KeyShield: Leakage-and-Loss-Resilient Private Key Protection for Web3

Authors

  • Ziyang Ji School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China
  • Jie Zhang School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China
  • Yuji Dong School of Internet of Things, Xi’an Jiaotong-Liverpool University, Suzhou, China
  • Ka Lok Man School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China
  • Steven Guan School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China
  • Mucheol Kim School of Computer Science and Engineering, Chung-Ang University, South Korea

DOI:

https://doi.org/10.13052/jwe1540-9589.2515

Keywords:

Crypto wallet, key management, threshold cryptography, proxy re-encryption, Web3

Abstract

Effective management of private keys is crucial to ensure the security and ownership of users’ data and digital assets in the Web3 environment. However, existing solutions often fail to adequately address private key management from the user’s perspective. Private key leakage and loss incidents occur frequently, resulting in significant losses of digital assets. Moreover, the conventional approach of revoking both the private and public keys after a leakage or loss accident is inconvenient in Web3, where the public key serves as the user’s wallet address or digital identity.

To tackle the issue of user-side private key management in Web3, this paper presents KeyShield which is a leakage-and-loss-resilient private key protection scheme. KeyShield divides the user’s private key into three shares, securely stored across a primary device and a secondary device owned by the user, and a third storage module owned by the user or a semi-trusted service provider. For daily use of the private key, the user only needs to connect the primary and secondary devices. In the event of a leakage or loss, such as device theft or attack, an update process will be triggered to update the three shares, immediately invalidating the leaked or lost share while causing no changes to the public key. As a demonstration of KeyShield, we developed KeyShieldECC accessible on both Android and iOS platforms for managing Elliptic Curve Cryptography (ECC) private keys. The testing results show that for a 256-bit ECC private key, the daily use only needs 0.05 seconds and update needs 0.25 to 0.3 seconds on an ordinary smart phone.

Downloads

Download data is not yet available.

Author Biographies

Ziyang Ji, School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China

Ziyang Ji received his M.S. degree from Xi’an Jiaotong-Liverpool University in 2020. He is currently working towards the Ph.D. degree from the University of Liverpool. His research interests include cryptography and blockchain.

Jie Zhang, School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China

Jie Zhang received her Ph.D. degree from the University of Liverpool in 2018. She is now an Associate Professor at Xi’an Jiaotong-Liverpool University. Her research interests include cryptography and cyberspace security.

Yuji Dong, School of Internet of Things, Xi’an Jiaotong-Liverpool University, Suzhou, China

Yuji Dong received his B.Eng. in Electronic Science and Technology in 2011 from XJTLU, China, M.Sc. in Advanced Computer Science in 2012 and Ph.D. in Computer Science in 2018 from the University of Liverpool. He is currently working as an Assistant Professor at School of Internet of Things, Xi’an Jiaotong Liverpool University. His research interests primarily focus on the ecological construction of Internet of Things (IoT) systems from software engineering perspective including multiple technologies such as blockchain, human-computer interaction, reinforcement learning, and multi-agent collaboration.

Ka Lok Man, School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China

Ka Lok Man received the Dr. Eng. degree in electronic engineering from the Politecnico di Torino, Turin, Italy, in 1998, and the Ph.D. degree in computer science from Technische Universiteit Eindhoven, Eindhoven, The Netherlands, in 2006. He is currently a Professor at Xi’an Jiaotong-Liverpool University, Suzhou, China. His research interests include formal methods and process algebras, embedded system design and testing, AI, and photovoltaics.

Steven Guan, School of Advanced Technology, Xi’an Jiaotong-Liverpool University, Suzhou, China

Steven Guan received his BSc. from Tsinghua University and M.Sc. & Ph.D. from the University of North Carolina at Chapel Hill. He is currently a Professor at Xi’an Jiaotong-Liverpool University (XJTLU). He served the head of department position at XJTLU for 4.5 years, creating the department from scratch and now in shape. Before joining XJTLU, he was a tenured professor and chair in intelligent systems at Brunel University, UK. Prof. Guan’s research interests include: machine learning, computational intelligence, big data analytics, mobile commerce, modeling, networking, personalization, security, coding theory, and pseudorandom number generation.

