SoK: Cryptocurrency Wallets -- A Security Review and Classification based on Authentication Factors

TL;DR

The paper addresses how cryptocurrency wallets authenticate users and authorize transactions by distinguishing blockchain-verified factors from locally verified factors. It proposes a formal classification framework based on two notions: $k$-factor authentication against the blockchain and $k$-factor authentication against the authentication factors, extended to threshold-signature and centralized-service settings. It applies the framework to a wide range of wallet types—from local-key storage and password-derived wallets to hardware wallets, multi-signature schemes, and state-aware smart contracts—providing a uniform lens to compare security and key-management properties. The results illuminate trade-offs between usability, resilience to malware and theft, and dependence on trusted third parties, informing both wallet design and security assessments.

Abstract

In this work, we review existing cryptocurrency wallet solutions with regard to authentication methods and factors from the user's point of view. In particular, we distinguish between authentication factors that are verified against the blockchain and the ones verified locally (or against a centralized party). With this in mind, we define notions for $k-factor$ authentication against the blockchain and $k-factor$ authentication against the authentication factors. Based on these notions, we propose a classification of authentication schemes. We extend our classification to accommodate the threshold signatures and signing transactions by centralized parties (such as exchanges or co-signing services). Finally, we apply our classification to existing wallet solutions, which we compare based on various security and key-management features.