Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CrudiTEE: A Stick-and-Carrot Approach to Building Trustworthy Cryptocurrency Wallets with TEEs

Lulu Zhou, Zeyu Liu, Fan Zhang, Michael K. Reiter

TL;DR

CrudiTEE tackles the challenge of TEEs leaking signing keys by introducing an economic incentive framework that couples a stick (insurance and collateral penalties) with a carrot (bounty rewards) to deter side-channel attacks in cryptocurrency wallets. The design uses threshold signing across multiple TEEs, OAuth-based attestation for accountable authorization, and smart contracts to automate penalties and bounty payouts. A two-stage methodology models attacker behavior via an MDP, first with deterministic costs and then with non-deterministic costs, optimizing a reward function to minimize defender cost while deterring attacks across a range of attacker capabilities. The approach is practical, auditable, and extensible to related domains (e.g., CA), with performance considerations showing threshold-ECDSA signing can meet real-world requirements while maintaining strong security guarantees.

Abstract

Cryptocurrency introduces usability challenges by requiring users to manage signing keys. Popular signing key management services (e.g., custodial wallets), however, either introduce a trusted party or burden users with managing signing key shares, posing the same usability challenges. TEEs (Trusted Execution Environments) are a promising technology to avoid both, but practical implementations of TEEs suffer from various side-channel attacks that have proven hard to eliminate. This paper explores a new approach to side-channel mitigation through economic incentives for TEE-based cryptocurrency wallet solutions. By taking the cost and profit of side-channel attacks into consideration, we designed a Stick-and-Carrot-based cryptocurrency wallet, CrudiTEE, that leverages penalties (the stick) and rewards (the carrot) to disincentivize attackers from exfiltrating signing keys in the first place. We model the attacker's behavior using a Markov Decision Process (MDP) to evaluate the effectiveness of the bounty and enable the service provider to adjust the parameters of the bounty's reward function accordingly.

CrudiTEE: A Stick-and-Carrot Approach to Building Trustworthy Cryptocurrency Wallets with TEEs

TL;DR

CrudiTEE tackles the challenge of TEEs leaking signing keys by introducing an economic incentive framework that couples a stick (insurance and collateral penalties) with a carrot (bounty rewards) to deter side-channel attacks in cryptocurrency wallets. The design uses threshold signing across multiple TEEs, OAuth-based attestation for accountable authorization, and smart contracts to automate penalties and bounty payouts. A two-stage methodology models attacker behavior via an MDP, first with deterministic costs and then with non-deterministic costs, optimizing a reward function to minimize defender cost while deterring attacks across a range of attacker capabilities. The approach is practical, auditable, and extensible to related domains (e.g., CA), with performance considerations showing threshold-ECDSA signing can meet real-world requirements while maintaining strong security guarantees.

Abstract

Cryptocurrency introduces usability challenges by requiring users to manage signing keys. Popular signing key management services (e.g., custodial wallets), however, either introduce a trusted party or burden users with managing signing key shares, posing the same usability challenges. TEEs (Trusted Execution Environments) are a promising technology to avoid both, but practical implementations of TEEs suffer from various side-channel attacks that have proven hard to eliminate. This paper explores a new approach to side-channel mitigation through economic incentives for TEE-based cryptocurrency wallet solutions. By taking the cost and profit of side-channel attacks into consideration, we designed a Stick-and-Carrot-based cryptocurrency wallet, CrudiTEE, that leverages penalties (the stick) and rewards (the carrot) to disincentivize attackers from exfiltrating signing keys in the first place. We model the attacker's behavior using a Markov Decision Process (MDP) to evaluate the effectiveness of the bounty and enable the service provider to adjust the parameters of the bounty's reward function accordingly.
Paper Structure (56 sections, 4 equations, 5 figures, 2 tables, 4 algorithms)

This paper contains 56 sections, 4 equations, 5 figures, 2 tables, 4 algorithms.

Table of Contents

  1. Introduction
  2. CrudiTEE: The Cryptocurrency Wallet with Stick and Carrot
  3. The stick
  4. The carrot
  5. Related Work
  6. Cyber Bounty
  7. Side Channels
  8. TEE Side-channel Defense
  9. Existing Wallet Solutions
  10. Background and Preliminaries
  11. Trusted Execution Environments
  12. Smart Contracts
  13. OAuth
  14. Cryptographic Primitives
  15. Markov Decision Process
  16. ...and 41 more sections

Figures (5)

  • Figure 1: Registration and Transaction Signing Workflow
  • Figure 2: Insurance and bounty workflow
  • Figure 3: Example of reward function in simplified case.
  • Figure 4: f score for different reward functions. $\alpha_\mathsf{cap}= 0.8$. $\alpha_1 = \alpha_2 = 1/3$, $c_a = 0.4$, $p_s = 0.4$, $N = 3$, $\mathsf{v} = 6$. Optimal $\epsilon = 0.95$.
  • Figure 5: Signing request via $\mathsf{SC_{\text{avail}\space}}$.