"What I Sign Is Not What I See": Towards Explainable and Trustworthy Cryptocurrency Wallet Signatures

TL;DR

This paper investigates how users interpret cryptocurrency wallet signatures, revealing misunderstandings and proposing a semantic decoder to improve interpretability, leading to better risk assessment and decision confidence.

Contribution

It introduces the Signature Semantic Decoder, a framework that visualizes wallet signatures in plain language, enhancing interpretability and trustworthiness in cryptocurrency wallets.

Findings

Users often misread signature parameters

The prototype improved risk identification accuracy

Participants reported higher confidence and lower workload

Abstract

Cryptocurrency wallets have become the primary gateway to decentralized applications, yet users often face significant difficulty in discerning what a wallet signature actually does or entails. Prior work has mainly focused on mitigating protocol vulnerabilities, with limited attention to how users perceive and interpret what they are authorizing. To examine this usability-security gap, we conducted two formative studies investigating how users interpret authentic signing requests and what cues they rely on to assess risk. Findings reveal that users often misread critical parameters, underestimate high-risk signatures, and rely on superficial familiarity rather than understanding transaction intent. Building on these insights, we designed the Signature Semantic Decoder -- a prototype framework that reconstructs and visualizes the intent behind wallet signatures prior to confirmation. Through structured parsing and semantic labeling, it demonstrates how signing data can be transformed into plain-language explanations with contextual risk cues. In a between-subjects user study (N = 128), participants using the prototype achieved higher accuracy in identifying risky signatures, improved clarity and decision confidence, and lower cognitive workload compared with the baseline wallet interface. Our study reframes wallet signing as a problem of interpretability within secure interaction design and offers design implications for more transparent and trustworthy cryptocurrency wallet interfaces.