacks and provides a fallback signature. Our new scheme can be proved to capture unforgeability under the computational indistinguishability from the Uniformly Random Distribution property of a proper hash function and soundness in the quantum random oracle model. Experimental results indicate that our approach achieves a short key generation time and enables an efficient proof generation scheme in large-scale decentralized systems. Compared with state-of-the-art schemes, our approach is applicable to a broader range of scenarios due to its non-interactive nature, short key generation time, high efficiency, and simplified key management system.<\/jats:p>","DOI":"10.3390\/cryptography8040057","type":"journal-article","created":{"date-parts":[[2024,12,18]],"date-time":"2024-12-18T11:17:22Z","timestamp":1734520642000},"page":"57","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["On the Proof of Ownership of Digital Wallets"],"prefix":"10.3390","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-8672-3858","authenticated-orcid":false,"given":"Chen","family":"Wang","sequence":"first","affiliation":[{"name":"Graduate School of Natural Science and Technology, Kanazawa University, Kanazawa 920-1192, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zi-Yuan","family":"Liu","sequence":"additional","affiliation":[{"name":"Graduate School of Natural Science and Technology, Kanazawa University, Kanazawa 920-1192, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Masahiro","family":"Mambo","sequence":"additional","affiliation":[{"name":"Institute of Science and Engineering, Kanazawa University, Kanazawa 920-1192, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2024,12,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Arapinis, M., Gkaniatsou, A., Karakostas, D., and Kiayias, A. (2019, January 18\u201322). A formal treatment of hardware wallets. Proceedings of the Financial Cryptography and Data Security: 23rd International Conference, FC 2019, Frigate Bay, St. Kitts and Nevis. Revised Selected Papers 23.","DOI":"10.1007\/978-3-030-32101-7_26"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Das, P., Faust, S., and Loss, J. (2019, January 31). A formal treatment of deterministic wallets. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA.","DOI":"10.1145\/3319535.3354236"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"22","author":"Hellman","year":"1976","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1145\/359340.359342","article-title":"A method for obtaining digital signatures and public-key cryptosystems","volume":"21","author":"Rivest","year":"1978","journal-title":"Commun. ACM"},{"key":"ref_5","unstructured":"Brown, D.R. (2010). Sec 2: Recommended Elliptic Curve Domain Parameters, Standards for Efficient Cryptography Group."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"303","DOI":"10.1137\/S0036144598347011","article-title":"Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer","volume":"41","author":"Shor","year":"1999","journal-title":"SIAM Rev."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"5521","DOI":"10.1109\/JSYST.2022.3173538","article-title":"Efficient medical big data management with keyword-searchable encryption in healthchain","volume":"16","author":"Li","year":"2022","journal-title":"IEEE Syst. J."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"19838","DOI":"10.1109\/JIOT.2024.3370708","article-title":"Efficient Designated Verifier Signature for Secure Cross-Chain Health Data Sharing in BIoMT","volume":"11","author":"Li","year":"2024","journal-title":"IEEE Internet Things J."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Boschini, C., Dahari, H., Naor, M., and Ronen, E. (2024, January 18\u201322). That\u2019s not my signature! Fail-stop signatures for a post-quantum world. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-031-68376-3_4"},{"key":"ref_10","unstructured":"Rackoff, C., and Simon, D.R. (1991, January 11\u201315). Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Chaum, D., Larangeira, M., Yaksetig, M., and Carter, W. (2021, January 21\u201324). W-OTS+ up my sleeve! A hidden secure fallback for cryptocurrency wallets. Proceedings of the International Conference on Applied Cryptography and Network Security, Virtual.","DOI":"10.1007\/978-3-030-78372-3_8"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Standaert, F.X. (2010). Introduction to side-channel attacks. Secure Integrated Circuits and Systems, Springer.","DOI":"10.1007\/978-0-387-71829-3_2"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ruffing, T., Moreno-Sanchez, P., and Kate, A. (2014, January 7\u201311). Coinshuffle: Practical decentralized coin mixing for bitcoin. Proceedings of the Computer Security-ESORICS 2014: 19th European Symposium on Research in Computer Security, Wroclaw, Poland. Proceedings, Part II 19.","DOI":"10.1007\/978-3-319-11212-1_20"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gutoski, G., and Stebila, D. (2015, January 30). Hierarchical deterministic bitcoin wallets that tolerate key leakage. Proceedings of the International Conference on Financial Cryptography and Data Security, San Juan, Puerto Rico.","DOI":"10.1007\/978-3-662-47854-7_31"},{"key":"ref_15","unstructured":"Fiat, A., and Shamir, A. (1986, January 1). How to prove yourself: Practical solutions to identification and signature problems. Proceedings of the Conference on the Theory and Application of Cryptographic Techniques, Linz, Austria."