Mucheol Kim, School of Computer Science and Engineering, Chung-Ang University, South Korea

Mucheol Kim is a professor in the School of Computer Science and Engineering at Chung-Ang University. He received the BS, MS, Ph.D. degrees from the school of Computer Science and Engineering at ChungAng University, Seoul, Korea in 2005, 2007 and ’2012, respectively. He was an assistant professor in a department of computer & software engineering at Wonkwang University (2017-2018). In 2014-2016, he was an assistant professor of Department of Media Software at Sungkyul University, Korea. In 2011-2014, he had been working as a Senior Researcher in Korea Institute of Science and Technology Information (KISTI), Daejeon, Korea. His research interests include Graph Neural Networks, Information Retrieval, Web Technology, Social Networks, Disaster Management and Language Models.

References

Z. Liu, Y. Xiang, J. Shi, P. Gao, H. Wang, X. Xiao, B. Wen, Q. Li, and Y.-C. Hu, “Make web3.0 connected,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 5, pp. 2965–2981, 2022.

Q. Wang, R. Li, Q. Wang, and S. Chen, “Non-fungible token (nft): Overview, evaluation, opportunities and challenges,” arXiv preprint arXiv:2105.07447, 2021.

W. Li, J. Bu, X. Li, and X. Chen, “Security analysis of defi: Vulnerabilities, attacks and advances,” in 2022 IEEE International Conference on Blockchain (Blockchain), pp. 488–493, 2022.

hackernoon, “Harmony’s horizon bridge attack: How $100m was siphoned off by a hacker,” https://hackernoon.com/harmonys-horizon-bridge-attack-how-dollar100m-was-siphoned-by-a-hacker, 2022.

CloudSEK, “How leaked twitter api keys can be used to build a bot army,” https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/, 2022.

“Bitcoin core,” https://bitcoin.org/en/bitcoin-core/, 2025.

“Metamask,” https://metamask.io, 2025.

“Cryptonator,” https://www.cryptonator.com, 2025.

“Keepkey,” https://shapeshift.com/keepkey, 2025.

“Onekey,” https://www.onekey.so, 2025.

“Coinbase exchange: Institutional trading platform,” https://exchange.coinbase.com, 2025.

“Gatehub,” https://gatehub.net, 2025.

G. Li and L. You, “A consortium blockchain wallet scheme based on dual-threshold key sharing,” Symmetry, vol. 13, no. 8, p. 1444, 2021.

F. Xiong, R. Xiao, W. Ren, R. Zheng, and J. Jiang, “A key protection scheme based on secret sharing for blockchain-based construction supply chain system,” IEEE access, vol. 7, pp. 126773–126786, 2019.

R. Soltani, U. T. Nguyen, and A. An, “Practical key recovery model for self-sovereign identity based digital wallets,” in 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pp. 320–325, IEEE, 2019.

W. Zheng, K. Wang, and F.-Y. Wang, “Gan-based key secret-sharing scheme in blockchain,” IEEE transactions on cybernetics, vol. 51, no. 1, pp. 393–404, 2020.

H. P. Singh, K. Stefanidis, and F. Kirstein, “A private key recovery scheme using partial knowledge,” in 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5, IEEE, 2021.

D. Boneh, R. Gennaro, and S. Goldfeder, “Using level-1 homomorphic encryption to improve threshold dsa signatures for bitcoin wallet security,” in International Conference on Cryptology and Information Security in Latin America, pp. 352–377, Springer, 2017.

P. Dikshit and K. Singh, “Efficient weighted threshold ecdsa for securing bitcoin wallet,” in 2017 ISEA Asia Security and Privacy (ISEASP), pp. 1–9, IEEE, 2017.

Q. Wei, S. Li, W. Li, H. Li, and M. Wang, “Decentralized hierarchical authorized payment with online wallet for blockchain,” in Wireless Algorithms, Systems, and Applications: 14th International Conference, WASA 2019, Honolulu, HI, USA, June 24–26, 2019, Proceedings 14, pp. 358–369, Springer, 2019.

M. Blaze, G. Bleumer, and M. Strauss, “Divertible protocols and atomic proxy cryptography,” in International conference on the theory and applications of cryptographic techniques, pp. 127–144, Springer, 1998.

G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” ACM Transactions on Information and System Security (TISSEC), vol. 9, no. 1, pp. 1–30, 2006.

S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Decentralized Business Review, p. 21260, 2008.

V. Buterin, “Ethereum whitepaper,” https://ethereum.org/en/whitepaper/, 2022.

W. Dai, Y. Lv, K.-K. R. Choo, Z. Liu, D. Zou, and H. Jin, “Crsa: A cryptocurrency recovery scheme based on hidden assistance relationships,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 4291–4305, 2021.

D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in Annual international cryptology conference, pp. 213–229, Springer, 2001.

