Enhancing Cold Wallet Security with Native Multi-Signature schemes in Centralized Exchanges

TL;DR

This paper introduces a native multi-signature protocol for cold wallets in centralized exchanges, enhancing security by eliminating single points of trust and enabling scalable user-involved wallet management.

Contribution

The paper proposes a novel multi-signature scheme that involves multiple devices and admins, preventing private key exposure and allowing scalable, user-involved cold wallet management.

Findings

Improves cold wallet security by decentralizing key control.

Ensures no private key is stored on any single device.

Demonstrates practical implementation and scalability of the method.

Abstract

Currently, one of the most widely used protocols to secure cryptocurrency assets in centralized exchanges is categorizing wallets into cold and hot. While cold wallets hold user deposits, hot} wallets are responsible for addressing withdrawal requests. However, this method has some shortcomings such as: 1) availability of private keys in at least one cold device, and~2) exposure of all private keys to one trusted cold wallet admin. To overcome such issues, we design a new protocol for managing cold wallet assets by employing native multi-signature schemes. The proposed cold wallet system, involves at least two distinct devices and their corresponding admins for both wallet creation and signature generation. The method ensures that no final private key is stored on any device. To this end, no individual authority can spend from exchange assets. Moreover, we provide details regarding practical implementation of the proposed method and compare it against state-of-the-art. Furthermore, we extend the application of the proposed method to an scalable scenario where users are directly involved in wallet generation and signing process of cold wallets in an MPC manner.