"I Can't Believe It's Not Custodial!" Usable Trustless Decentralized Key Management

Key management has long remained a difficult unsolved problem in the field of usable security. While password-based key derivation functions (PBKDFs) are widely used to solve this problem in centralized applications, their low entropy and lack of a recovery mechanism make them unsuitable for use in decentralized contexts. The multi-factor key derivation function (MFKDF) is a recently proposed cryptographic primitive that aims to address these deficiencies by incorporating commonly used authentication factors into the key derivation process. In this paper, we implement an MFKDF-based Ethereum wallet and perform a user study with 27 participants to directly compare its usability against traditional cryptocurrency wallet architectures. Our results show that MFKDF-based applications outperform conventional key management approaches on both subjective and objective metrics, with a 37% higher average SUS score (p < 0.0001) and 71% faster task completion times (p < 0.0001) for the MFKDF-based wallet.