A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612–613, 1979.

S. Josefsson and I. Liusvaara, “Edwards-curve digital signature algorithm (eddsa),” tech. rep., 2017.

L. Brandão and M. Davidson, “Notes on threshold eddsa/schnorr signatures,” 2022.

B. LaMacchia, K. Lauter, and A. Mityagin, “Stronger security of authenticated key exchange,” in International conference on provable security, pp. 1–16, Springer, 2007.

D. Boneh, X. Ding, G. Tsudik, and C. M. Wong, “A method for fast revocation of public key certificates and security capabilities,” in 10th USENIX Security Symposium (USENIX Security 01), 2001.

Y. Lindell, “Fast secure two-party ecdsa signing,” in Annual International Cryptology Conference, pp. 613–644, Springer, 2017.

Y. Lindell, “Fast secure two-party ecdsa signing,” Journal of Cryptology, vol. 34, no. 4, pp. 1–38, 2021.

Y. Lindell and A. Nof, “Fast secure multiparty ecdsa with practical distributed key generation and applications to cryptocurrency custody,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1837–1854, 2018.

T. P. Pedersen, “Non-interactive and information-theoretic secure verifiable secret sharing,” in Annual international cryptology conference, pp. 129–140, Springer, 1991.

S. Das, T. Yurek, Z. Xiang, A. Miller, L. Kokoris-Kogias, and L. Ren, “Practical asynchronous distributed key generation,” in 2022 IEEE Symposium on Security and Privacy (SP), pp. 2518–2534, IEEE, 2022.

L. Zhang, F. Qiu, F. Hao, and H. Kan, “1-round distributed key generation with efficient reconstruction using decentralized cp-abe,” IEEE Transactions on Information Forensics and Security, vol. 17, pp. 894–907, 2022.

S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi, “Towards sound approaches to counteract power-analysis attacks,” in Annual International Cryptology Conference, pp. 398–412, Springer, 1999.

E. Trichina and A. Bellezza, “Implementation of elliptic curve cryptography with built-in counter measures against side channel attacks,” in International Workshop on Cryptographic Hardware and Embedded Systems, pp. 98–113, Springer, 2002.

E. Kiltz and K. Pietrzak, “Leakage resilient elgamal encryption,” in International conference on the theory and application of cryptology and information security, pp. 595–612, Springer, 2010.

J. Zhang, F. Zhang, X. Huang, and X. Liu, “Leakage-resilient authenticated key exchange for edge artificial intelligence,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 6, pp. 2835–2847, 2020.

J. Zhang and F. Zhang, “Identity-based key agreement for blockchain-powered intelligent edge,” IEEE Internet of Things Journal, vol. 9, no. 9, pp. 6688–6702, 2021.

J. Alawatugoda and T. Okamoto, “Standard model leakage-resilient authenticated key exchange using inner-product extractors,” Designs, Codes and Cryptography, vol. 90, no. 4, pp. 1059–1079, 2022.

Y. Zhou, Y. Xu, Z. Qiao, B. Yang, and M. Zhang, “Continuous leakage-resilient certificate-based signcryption scheme and application in cloud computing,” Theoretical Computer Science, vol. 860, pp. 1–22, 2021.

J. B. Nielsen and M. Simkin, “Lower bounds for leakage-resilient secret sharing,” in Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 556–577, Springer, 2020.

H. K. Maji, A. Paskin-Cherniavsky, T. Suad, and M. Wang, “Constructing locally leakage-resilient linear secret-sharing schemes,” in Annual International Cryptology Conference, pp. 779–808, Springer, 2021.

I. Tjuawinata and C. Xing, “Leakage-resilient secret sharing with constant share size,” IEEE Transactions on Information Theory, 2022.

“Jaxx,” https://www.jaxxwallet.io, 2022.

B. C. Neuman and T. Ts’o, “Kerberos: An authentication service for computer networks,” IEEE Communications magazine, vol. 32, no. 9, pp. 33–38, 1994.

D. Boneh and M. Franklin, “Identity-based encryption from the weil pairing,” in Annual international cryptology conference, pp. 213–229, Springer, 2001.

C. Cremers, B. Kiesl, and N. Medinger, “A formal analysis of {IEEE} 802.11’s {WPA2}: Countering the kracks caused by cracking the counters,” in 29th USENIX Security Symposium (USENIX Security 20), pp. 1–17, 2020.

N. Kshetri, “Web 3.0 and the metaverse shaping organizations brand and product strategies,” IT Professional, vol. 24, no. 2, pp. 11–15, 2022.

