Table of Contents
Fetching ...

"What I Sign Is Not What I See": Towards Explainable and Trustworthy Cryptocurrency Wallet Signatures

Yuyang Qin, Haihan Duan

TL;DR

The paper tackles the usability-security gap in cryptocurrency wallet signing by introducing the Signature Semantic Decoder (SSD), a middleware that reconstructs signing intent into plain-language explanations with contextual risk cues. Through two formative studies, a design phase, and a controlled main study with 128 participants, semantic transparency improves signing accuracy (e.g., 84.2% vs 67.9%), enhances perceived understanding and trust, and reduces cognitive workload. The SSD pipeline—Input, Processing, Output—transforms on-chain/off-chain payloads such as eth_sendTransaction, personal_sign, and eth_signTypedData into a coherent semantic frame that highlights intent and risk. The work establishes interpretive security as a design principle for more transparent wallets and outlines clear directions for extending interpretability to multi-chain and autonomous signing contexts.

Abstract

Cryptocurrency wallets have become the primary gateway to decentralized applications, yet users often face significant difficulty in discerning what a wallet signature actually does or entails. Prior work has mainly focused on mitigating protocol vulnerabilities, with limited attention to how users perceive and interpret what they are authorizing. To examine this usability-security gap, we conducted two formative studies investigating how users interpret authentic signing requests and what cues they rely on to assess risk. Findings reveal that users often misread critical parameters, underestimate high-risk signatures, and rely on superficial familiarity rather than understanding transaction intent. Building on these insights, we designed the Signature Semantic Decoder -- a prototype framework that reconstructs and visualizes the intent behind wallet signatures prior to confirmation. Through structured parsing and semantic labeling, it demonstrates how signing data can be transformed into plain-language explanations with contextual risk cues. In a between-subjects user study (N = 128), participants using the prototype achieved higher accuracy in identifying risky signatures, improved clarity and decision confidence, and lower cognitive workload compared with the baseline wallet interface. Our study reframes wallet signing as a problem of interpretability within secure interaction design and offers design implications for more transparent and trustworthy cryptocurrency wallet interfaces.

"What I Sign Is Not What I See": Towards Explainable and Trustworthy Cryptocurrency Wallet Signatures

TL;DR

The paper tackles the usability-security gap in cryptocurrency wallet signing by introducing the Signature Semantic Decoder (SSD), a middleware that reconstructs signing intent into plain-language explanations with contextual risk cues. Through two formative studies, a design phase, and a controlled main study with 128 participants, semantic transparency improves signing accuracy (e.g., 84.2% vs 67.9%), enhances perceived understanding and trust, and reduces cognitive workload. The SSD pipeline—Input, Processing, Output—transforms on-chain/off-chain payloads such as eth_sendTransaction, personal_sign, and eth_signTypedData into a coherent semantic frame that highlights intent and risk. The work establishes interpretive security as a design principle for more transparent wallets and outlines clear directions for extending interpretability to multi-chain and autonomous signing contexts.

Abstract

Cryptocurrency wallets have become the primary gateway to decentralized applications, yet users often face significant difficulty in discerning what a wallet signature actually does or entails. Prior work has mainly focused on mitigating protocol vulnerabilities, with limited attention to how users perceive and interpret what they are authorizing. To examine this usability-security gap, we conducted two formative studies investigating how users interpret authentic signing requests and what cues they rely on to assess risk. Findings reveal that users often misread critical parameters, underestimate high-risk signatures, and rely on superficial familiarity rather than understanding transaction intent. Building on these insights, we designed the Signature Semantic Decoder -- a prototype framework that reconstructs and visualizes the intent behind wallet signatures prior to confirmation. Through structured parsing and semantic labeling, it demonstrates how signing data can be transformed into plain-language explanations with contextual risk cues. In a between-subjects user study (N = 128), participants using the prototype achieved higher accuracy in identifying risky signatures, improved clarity and decision confidence, and lower cognitive workload compared with the baseline wallet interface. Our study reframes wallet signing as a problem of interpretability within secure interaction design and offers design implications for more transparent and trustworthy cryptocurrency wallet interfaces.
Paper Structure (28 sections, 9 figures, 6 tables)

This paper contains 28 sections, 9 figures, 6 tables.

Figures (9)

  • Figure 1: User attention distribution in signature requests.
  • Figure 2: Perceived difficulty of understanding different signature elements.
  • Figure 3: Semantic-enhanced Signature Interaction Framework.
  • Figure 4: Workflow of Signature Semantic Decoder.
  • Figure 5: MetaMask-based interface examples from the Signature Semantic Decoder
  • ...and 4 more figures