Easwar Vivek Mangipudi
ABSTRACT
Cryptocurrency users saw a sharp increase in different types of crypto wallets in the past decade. However, the emerging multi-device wallets, even with improved security guarantees over their single-device counterparts, are yet to receive proportionate adoption. This work presents a data-driven investigation into the perceptions of users towards multi-device wallets, using a survey of 357 crypto-wallet users. Our results revealed two significant groups among our participants-Newbies and Non-newbies. Our follow-up qualitative analysis, after educating, revealed a gap between the mental model for these participants and actual security guarantees. Furthermore, we investigated preferred default settings for crypto-wallets across our participants over different key-share distribution settings of multi-device wallets-the threat model considerations affected user preferences, signifying a need for contextualizing default settings. We identified concrete, actionable design avenues for future multi-device wallet developers to improve adoption.
- Binance. http://binance.com.Google Scholar
- Bitgo. https://www.bitgo.com/.Google Scholar
- Coin ranking - binance exchange. https://coinranking.com/exchange/- zdvbieRdZ%2Bbinance.Google Scholar
- Coinbase. http://coinbase.com.Google Scholar
- Coinbase revenue and usage statistics (2021). https://www.businessofapps.com/ data/coinbase-statistics/.Google Scholar
- Cryptocurrency wallets. https://www.gemini.com/cryptopedia/topic/ cryptocurrency-wallets.Google Scholar
- Educational attainment in the united states: 2020. https://www.census.gov/data/ tables/2020/demo/educational-attainment/cps-detailed-tables.html.Google Scholar
- Fortune - nearly 4 million bitcoins lost forever. https://fortune.com/2017/11/25/ lost-bitcoins/.Google Scholar
- Hackers move 760 million from the 2016 bitfinex hack. https://therecord.media/ hackers-move-760-million-from-the-2016-bitfinex-hack/.Google Scholar
- Holistic privacy and usability of a cryptocurrency wallet. https://arxiv.org/pdf/ 2105.02793.pdf/.Google Scholar
- Metamask wallet. https://metamask.io/.Google Scholar
- Nist- projects - multi-party threshold cryptography. https://csrc.nist.gov/ Projects/threshold-cryptography.Google Scholar
- Prolific participants. https://www.prolific.co/#check-sample.Google Scholar
- Refresh when you wake up: Proactive threshold wallets with offline devices. https://arpa.medium.com/threshold-signature-explained-brining- exciting-apps-with-tss-8a75b43e19bf.Google Scholar
- Robinhood crypto. https://robinhood.com/us/en/about/crypto/.Google Scholar
- Torus wallet. https://tor.us.Google Scholar
- Why threshold signature wallets are better than multisig: Top 5 rea- sons. https://sepior.com/blog/top-5-reasons-threshold-signature-wallets-are- better-than-multisig.Google Scholar
- Zengo wallet. https://zengo.com.Google Scholar
- Smooth tests of goodness of fit: An overview. International Statistical Review / Revue Internationale de Statistique 58, 1 (1990), 9--17.Google Scholar
- Poloniex loses 12.3pc of its bitcoins in latest bitcoin exchange hack. https://www.coindesk.com/markets/2014/03/05/poloniex-loses-123-of- its-bitcoins-in-latest-bitcoin-exchange-hack/, 2014.Google Scholar
- Details of $5 million bitstamp hack revealed. https://www.coindesk.com/markets/ 2015/07/01/details-of-5-million-bitstamp-hack-revealed/, 2015.Google Scholar
- Chinese bitcoin exchange okex hacked for $3 mln, police not inter- ested. https://cointelegraph.com/news/chinese-bitcoin-exchange-okex-hacked- for-3-mln-police-not-interested, 2017.Google Scholar
- Multisig wallets explained. https://medium.com/block-journal/multi-sig-wallets- explained-5544c122a1de, 2019.Google Scholar
- Attacking threshold wallet. https://eprint.iacr.org/2020/1052.pdf, 2020.Google Scholar
- A comprehensive list of cryptocurrency exchange hacks. https://selfkey.org/list- of-cryptocurrency-exchange-hacks/, 2020.Google Scholar
- Sok: A taxonomy of cryptocurrency wallets. https://eprint.iacr.org/2020/868.pdf, 2020.Google Scholar
- Bitcoin price history. https://www.investopedia.com/articles/forex/121815/ bitcoins-price-history.asp, 2021.Google Scholar
- The complete list of crypto exchange hacks. https://www.hedgewithcrypto.com/ cryptocurrency-exchange-hacks/, 2021.Google Scholar
- Crypto: A new asset class. https://www.goldmansachs.com/insights/pages/ crypto-a-new-asset-class-f/report.pdf, 2021.Google Scholar
