Wallet and Key Management

General Wallet Architecture

A cryptocurrency wallet consists of four main components:
1. Network Node: Communicates with the peer-to-peer network, validates consensus
rules, and relays transactions and blocks.
● Nodes offer APIs to request the state of the blockchain, such as the content
of a block or the current fee levels.
● Fully validating nodes (full nodes) locally validate the full set of consensus
rules and filter out inconsistent requests from the network.
2. Indexer: Reorganizes and curates transaction data for specific wallets, making it
easier to retrieve relevant information.
● Indexers dynamically filter and restructure information extracted from a node
to build a context-specific dataset adapted to querying.
● They maintain information required for transaction building, such as the
UTXO set for Bitcoin-like protocols or the state tries for Ethereum-like coins.
● Compromised indexers may tamper with transaction data to counterfeit
account entries or hide double-spend attempts.
3. Wallet Application: Provides a user interface for interacting with the wallet and
enforces operational best practices.
● Wallet applications expose balance, transaction history, and transaction
status to users and provide tools for transaction creation, authorization, and
broadcasting.
● They are responsible for enforcing operational best practices, such as
transaction approval workflows, fee recommendations, and confirmation
thresholds.
4. Key Store: Securely stores and manages secret keys, often using hardware security
modules (HSMs) for enhanced protection.
● Key stores may use simple data storage (e.g., file systems, databases) or
purpose-built hardware with electronic protections (e.g., HSMs).
● HSMs are core security components that manage, safeguard, and process
users' keys to use and store digital certificates and provide public key
encryption services.

Deterministic Keys
Deterministic keys are derived from a single master key, allowing for the creation of
multiple keys for different purposes.
● Need for Multiple Keys:

● Mathematical: Different protocols may require different key formats (e.g.,

secp256k1 for Bitcoin, ed25519 for other chains).
● Privacy: Using the same key across multiple contexts can compromise
privacy, as the correlation between accounts is evident to external observers.
 ●Operational: Segregating funds and managing access control for various
purposes (e.g., separating cold storage from hot wallets).
● Hierarchical Deterministic (HD) Key Derivation (BIP 32):

● BIP32 defines a protocol to generate a virtually unlimited number of keys

based on a single secret seed.
● The seed is used as an initial parent key to derive new child keys, which can
be further derived in a tree structure.
● Hardened Derivation: Deriving child secret keys from parent secret keys,
providing better security.
● Non-Hardened Derivation: Deriving child public keys from parent public keys,
enabling watch-only wallets.
● The chain code characterizes the key derivation at the node level,
determining how new keys are derived.

Mnemonic Seeds (BIP 39)

Mnemonic seeds are a human-readable way to represent a random number used to
generate a deterministic wallet.
● Encoding Process:
1. Generate Entropy: Create a large random number (128-256 bits) as the
source of randomness.
2. Convert Entropy to Mnemonics: Add a checksum, split the entropy into 11-bit
chunks, and map them to words from the BIP39 wordlist.
3. Convert Mnemonics to Seed: Apply the PBKDF2 function with the mnemonic
sentence and an optional passphrase to create a 512-bit seed.
● BIP39 Wordlist: A standardized list of 2,048 words used for creating mnemonic
sentences, with properties like smart selection, avoidance of similar words, and
sorted order.
● Mnemonic Sentence Length: Typically between 12 to 24 words, making it easier for
humans to store and remember.

HD Wallets
HD (hierarchical deterministic ) wallets use a single seed to generate a hierarchical tree of
keys, simplifying backup and recovery.
● Key Generation: The seed is used to derive a master private key, which can generate
billions of child private and public keys.
● Backup: Only the seed needs to be backed up, as all keys can be derived from it
deterministically.
● Master Keys: The master private key has a corresponding master public key,
enabling watch-only wallets and generating new addresses without exposing private
keys.
 ● Example: A mnemonic sentence like "glow laugh acquire menu anchor evil occur put
hover renew calm purpose" can be used to generate a seed and derive keys and
addresses.

Key Isolation
Key isolation refers to the practice of storing keys in different environments based on their
intended use and the required level of security.
● Security Ingredients:

The protection of its keys: Ensuring the confidentiality and integrity of private
●
keys.
● The protection of its transaction signature process: Guarding against
unauthorized access to the signing interface.
● Hot and Cold Storage:

●Hot Wallet: Keys are stored on network-connected devices, providing lower

security but higher availability for frequent transactions.
● Cold Wallet: Keys are stored offline, offering higher security but lower
availability, suitable for long-term storage of large amounts.
● Exchanges typically store 90% or more of their assets in cold storage, with the
rest in hot wallets for client withdrawals.
● Example: The Binance hack in 2019 affected mostly hot wallets, resulting in the theft
of more than 7,000 BTC (2% of Binance's holdings at the time).

