“I Can't Believe It's Not Custodial!” Usable Trustless Decentralized Key Management

Tanusree Sharma, Vivek C. Nair, Henry Wang, Yang Wang, Dawn Song

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Key management has long remained a difficult unsolved problem in the field of usable security. While password-based key derivation functions (PBKDFs) are widely used to solve this problem in centralized applications, their low entropy and lack of a recovery mechanism make them unsuitable for use in decentralized contexts. The multi-factor key derivation function (MFKDF) is a recently proposed cryptographic primitive that aims to address these deficiencies by incorporating commonly used authentication factors into the key derivation process. In this paper, we implement an MFKDF-based Ethereum wallet and perform a user study with 27 participants to directly compare its usability against traditional cryptocurrency wallet architectures. Our results show that MFKDF-based applications outperform conventional key management approaches on both subjective and objective metrics, with a 37% higher average SUS score (p < 0.0001) and 71% faster task completion times (p < 0.0001) for the MFKDF-based wallet.

Original languageEnglish (US)
Title of host publicationCHI 2024 - Proceedings of the 2024 CHI Conference on Human Factors in Computing Sytems
PublisherAssociation for Computing Machinery
ISBN (Electronic)9798400703300
DOIs
StatePublished - May 11 2024
Externally publishedYes
Event2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024 - Hybrid, Honolulu, United States
Duration: May 11 2024May 16 2024

Publication series

NameConference on Human Factors in Computing Systems - Proceedings

Conference

Conference2024 CHI Conference on Human Factors in Computing Sytems, CHI 2024
Country/TerritoryUnited States
CityHybrid, Honolulu
Period5/11/245/16/24

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Graphics and Computer-Aided Design

Fingerprint

Dive into the research topics of '“I Can't Believe It's Not Custodial!” Usable Trustless Decentralized Key Management'. Together they form a unique fingerprint.

Cite this