- Custodial vs. non-custodial wallets. https://www.gemini.com/cryptopedia/ crypto-wallets-custodial-vs-noncustodial, 2021.Google Scholar
- Multisig wallet security. https://medium.com/the-capital/multisig-wallet- security-e2a1dee95cc0, 2021.Google Scholar
- Total cryptocurrency market cap, 2021. https://coinmarketcap.com/charts/, 2021.Google Scholar
- Abramova, S., Voskobojnikov, A., Beznosov, K., and Böhme, R. Bits under the mattress: Understanding different risk perceptions and security behaviors of crypto-asset users. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (2021), pp. 1--19.Google ScholarDigital Library
- Albakry, S., Vaniea, K., and Wolters, M. K. What is this url's destination? em- pirical evaluation of users' url reading. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2020), CHI '20, Association for Computing Machinery, p. 1--12.Google Scholar
- Arapinis, M., Gkaniatsou, A., Karakostas, D., and Kiayias, A. A formal treatment of hardware wallets. In Financial Cryptography and Data Security (Cham, 2019), I. Goldberg and T. Moore, Eds., Springer International Publishing, pp. 426--445.Google ScholarDigital Library
- Atzei, N., Bartoletti, M., Lande, S., and Zunino, R. A formal model of bitcoin transactions. In Financial Cryptography and Data Security (Berlin, Heidelberg, 2018), S. Meiklejohn and K. Sako, Eds., Springer Berlin Heidelberg, pp. 541--560.Google ScholarDigital Library
- Barber, S., Boyen, X., Shi, E., and Uzun, E. Bitter to better - how to make bitcoin a better currency. In Financial Cryptography and Data Security (Berlin, Heidelberg, 2012), A. D. Keromytis, Ed., Springer Berlin Heidelberg, pp. 399--414.Google ScholarCross Ref
- Beimel, A. Secret-sharing schemes: A survey. In International conference on coding and cryptology (2011), Springer, pp. 11--46.Google ScholarCross Ref
- Bellare, M., and Neven, G. Identity-based multi-signatures from rsa. In Cryptographers' Track at the RSA Conference (2007), Springer, pp. 145--162.Google Scholar
- Bellman, S., Johnson, E. J., and Lohse, G. L. On site: to opt-in or opt-out? it depends on the question. Communications of the ACM 44, 2 (2001), 25--27.Google ScholarDigital Library
- Bleumer, G. Threshold Signature. Springer US, Boston, MA, 2005, pp. 611--614.Google Scholar
- Boneh, D., and Komlo, C. Threshold signatures with private accountability. In Advances in Cryptology-CRYPTO (2022), Y. Dodis and T. Shrimpton, Eds., pp. 551--581.Google ScholarDigital Library
- Boneh, D., Partap, A., and Rotem, L. Accountable threshold signatures with proactive refresh. IACR Cryptol. ePrint Arch. (2022).Google Scholar
- Bui, T., Rao, S. P., Antikainen, M., and Aura, T. Pitfalls of open architecture: How friends can exploit your cryptocurrency wallet. In Proceedings of the 12th European Workshop on Systems Security (2019), pp. 1--6.Google ScholarDigital Library
- Dai, W., Deng, J., Wang, Q., Cui, C., Zou, D., and Jin, H. Sblwt: A secure blockchain lightweight wallet based on trustzone. IEEE Access 6 (2018), 40638-- 40648.Google ScholarCross Ref
- Das, P., Faust, S., and Loss, J. A formal treatment of deterministic wallets. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communica- tions Security (New York, NY, USA, 2019), CCS '19, Association for Computing Machinery, p. 651--668.Google Scholar
- Department of the Prime Minister and Cabinet, Australian Government. Harnessing the power of defaults. https://behaviouraleconomics.pmc.gov.au/ sites/default/files/resources/harnessing-power-defaults.pdf.Google Scholar
- Desmedt, Y. Threshold Cryptography. Springer US, Boston, MA, 2011, pp. 1288-- 1293.Google Scholar
- di Prisco, D., and Strangio, D. Technology and financial inclusion: a case study to evaluate potential and limitations of blockchain in emerging countries. Technology Analysis & Strategic Management 0, 0 (2021), 1--14.Google Scholar
- Doerner, J., Kondi, Y., Lee, E., and Shelat, A. Threshold ecdsa from ecdsa assumptions: The multiparty case. In 2019 IEEE Symposium on Security and Privacy (SP) (2019), pp. 1051--1066.Google ScholarCross Ref
- Drijvers, M., Edalatnejad, K., Ford, B., Kiltz, E., Loss, J., Neven, G., and Stepanovs, I. On the security of two-round multi-signatures. In 2019 IEEE Symposium on Security and Privacy (SP) (2019), pp. 1084--1101.Google ScholarCross Ref
- Du, W., and Atallah, M. J. Secure multi-party computation problems and their applications: a review and open problems. In Proceedings of the 2001 workshop on New security paradigms (2001), pp. 13--22.Google ScholarDigital Library
