Paper 2021/1597

Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite

Marc Fischlin and Olga Sanina


We give a cryptographic analysis of the Bluetooth Secure Connections Protocol Suite. Bluetooth supports several subprotocols, such as Numeric Comparison, Passkey Entry, and Just Works, in order to match the devices' different input/output capabilities. Previous analyses (e.g., Lindell, CT-RSA'09, or Troncoso and Hale, NDSS'21) often considered (and confirmed) the security of single subprotocols only. Recent practically verified attacks, however, such as the Method Confusion Attack (von Tschirschnitz et al., S&P'21) against Bluetooth's authentication and key secrecy property, often exploit the bad interplay of different subprotocols. Even worse, some of these attacks demonstrate that one cannot prove the Bluetooth protocol suite to be a secure authenticated key exchange protocol. We therefore aim at the best we can hope for and show that the protocol still matches the common key secrecy requirements of a key exchange protocol if one assumes a trust-on-first-use (TOFU) relationship. This means that the adversary needs to mount an active attack during the initial connection, otherwise the subsequent reconnections remain secure. Investigating the cryptographic strength of the Bluetooth protocol, we also look into the privacy mechanism of address randomization in Bluetooth (which is only available in the Low Energy version). We show that the cryptography indeed provides a decent level of address privacy, although this does not rule out identification of devices via other means, such as physical characteristics.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2021
BluetoothKey ExchangeTrust On First Use (TOFU)PrivacySecure Connections
Contact author(s)
marc fischlin @ cryptoplexity de
olga sanina @ cryptoplexity de
2021-12-09: received
Short URL
Creative Commons Attribution


      author = {Marc Fischlin and Olga Sanina},
      title = {Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1597},
      year = {2021},
      doi = {10.1007/978-3-030-92075-3_24},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.