E. Rescorla, “The transport layer security (tls) protocol version 1.3,” tech. rep., 2018.

J. Zhang, Authenticated Key Exchange Protocols with Unbalanced Computational Requirements. The University of Liverpool (United Kingdom), 2018.

Y. Wang, Z. Su, N. Zhang, D. Liu, R. Xing, T. H. Luan, and X. Shen, “A survey on metaverse: Fundamentals, security, and privacy,” arXiv preprint arXiv:2203.02662, 2022.

C. Boyd, A. Mathuria, and D. Stebila, Protocols for authentication and key establishment, vol. 1. Springer, 2003.

A. Lei, H. Cruickshank, Y. Cao, P. Asuquo, C. P. A. Ogah, and Z. Sun, “Blockchain-based dynamic key management for heterogeneous intelligent transportation systems,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1832–1843, 2017.

Z. Ma, J. Zhang, Y. Guo, Y. Liu, X. Liu, and W. He, “An efficient decentralized key management mechanism for vanet with blockchain,” IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 5836–5849, 2020.

S. S. Panda, D. Jena, B. K. Mohanta, S. Ramasubbareddy, M. Daneshmand, and A. H. Gandomi, “Authentication and key management in distributed iot using blockchain technology,” IEEE Internet of Things Journal, vol. 8, no. 16, pp. 12947–12954, 2021.

M. Baza, M. M. Fouda, M. Nabil, A. T. Eldien, H. Mansour, and M. Mahmoud, “Blockchain-based distributed key management approach tailored for smart grid,” in Combating Security Challenges in the Age of Big Data, pp. 237–263, Springer, 2020.

J. Li, J. Wu, L. Chen, J. Li, and S. K. Lam, “Blockchain-based secure key management for mobile edge computing,” IEEE Transactions on Mobile Computing, 2021.

Y. Tan, J. Liu, and N. Kato, “Blockchain-based key management for heterogeneous flying ad hoc network,” IEEE Transactions on Industrial Informatics, vol. 17, no. 11, pp. 7629–7638, 2020.

V. Ribeiro, R. Holanda, A. Ramos, and J. J. Rodrigues, “Enhancing key management in lorawan with permissioned blockchain,” Sensors, vol. 20, no. 11, p. 3068, 2020.

T. Chen, L. Zhang, K.-K. R. Choo, R. Zhang, and X. Meng, “Blockchain-based key management scheme in fog-enabled iot systems,” IEEE Internet of Things Journal, vol. 8, no. 13, pp. 10766–10778, 2021.

J. Wang, L. Wu, K.-K. R. Choo, and D. He, “Blockchain-based anonymous authentication with key management for smart grid edge computing infrastructure,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 1984–1992, 2019.

Y. Tian, Z. Wang, J. Xiong, and J. Ma, “A blockchain-based secure key management scheme with trustworthiness in dwsns,” IEEE Transactions on Industrial Informatics, vol. 16, no. 9, pp. 6193–6202, 2020.

W. M. Shbair, E. Gavrilov, and R. State, “Hsm-based key management solution for ethereum blockchain,” in 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), pp. 1–3, IEEE, 2021.

T. Cai, Z. Hong, S. Liu, W. Chen, Z. Zheng, and Y. Yu, “Socialchain: Decoupling social data and applications to return your data ownership,” IEEE Transactions on Services Computing, 2021.

A. Lei, H. Cruickshank, Y. Cao, P. Asuquo, C. P. A. Ogah, and Z. Sun, “Blockchain-based dynamic key management for heterogeneous intelligent transportation systems,” IEEE Internet of Things Journal, vol. 4, no. 6, pp. 1832–1843, 2017.

H. Mayer, “Ecdsa security in bitcoin and ethereum: a research survey,” CoinFaabrik, June, vol. 28, no. 126, p. 50, 2016.

R. Henry, A. Herzberg, and A. Kate, “Blockchain access privacy: Challenges and directions,” IEEE Security & Privacy, vol. 16, no. 4, pp. 38–45, 2018.

Downloads

Published

2026-01-29

How to Cite

Ji, Z. ., Zhang, J. ., Dong, Y. ., Man, K. L. ., Guan, S. ., & Kim, M. . (2026). KeyShield: Leakage-and-Loss-Resilient Private Key Protection for Web3. Journal of Web Engineering, 25(01), 67–102. https://doi.org/10.13052/jwe1540-9589.2515

Issue

2026: Vol 25 Iss 1

Section

ICOW3 2025