- Eskandari, S., Clark, J., Barrera, D., and Stobert, E. A first look at the usability of bitcoin key management. arXiv preprint arXiv:1802.04351 (2018).Google Scholar
- Eyal, I. On cryptocurrency wallet design. In Tokenomics 2021 (2021), vol. 97, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, pp. 4:1--4:16.Google Scholar
- Fröhlich, M., Gutjahr, F., and Alt, F. Don't Lose Your Coin! Investigating Security Practices of Cryptocurrency Users. Association for Computing Machinery, New York, NY, USA, 2020, p. 1751--1763.Google Scholar
- Fröhlich, M., Hulm, P., and Alt, F. Under pressure. a user-centered threat model for cryptocurrency owners.Google Scholar
- G, M. Coinjoin: Bitcoin privacy for the real world.Google Scholar
- G, M. Coinswap: transaction graph disjoint trustless trading.Google Scholar
- Gao, X., Clark, G. D., and Lindqvist, J. Of Two Minds, Multiple Addresses, and One Ledger: Characterizing Opinions, Knowledge, and Perceptions of Bitcoin Across Users and Non-Users. Association for Computing Machinery, New York, NY, USA, 2016, p. 1656--1668.Google Scholar
- Garfinkel, S. L., and Miller, R. C. Johnny 2: A user test of key continuity management with s/mime and outlook express. In Proceedings of the 2005 Sym- posium on Usable Privacy and Security (New York, NY, USA, 2005), SOUPS '05, Association for Computing Machinery, p. 13--24.Google ScholarDigital Library
- Gaw, S., Felten, E. W., and Fernandez-Kelly, P. Secrecy, flagging, and paranoia: Adoption criteria in encrypted email. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2006), CHI '06, Association for Computing Machinery, p. 591--600.Google ScholarDigital Library
- Gennaro, R., and Goldfeder, S. Fast multiparty threshold ecdsa with fast trustless setup. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (2018), pp. 1179--1194.Google ScholarDigital Library
- Gennaro, R., Goldfeder, S., and Narayanan, A. Threshold-optimal dsa/ecdsa signatures and an application to bitcoin wallet security. In International Confer- ence on Applied Cryptography and Network Security (2016), Springer, pp. 156--174.Google ScholarCross Ref
- Gero, K. I., Ashktorab, Z., Dugan, C., Pan, Q., Johnson, J., Geyer, W., Ruiz, M., Miller, S., Millen, D. R., Campbell, M., Kumaravel, S., and Zhang, W. Mental models of ai agents in a cooperative game setting. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (2020), CHI '20, p. 1--12.Google Scholar
- Ghesmati, S., Fdhila, W., and Weippl, E. User-perceived privacy in blockchain. Cryptology ePrint Archive (2022).Google Scholar
- Ghorbani Lyastani, S., Schilling, M., Neumayr, M., Backes, M., and Bugiel, S. Is fido2 the kingslayer of user authentication? a comparative usability study of fido2 passwordless authentication. In 2020 IEEE Symposium on Security and Privacy (SP) (2020), pp. 268--285.Google ScholarCross Ref
- Glomann, L., Schmid, M., and Kitajewa, N. Improving the blockchain user experience - an approach to address blockchain mass adoption issues from a human-centred perspective. In Advances in Artificial Intelligence, Software and Systems Engineering (Cham, 2020), T. Ahram, Ed., Springer International Publish- ing, pp. 608--616.Google Scholar
- He, X., Lin, J., Li, K., and Chen, X. A novel cryptocurrency wallet management scheme based on decentralized multi-constrained derangement. IEEE Access 7 (2019), 185250--185263.Google ScholarCross Ref
- Hellman, M. E. An overview of public key cryptography. IEEE Communications Magazine 40, 5 (2002), 42--49.Google ScholarDigital Library
- Hitlin, P. Turkers in this canvassing: young, well-educated and frequent users. In Research in the Crowdsourcing Age, a Case Study (2016).Google Scholar
- Johnson, D., Menezes, A., and Vanstone, S. The elliptic curve digital signature algorithm (ecdsa). International journal of information security 1, 1 (2001), 36--63.Google ScholarDigital Library
- Kesan, J. P., and Shah, R. C. Setting software defaults: Perspectives from law, computer science and behavioral economics. Notre Dame L. Rev. 82 (2006), 583.Google Scholar
- Kim, S., Sarin, A., and Virdi, D. Crypto-assets unencrypted. Journal of Investment Management, Forthcoming (2018).Google Scholar
- Krombholz, K., Judmayer, A., Gusenbauer, M., and Weippl, E. The other side of the coin: User experiences with bitcoin security and privacy. In Financial Cryptography and Data Security (Berlin, Heidelberg, 2017), J. Grossklags and B. Preneel, Eds., Springer Berlin Heidelberg, pp. 555--580.Google ScholarCross Ref
