eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2019/1043

Breaking the Bluetooth Pairing – The Fixed Coordinate Invalid Curve Attack

Eli Biham and Lior Neumann


Bluetooth is a widely deployed standard for wireless communications between mobile devices. It uses authenticated Elliptic Curve Diffie-Hellman for its key exchange. In this paper we show that the authentication provided by the Bluetooth pairing protocols is insufficient and does not provide the promised MitM protection. We present a new attack that modifies the y-coordinates of the public keys (while preserving the x-coordinates). The attack compromises the encryption keys of all of the current Bluetooth authenticated pairing protocols, provided both paired devices are vulnerable. Specifically, it successfully compromises the encryption keys of 50% of the Bluetooth pairing attempts, while in the other 50% the pairing of the victims is terminated. The affected vendors have been informed and patched their products accordingly, and the Bluetooth specification had been modified to address the new attack. We named our new attack the “Fixed Coordinate Invalid Curve Attack”. Unlike the well known “Invalid Curve Attack” of Biehl et. al. which recovers the private key by sending multiple specially crafted points to the victim, our attack is a MitM attack which modifies the public keys in a way that lets the attacker deduce the shared secret.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. SAC 2019
Bluetoothelliptic curve cryptosystemDiffie-Hellman
Contact author(s)
lior neumann @ cs technion ac il
2019-09-18: received
Short URL
Creative Commons Attribution


      author = {Eli Biham and Lior Neumann},
      title = {Breaking the Bluetooth Pairing – The Fixed Coordinate Invalid Curve Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1043},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1043}},
      url = {https://eprint.iacr.org/2019/1043}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.