PASS - Provenanced Access Subaccount SystemAcademic Research Prototype

A novel wallet architecture enabling multiple entities to securely share control of a single blockchain address through provenance-based access control and TEE-encumbered secret key management.

Connect your wallet to explore the PASS prototype

Research Abstract

Blockchain wallets traditionally operate under a single-entity ownership model where possession of a private key grants complete control over all assets. This paradigm becomes limiting as blockchain applications evolve toward more complex access patterns, such as with Trusted Execution Environment (TEE) based private key encumbrance.

We present the Provenanced Access Subaccount System (PASS), a novel wallet architecture that enables multiple entities to securely share control of a single blockchain address. Unlike existing approaches that rely on role-based or attribute-based access control, PASS introduces provenance-based access control, where authority over assets is determined by their origin and transfer history, and secret key access is mediated by a custodial Inbox-Outbox mechanism.

Our design allows multi-entity control of a single wallet address with a strong notion of privacy, where internal transfers between subaccounts leave no on-chain trace, and a multi-user PASS wallet is indistinguishable from a regular user account. We outline the core design of PASS and formally verify key security properties, such as privacy and policy integrity, with Lean 4. We also implement a prototype in TypeScript with WalletConnect integration for Ethereum Virtual Machine (EVM) blockchains and with a TEE-encumbered secret key, demonstrating PASS's feasibility without any smart contract deployments.

This work advances wallet security by combining the flexibility of multi-user access models with strong privacy guarantees and a formal verification approach.

Research Contributions

🔗

Provenance-Based Access Control

Novel access control mechanism where authority over assets is determined by their origin and transfer history, rather than traditional role-based approaches.

📥

Inbox-Outbox Mechanism

Custodial system that mediates secret key access through a secure channel, enabling multi-entity control without compromising security.

🔒

Privacy-Preserving Transfers

Internal transfers between subaccounts leave no on-chain trace, making multi-user wallets indistinguishable from regular accounts.

✅

Formal Verification

Key security properties including privacy and policy integrity are formally verified using Lean 4 theorem prover.

🛡️

TEE-Encumbered Keys

Private keys are managed within Trusted Execution Environments, ensuring secure execution isolated from the host system.

⚡

No Smart Contract Dependency

Demonstrates feasibility without requiring smart contract deployments, working directly with EOA addresses.

Formal Verification & Privacy Guarantees

🔍 Privacy Property Verification

Formally verified that multi-user PASS wallets are indistinguishable from regular user accounts on-chain

✅ Policy Integrity Verification

Proven that access control policies cannot be violated through formal verification with Lean 4

🔒 TEE Security Guarantees

Critical operations execute in isolated TEE environments with formally verified isolation properties

Research Methodology

Formal Verification: Lean 4 theorem prover for key security lemmas and privacy properties on PASS formal model.

Prototype Implementation: Rust enclave logic, TypeScript frontend, and WalletConnect v2 integration for EVM blockchains.

TEE Infrastructure: AWS Nitro Enclaves and Phala dStackfor secure key management and execution.