- Kulesza, T., Stumpf, S., Burnett, M., and Kwan, I. Tell me more? the effects of mental model soundness on personalizing an intelligent agent. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2012), CHI '12, p. 1--10.Google ScholarDigital Library
- Lin, J., Amini, S., Hong, J. I., Sadeh, N., Lindqvist, J., and Zhang, J. Expecta- tion and purpose: Understanding users' mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing (2012), UbiComp '12, p. 501--510.Google ScholarDigital Library
- Lindell, Y., and Nof, A. Fast secure multiparty ecdsa with practical distributed key generation and applications to cryptocurrency custody. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (New York, NY, USA, 2018), CCS '18, Association for Computing Machinery, p. 1837--1854.Google Scholar
- MacFarland, T. W., and Yates, J. M. Mann--Whitney U Test. Springer Interna- tional Publishing, Cham, 2016, pp. 103--132.Google Scholar
- Mai, A., Pfeffer, K., Gusenbauer, M., Weippl, E., and Krombholz, K. User mental models of cryptocurrency systems - a grounded theory approach. In SOUPS @ USENIX Security Symposium (2020).Google Scholar
- Mangipudi, E. V., Desai, U., Minaei, M., Mondal, M., and Kate, A. Uncovering impact of mental models towards adoption of multi-device crypto-wallets. Cryp- tology ePrint Archive, Paper 2022/075, 2022. https://eprint.iacr.org/2022/075.Google Scholar
- Marcedone, A., Pass, R., and Shelat, A. Minimizing trust in hardware wallets with two factor signatures. In Financial Cryptography and Data Security (Cham, 2019), I. Goldberg and T. Moore, Eds., Springer International Publishing, pp. 407-- 425.Google ScholarDigital Library
- McHugh, M. L. Interrater reliability: the kappa statistic. Biochemia medica 22, 3 (2012), 276--282.Google Scholar
- Owens, K., Anise, O., Krauss, A., and Ur, B. User perceptions of the usability and security of smartphones as {FIDO2} roaming authenticators. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021) (2021), pp. 57--76.Google Scholar
- Plackett, R. L. Karl pearson and the chi-squared test. International Statistical Review / Revue Internationale de Statistique 51, 1 (1983), 59--72.Google ScholarCross Ref
- Ramokapane, K. M., Mazeli, A. C., and Rashid, A. Skip, skip, skip, accept!!!: A study on the usability of smartphone manufacturer provided default features and user privacy. Proceedings on Privacy Enhancing Technologies 2019, 2 (2019), 209--227.Google ScholarCross Ref
- Redmiles, E. M., Kross, S., and Mazurek, M. L. How well do my results gen- eralize? comparing security and privacy survey results from mturk, web, and telephone samples. In 2019 IEEE Symposium on Security and Privacy (SP) (2019), pp. 1326--1343.Google ScholarCross Ref
- Rezaeighaleh, H., and Zou, C. C. Deterministic sub-wallet for cryptocurrencies. In 2019 IEEE International Conference on Blockchain (Blockchain) (2019), pp. 419-- 424.Google ScholarCross Ref
- Ruffing, T., and Moreno-Sanchez, P. Valueshuffle: Mixing confidential trans- actions for comprehensive transaction privacy in bitcoin. In Financial Cryptog- raphy and Data Security (2017).Google ScholarCross Ref
Index Terms
- Uncovering Impact of Mental Models towards Adoption of Multi-device Crypto-Wallets
Recommendations
User perception of Bitcoin usability and security across novice users
Highlights- Users perceived the usability of credit/debit cards higher than Bitcoin.
- Low ...
AbstractThis paper investigates users’ perceptions and experiences of an anonymous digital payment system (Bitcoin) and its influence on users in terms of usability and security in comparison to other non-anonymous payment systems such as ...
Cracking Bitcoin wallets: I want what you have in the wallets
AbstractBitcoin is increasingly popular, which is partly evidenced by the significant increase in its value in recent years. This increase in popularity and value has led to malicious actors stealing, or attempting to steal, Bitcoin wallet ...
Highlights- Cracking bitcoin wallets: Multibit HD and Electrum.
- Password exploits and a ...
Security Evaluation of Smart Contract-Based On-chain Ethereum Wallets
Network and System SecurityAbstractEthereum is a leading blockchain platform that supports decentralised applications (Dapps) using smart contract programs. It executes cryptocurrency transactions between user accounts or smart contract accounts. Wallets are utilised to integrate ...
Comments