Mnemonic Seeds 作为一种记忆种子的方案,供 Deterministic Keys 生成密钥,进而由 HD

Wallets 进行组织管理,并通过 Key Isolation 在使用中对密钥进行隔离。它们共同服务于
数字货币钱包的安全、便利和灵活性。

Information Security risk management defines risk: Risk = f(Threat, Vulnerability,

Consequences)
For a financial institution, threat level is high due to cybercrime, hacktivism, proxy
organisation, and surveillance of communication; dependence on highly interconnected
network implies high vulnerabilities; and the dematerialized activity means that
cyberattacks lead to big consequences; Kopp et al. (2017). Distributed ledger technologies
(DLTs) and cryptocurrency service providers arguably are even more critical targets. The
aggregate value of the cryptocurrency market being in the hundreds of billions at the time
of writing, and its networks being fully available publicly, it is one of the biggest honey pots
of the Internet. Its security foundations should be solid enough to sustain constant attacks
on its infrastructure, its accounting ledger, and its users — attacks designed with the spe-
cific intent to steal funds, disrupt the service availability, or generate panic as a market
manipulation technique or as an end-goal in itself. Although the Bitcoin network and the
other major cryptocurrencies have been generally resilient to protocol-level attacks, there
have been many extraordinary thefts since 2009, including some of the most prominent
exchanges such as Mt Gox, Bitstamp, Bitfinex, or Binance.
 ——考点分割线——
此段以下内容仅会在 quiz 3 出现，不会在 test 中出现

Central Bank Digital Currencies (CBDCs)

Introduction to CBDCs
● CBDCs are digital currencies issued by the central bank of a country

● They are designed to allow central banks more oversight into the financial system
Comparison of CBDCs, Cash, and Other Digital Currencies
● CBDCs and cash are both issued and guaranteed by the central bank

● CBDCs require Know Your Customer (KYC) information, while cash does not
● CBDCs can be centralized or partially decentralized, while cash is centralized
● CBDCs and cash have low market risk compared to other private digital currencies
Key Drivers for Governments to Issue CBDCs
1. Need to bring central banks back to the center of currency creation and trust
2. Desire to control the monetary system and provide an alternative to
cryptocurrencies
3. Potential for increased efficiency and reduced transaction costs
4. Improvement of financial access and inclusion
5. Enhancement of monetary and fiscal policy
Snapshot of CBDC Development Around the World
● Countries like the Bahamas, Eastern Caribbean, and Cambodia have already
implemented CBDCs
● Many countries, such as Singapore, Australia, India, South Africa, and the US, are in
the pilot stage
● China is at the forefront of CBDC development with its digital yuan (e-CNY)

● Smaller countries may adopt CBDCs faster due to simpler systems and the need for
financial inclusion
● Nigeria's adoption of CBDCs aims to protect citizens from criminals and track
transactions
Regulatory Considerations for CBDCs
● Technology: token-based (direct wallet with central bank) or account-based
(intermediaries involved)
● Operational models: retail CBDCs (for individual customers) and wholesale CBDCs
(for interbank transfers)
● Interest-bearing CBDCs: potential competition with cash and impact on monetary
policy
 ● Data privacy concerns: CBDCs may allow governments to trace every transaction
● International cooperation: sharing of CBDC data among countries to combat money
laundering

Stablecoins and Digital Trade Coins

Stablecoins
● Cryptocurrencies pegged to a stable asset, such as fiat currency or gold

● Purpose: provide a stable digital currency option for crypto transactions and hedging
● Backed by private entities, with the backing asset's value determining the
stablecoin's value
● Main problem: lack of transparency regarding the backing assets and their
management
Stablecoin Creation Methods
1. Fiat-collateralized: backed by fiat currency (e.g., USDC, USDT)
2. Commodity-collateralized: backed by commodities like gold
3. Algorithmic: value maintained through algorithms and smart contracts (e.g., Terra
and Luna)
Collapse of Luna and Terra Stablecoin
● Terra (stablecoin) and Luna (token) used an algorithmic approach to maintain Terra's
peg to the US dollar
● When the market value of Terra deviated from $1, the algorithm would create or
burn Luna to adjust the supply and maintain the peg
● In 2022, a sudden sell-off of Terra led to a sharp increase in Luna's supply, causing its
value to plummet to zero within days
● The collapse highlighted the risks associated with algorithmic stablecoins
Digital Trade Coins
● Used by private companies or trade organizations for specific purposes (e.g., oil
trading, commercial banking)
● Examples: Fnality (for commercial banks) and Blockchain Trade Coin (for oil trading)