{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,7]],"date-time":"2025-10-07T01:07:56Z","timestamp":1759799276296,"version":"build-2065373602"},"reference-count":34,"publisher":"International Association for Cryptologic Research","issue":"3","license":[{"start":{"date-parts":[[2025,4,4]],"date-time":"2025-04-04T00:00:00Z","timestamp":1743724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2025,9,2]]},"abstract":"<jats:p>Bitcoin is one of the famous cryptocurrencies in the world. It is a permissionless blockchain, and all transactions are stored in a public decentralized ledger. In its security design, Bitcoin utilizes various cryptographic primitives, such as hash functions and signature schemes. In the current version of Bitcoin, the Elliptic Curve Digital Signature Algorithm (ECDSA)  is employed, which is not considered post-quantum secure due to the Shor's algorithm. Since December 2016, the National Institute of Standards and Technology (NIST) initiated a process to standardize certain post-quantum cryptographic primitives, including key encapsulation mechanisms (KEMs), public key encryption (PKE), and digital signature schemes. Dilithium, a lattice-based digital signature scheme, emerged as one of the winners of this competition and is recently standardized as ML-DSA (FIPS 204). In this work, we analyze the potential replacement of the ECDSA signature, the current signature in Bitcoin, with Dilithium, which is a post-quantum digital signature. This replacement will have a significant impact on many protocols within the Bitcoin ecosystem. The ECDSA algorithms are not only utilized for transaction signing and verification but also in wallet management. Bitcoin operates on a pseudonymous system rather than complete anonymity. To enhance privacy protection, the Bitcoin community has adopted a special type of (hierarchical) deterministic wallet as outlined in Bitcoin Improvement Proposal 32 (BIP32). We have constructed deterministic wallets by first designing DilithiumRK, a signature scheme with rerandomizable keys from Dilithium. Subsequently, we conducted a thorough security analysis and successful implementation of DilithiumRK. <\/jats:p>","DOI":"10.62056\/ak5wom2hd","type":"journal-article","created":{"date-parts":[[2025,10,6]],"date-time":"2025-10-06T18:49:52Z","timestamp":1759776592000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":0,"title":["Towards Post-Quantum Bitcoin Blockchain using Dilithium Signature"],"prefix":"10.62056","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-0578-4512","authenticated-orcid":false,"given":"Michel","family":"Seck","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/046xg8y70","id-type":"ROR","asserted-by":"publisher"}],"name":"LTISI, CRISIN'2D, Ecole Polytechnique de Thies","place":["Thies, Senegal"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0617-9606","authenticated-orcid":false,"given":"Adeline","family":"Roux-Langlois","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/051kpcy16","id-type":"ROR","asserted-by":"publisher"}],"name":"Universit\u00e9 Caen Normandie, ENSICAEN, CNRS, Normandie Univ","place":["6 Boulevard Mar\u00e9chal Juin, Caen, F-14000, France"],"department":["GREYC UMR6072"]}]}],"member":"48349","published-online":{"date-parts":[[2025,10,6]]},"reference":[{"key":"ref1:Nakamoto","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3440802","article-title":"Bitcoin: A peer-to-peer electronic cash system","author":"Satoshi Nakamoto","year":"2008","journal-title":"Decentralized business review"},{"key":"ref2:NIST2013","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.FIPS.186-4","volume-title":"Digital Signature Standard (DSS), Federal Information\n  Processing Standard Publication 186-4","author":"National Institute of Standards","year":"2013"},{"key":"ref3:Khalilov2018","doi-asserted-by":"publisher","first-page":"2543","DOI":"10.1109\/COMST.2018.2818623","article-title":"A survey on anonymity and privacy in bitcoin-like digital\n  cash systems","volume":"20","author":"Merve Can Kus Khalilov","year":"2018","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"ref4:Tor","volume-title":"Tor directory protocol, version 3","author":"Tor"},{"key":"ref5:Hopper13","volume-title":"Proving Security of Tor's Hidden Service Identity Blinding\n  Protocol","author":"Nicholas Hopper","year":"2013"},{"key":"ref6:Fleischhacker2016","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1007\/978-3-662-49384-7_12","article-title":"Efficient unlinkable sanitizable signatures from signatures\n  with re-randomizable keys","author":"Nils Fleischhacker","year":"2016"},{"key":"ref7:Gutoski2015","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/978-3-662-47854-7_31","article-title":"Hierarchical deterministic bitcoin wallets that tolerate key\n  leakage","author":"Gus Gutoski","year":"2015"},{"key":"ref8:DasBip32","doi-asserted-by":"publisher","first-page":"1020","DOI":"10.1145\/3460120.3484807","article-title":"The exact security of BIP32 wallets","author":"Poulami Das","year":"2021"},{"key":"ref9:LiuYang2022","doi-asserted-by":"publisher","first-page":"2934","DOI":"10.1109\/TDSC.2021.3078463","article-title":"Secure deterministic wallet and stealth address:\n  Key-insulated and privacy-preserving signature scheme with publicly derived\n  public key","volume":"19","author":"Zhen Liu","year":"2021","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"ref10:Das19","doi-asserted-by":"publisher","first-page":"651","DOI":"10.1145\/3319535.3354236","article-title":"A formal treatment of deterministic wallets","author":"Poulami Das","year":"2019"},{"key":"ref11:Alkadri2020","doi-asserted-by":"publisher","first-page":"1017","DOI":"10.1145\/3372297.3423361","article-title":"Deterministic