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Ishai, Y., Kushilevitz, E., Ostrovsky, R., and Sahai, A. (2007, January 11\u201313). Zero-knowledge from secure multiparty computation. Proceedings of the Thirty-Ninth Annual ACM Symposium on Theory of Computing, San Diego, CA, USA.","DOI":"10.1145\/1250790.1250794"},{"key":"ref_17","unstructured":"Giacomelli, I., Madsen, J., and Orlandi, C. (2016, January 10\u201312). {ZKBoo}: Faster {Zero-Knowledge} for Boolean Circuits. Proceedings of the 25th USENIX Security Symposium (USENIX Security 16), Austin, TX, USA."},{"key":"ref_18","unstructured":"Chase, M., Derler, D., Goldfeder, S., Katz, J., Kolesnikov, V., Orlandi, C., Ramacher, S., Rechberger, C., Slamanig, D., and Wang, X. (2024, December 13). The Picnic Signature Scheme. Submission to NIST Post-Quantum Cryptography Project. Available online: https:\/\/raw.githubusercontent.com\/microsoft\/Picnic\/master\/spec\/design-v2.2.pdf."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"de Saint Guilhem, C.D., De Meyer, L., Orsini, E., and Smart, N.P. (2019, January 14\u201316). BBQ: Using AES in picnic signatures. Proceedings of the International Conference on Selected Areas in Cryptography, Waterloo, ON, Canada.","DOI":"10.1007\/978-3-030-38471-5_27"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Liu, Q., and Zhandry, M. (2019, January 18\u201322). Revisiting post-quantum fiat-shamir. Proceedings of the Advances in Cryptology\u2013CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-030-26951-7_12"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Don, J., Fehr, S., and Majenz, C. (2020, January 17\u201321). The measure-and-reprogram technique 2.0: Multi-round fiat-shamir and more. Proceedings of the Annual International Cryptology Conference, Virtual.","DOI":"10.1007\/978-3-030-56877-1_21"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Baum, C., de Saint Guilhem, C.D., Kales, D., Orsini, E., Scholl, P., and Zaverucha, G. (2021, January 10\u201313). Banquet: Short and fast signatures from AES. Proceedings of the IACR International Conference on Public-Key Cryptography, Virtual.","DOI":"10.1007\/978-3-030-75245-3_11"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., and Zohner, M. (2015, January 26\u201330). Ciphers for MPC and FHE. Proceedings of the Advances in Cryptology\u2013EUROCRYPT 2015: 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria. Proceedings, Part I 34.","DOI":"10.1007\/978-3-662-46800-5_17"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"130","DOI":"10.46586\/tosc.v2020.i4.130-146","article-title":"Cryptanalysis of LowMC instances using single plaintext\/ciphertext pair","volume":"2020","author":"Banik","year":"2020","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Banik, S., Barooti, K., Vaudenay, S., and Yan, H. (2021, January 6\u201310). New attacks on LowMC instances with a single plaintext\/ciphertext pair. Proceedings of the Advances in Cryptology\u2013ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore. Proceedings, Part I 27.","DOI":"10.1007\/978-3-030-92062-3_11"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Dobraunig, C., Kales, D., Rechberger, C., Schofnegger, M., and Zaverucha, G. (2022, January 7\u201311). Shorter signatures based on tailor-made minimalist symmetric-key crypto. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA.","DOI":"10.1145\/3548606.3559353"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Kim, S., Ha, J., Son, M., Lee, B., Moon, D., Lee, J., Lee, S., Kwon, J., Cho, J., and Yoon, H. (2023, January 26\u201330). AIM: Symmetric primitive for shorter signatures with stronger security. Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark.","DOI":"10.1145\/3576915.3616579"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Liu, F., Mahzoun, M., \u00d8ygarden, M., and Meier, W. (2024, December 13). Algebraic attacks on RAIN and AIM using equivalent representations. Cryptol. Eprint Arch., Available online: https:\/\/eprint.iacr.org\/2023\/1133.","DOI":"10.46586\/tosc.v2023.i4.166-186"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Zhang, K., Wang, Q., Yu, Y., Guo, C., and Cui, H. (2023, January 4\u20138). Algebraic Attacks on Round-Reduced Rain and Full AIM-III. Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Guangzhou, China.","DOI":"10.1007\/978-981-99-8727-6_10"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Raavi, M., Wuthier, S., Chandramouli, P., Balytskyi, Y., Zhou, X., and Chang, S.Y. (2021, January 21\u201324). Security comparisons and performance analyses of post-quantum signature algorithms. Proceedings of the International Conference on Applied Cryptography and Network Security, Virtual.","DOI":"10.1007\/978-3-030-78375-4_17"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Sikeridis, D., Kampanakis, P., and Devetsikiotis, M. (2024, December 13). Post-quantum authentication in TLS 1.3: A performance study. Cryptol. Eprint Arch., Available online: https:\/\/eprint.iacr.org\/2020\/071.","DOI":"10.14722\/ndss.2020.24203"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Au, M.H., Susilo, W., and Mu, Y. (2010, January 5\u20137). Proof-of-knowledge of representation of committed value and its applications. Proceedings of the Australasian Conference on Information Security and Privacy, Sydney, Australia.","DOI":"10.1007\/978-3-642-14081-5_22"},{"key":"ref_33","unstructured":"Tan, T.G., and Zhou, J. (2021, January 10\u201312). Layering quantum-resistance into classical digital signature algorithms. Proceedings of the Information Security: 24th International Conference, ISC 2021, Virtual Event. Proceedings 24."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Chase, M., Derler, D., Goldfeder, S., Orlandi, C., Ramacher, S., Rechberger, C., Slamanig, D., and Zaverucha, G. (November, January 30). Post-quantum zero-knowledge and signatures from symmetric-key primitives. Proceedings of the 2017 ACM Sigsac Conference on Computer and Communications Security, Dallas, TX, USA.","DOI":"10.1145\/3133956.3133997"},{"key":"ref_35","unstructured":"Chaum, D., Larangeira, M., and Yaksetig, M. (2022, January 12\u201314). Tweakable Sleeve: A Novel Sleeve Construction Based on Tweakable Hash Functions. Proceedings of the the International Conference on Mathematical Research for Blockchain Economy, Vilamoura, Portugal."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Fersch, M., Kiltz, E., and Poettering, B. (2017, January 12\u201315). On the one-per-message unforgeability of (EC) DSA and its variants. Proceedings of the Theory of Cryptography: 15th International Conference, TCC 2017, Baltimore, MD, USA. Proceedings, Part II 15.","DOI":"10.1007\/978-3-319-70503-3_17"},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1007\/s001450010003","article-title":"Security arguments for digital signatures and blind signatures","volume":"13","author":"Pointcheval","year":"2000","journal-title":"J. Cryptol."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Katz, J., Kolesnikov, V., and Wang, X. (2018, January 3). Improved non-interactive zero knowledge with applications to post-quantum signatures. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA.","DOI":"10.1145\/3243734.3243805"},{"key":"ref_39","unstructured":"Alagic, G., Alagic, G., Apon, D., Cooper, D., Dang, Q., Dang, T., Kelsey, J., Lichtinger, J., Liu, Y.K., and Miller, C. (2024, December 13). Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process, Available online: https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=934458."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Don, J., Fehr, S., Majenz, C., and Schaffner, C. (2019, January 18\u201322). Security of the Fiat-Shamir transformation in the quantum random-oracle model. Proceedings of the Advances in Cryptology\u2013CRYPTO 2019: 39th Annual International Cryptology Conference, Santa Barbara, CA, USA. Proceedings, Part II 39.","DOI":"10.1007\/978-3-030-26951-7_13"},{"key":"ref_41","unstructured":"Bindseil, U. (2024, December 16). Tiered CBDC and the financial system. Available Ssrn 3513422, Available online: https:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=3513422."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Baum, C., Braun, L., de Saint Guilhem, C.D., Kloo\u00df, M., Orsini, E., Roy, L., and Scholl, P. (2023, January 19\u201324). Publicly verifiable zero-knowledge and post-quantum signatures from vole-in-the-head. Proceedings of the Annual International Cryptology Conference, Santa Barbara, CA, USA.","DOI":"10.1007\/978-3-031-38554-4_19"},{"key":"ref_43","unstructured":"Balumuri, S., Eaton, E., and Lamontagne, P. (2024). Quantum-Safe Public Key Blinding from MPC-in-the-Head Signature Schemes. Cryptol. Eprint Arch., Available online: https:\/\/eprint.iacr.org\/2024\/945."},{"key":"ref_44","unstructured":"Kales, D., and Zaverucha, G. (2022). Efficient lifting for shorter zero-knowledge proofs and post-quantum signatures. Cryptol. Eprint Arch., Available online: https:\/\/eprint.iacr.org\/2022\/588."},{"key":"ref_45","unstructured":"Don, J., Fehr, S., Majenz, C., and Schaffner, C. (June, January 30). Online-extractability in the quantum random-oracle model. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/4\/57\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:54:56Z","timestamp":1760115296000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/4\/57"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,18]]},"references-count":45,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["cryptography8040057"],"URL":"https:\/\/doi.org\/10.3390\/cryptography8040057","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2024,12,18]]}}}