Paper 2015/308
Authenticated Key Exchange over Bitcoin
Patrick McCorry, Siamak F. Shahandashti, Dylan Clarke, and Feng Hao
Abstract
Bitcoin is designed to protect user anonymity (or pseudonymity) in a financial transaction, and has been increasingly adopted by major e- commerce websites such as Dell, PayPal and Expedia. While the anonymity of Bitcoin transactions has been extensively studied, little attention has been paid to the security of post-transaction correspondence. In a commercial ap- plication, the merchant and the user often need to engage in follow-up corre- spondence after a Bitcoin transaction is completed, e.g., to acknowledge the receipt of payment, to confirm the billing address, to arrange the product de- livery, to discuss refund and so on. Currently, such follow-up correspondence is typically done in plaintext via email with no guarantee on confidentiality. Obviously, leakage of sensitive data from the correspondence (e.g., billing ad- dress) can trivially compromise the anonymity of Bitcoin users. In this paper, we initiate the first study on how to realise end-to-end secure communica- tion between Bitcoin users in a post-transaction scenario without requiring any trusted third party or additional authentication credentials. This is an important new area that has not been covered by any IEEE or ISO/IEC se- curity standard, as none of the existing PKI-based or password-based AKE schemes are suitable for the purpose. Instead, our idea is to leverage the Bit- coin’s append-only ledger as an additional layer of authentication between previously confirmed transactions. This naturally leads to a new category of AKE protocols that bootstrap trust entirely from the block chain. We call this new category “Bitcoin-based AKE” and present two concrete protocols: one is non-interactive with no forward secrecy, while the other is interactive with additional guarantee of forward secrecy. Finally, we present proof-of-concept prototypes for both protocols with experimental results to demonstrate their practical feasibility.
Note: Accepted to Security Standardisation Research 2015.
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Minor revision. 2nd International Conference on Research in Security Standardisation (SSR'15)
- Keywords
- Authenticated Key ExchangeBitcoinDiffie-HellmanYAK
- Contact author(s)
- patrick mccorry @ ncl ac uk
- History
- 2015-09-25: revised
- 2015-04-06: received
- See all versions
- Short URL
- https://ia.cr/2015/308
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/308, author = {Patrick McCorry and Siamak F. Shahandashti and Dylan Clarke and Feng Hao}, title = {Authenticated Key Exchange over Bitcoin}, howpublished = {Cryptology {ePrint} Archive, Paper 2015/308}, year = {2015}, url = {https://eprint.iacr.org/2015/308} }