wallets in a quantum world","author":"Nabil Alkeilani Alkadri","year":"2020"},{"key":"ref12:ER22","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-031-17146-8_24","article-title":"Deterministic Wallets for Adaptor Signatures","author":"Andreas Erwig","year":"2022"},{"key":"ref13:Yin22","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-031-17140-6_5","article-title":"Secure hierarchical deterministic wallet supporting stealth\n  address","author":"Xin Yin","year":"2022"},{"key":"ref14:Das23","isbn-type":"print","doi-asserted-by":"publisher","DOI":"10.1145\/3708821.3710830","article-title":"BIP32-Compatible Threshold Wallets","author":"Poulami Das","year":"2025","ISBN":"https:\/\/id.crossref.org\/isbn\/9798400709176"},{"key":"ref15:Hu2024","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1186\/s42400-024-00216-w","article-title":"Efficient post-quantum secure deterministic wallet scheme","volume":"7","author":"Mingxing Hu","year":"2024","journal-title":"Cybersecurity"},{"key":"ref16:Hu2023","volume-title":"Post-Quantum Secure Deterministic Wallet: Stateless,\n  Hot\/Cold Setting, and More Secure","author":"Mingxing Hu","year":"2023"},{"key":"ref17:shaw2023compact","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1007\/978-981-99-7563-1_18","article-title":"Compact stateful deterministic wallet from isogeny-based\n  signature featuring uniquely rerandomizable public keys","author":"Surbhi Shaw","year":"2023"},{"key":"ref18:das2024efficient","doi-asserted-by":"publisher","first-page":"522","DOI":"10.1145\/3634737.3657008","article-title":"Efficient post-quantum secure deterministic threshold\n  wallets from isogenies","author":"Poulami Das","year":"2024"},{"key":"ref19:shaw2025post","doi-asserted-by":"publisher","first-page":"115127","DOI":"10.1016\/j.tcs.2025.115127","article-title":"Post-quantum secure compact deterministic wallets from\n  isogeny-based signatures with rerandomized keys","volume":"1035","author":"Surbhi Shaw","year":"2025","journal-title":"Theoretical Computer Science"},{"key":"ref20:qTesla2020","doi-asserted-by":"publisher","first-page":"441","DOI":"10.1007\/978-3-030-57808-4_22","article-title":"The lattice-based digital signature scheme qTESLA","author":"Erdem Alkim","year":"2020"},{"key":"ref21:Falcon18","first-page":"1","volume-title":"Falcon: Fast-Fourier lattice-based compact signatures over\n  NTRU","author":"Pierre-Alain Fouque","year":"2018"},{"key":"ref22:BIP32","volume-title":"BIP32 proposal","author":"Bitcoin Wiki","year":"2018"},{"key":"ref23:JS22","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1007\/978-3-031-06944-4_13","article-title":"On the security of ECDSA with additive key derivation and\n  presignatures","author":"Jens Groth","year":"2022"},{"key":"ref24:FIPS204","volume-title":"Module-Lattice-Based Digital Signature Standard","author":"National Institute of Standards","year":"2024"},{"key":"ref25:Eaton23","volume-title":"Security Analysis of Signature Schemes with Key Blinding","author":"Edward Eaton","year":"2023"},{"key":"ref26:ESS21","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-030-88238-9_4","article-title":"Post-quantum key-blinding for authentication in anonymity\n  networks","author":"Edward Eaton","year":"2021"},{"key":"ref27:Dev2023","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-031-38554-4_11","article-title":"A detailed analysis of Fiat-Shamir with aborts","author":"Julien Devevey","year":"2023"},{"key":"ref28:barbosa2023fixing","series-title":"Lecture Notes in Computer Science","isbn-type":"print","doi-asserted-by":"publisher","first-page":"358","DOI":"10.1007\/978-3-031-38554-4_12","article-title":"Fixing and Mechanizing the Security Proof of Fiat-Shamir\n  with Aborts and Dilithium","volume":"14083","author":"Manuel Barbosa","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9783031385544"},{"key":"ref29:Dilithium2018","doi-asserted-by":"publisher","first-page":"238","DOI":"10.13154\/tches.v2018.i1.238-268","article-title":"Crystals-dilithium: A lattice-based digital signature\n  scheme","author":"L\u00e9o Ducas","year":"2018","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref30:Dilithium2020","volume-title":"CRYSTALS\u2013Dilithium: Algorithm Specification and\n  Supporting Documentation (Version 3.1)","author":"Shi Bai","year":"2021"},{"key":"ref31:LS15","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","article-title":"Worst-case to average-case reductions for module lattices","volume":"75","author":"Adeline Langlois","year":"2015","journal-title":"Des. Codes Cryptogr."},{"key":"ref32:BJRW23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-022-09441-3","article-title":"On the Hardness of Module Learning with Errors with Short\n  Distributions","volume":"36","author":"Katharina Boudgoust","year":"2023","journal-title":"J. Cryptol."},{"key":"ref33:KLS18","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/978-3-319-78372-7_18","article-title":"A concrete treatment of Fiat-Shamir signatures in the\n  quantum random-oracle model","author":"Eike Kiltz","year":"2018"},{"key":"ref34:BitcoinTx","volume-title":"Bitcoin transactions","author":"Bitcoin Develepers"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,10,6]],"date-time":"2025-10-06T20:22:21Z","timestamp":1759782141000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/2\/3\/3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,6]]},"references-count":34,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,10,6]]}},"URL":"https:\/\/doi.org\/10.62056\/ak5wom2hd","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,6]]},"assertion":[{"value":"2025-04-04","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-09-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc2-2-23"}}