PASS: A Provenanced Access Subaccount System for Blockchain Wallets

Highlights

• Inbox–Outbox model gives verifiable, private transaction lineage
• Security properties machine-checked in Lean 4
• Prototyped on AWS Nitro Enclaves and Intel TDX

Abstract

PASS moves away from traditional private-key-based wallet ownership, enabling multiple parties to coordinate asset access while preserving privacy through provenance-based controls. An Inbox–Outbox mechanism creates verifiable transaction lineage while keeping internal transfers private. We formalize the design in Lean 4 and prove key security properties — transfer privacy, asset accessibility, and provenance integrity. Prototypes on AWS Nitro Enclaves and Intel TDX integrate WalletConnect compatibility and demonstrate efficient throughput. The work targets AI agent wallets, organizational custody, and enterprise payroll by balancing strict self-custody with flexible shared access.