Top

Published in:

2015 | OriginalPaper | Chapter

Authenticated Key Exchange over Bitcoin

Authors : Patrick McCorry, Siamak F. Shahandashti, Dylan Clarke, Feng Hao

Published in: Security Standardisation Research

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Bitcoin is designed to protect user anonymity (or pseudo nymity) in a financial transaction, and has been increasingly adopted by major e-commerce websites such as Dell, PayPal and Expedia. While the anonymity of Bitcoin transactions has been extensively studied, little attention has been paid to the security of post-transaction correspondence. In a commercial application, the merchant and the user often need to engage in follow-up correspondence after a Bitcoin transaction is completed, e.g., to acknowledge the receipt of payment, to confirm the billing address, to arrange the product delivery, to discuss refund and so on. Currently, such follow-up correspondence is typically done in plaintext via email with no guarantee on confidentiality. Obviously, leakage of sensitive data from the correspondence (e.g., billing address) can trivially compromise the anonymity of Bitcoin users. In this paper, we initiate the first study on how to realise end-to-end secure communication between Bitcoin users in a post-transaction scenario without requiring any trusted third party or additional authentication credentials. This is an important new area that has not been covered by any IEEE or ISO/IEC security standard, as none of the existing PKI-based or password-based AKE schemes are suitable for the purpose. Instead, our idea is to leverage the Bitcoin’s append-only ledger as an additional layer of authentication between previously confirmed transactions. This naturally leads to a new category of AKE protocols that bootstrap trust entirely from the block chain. We call this new category “Bitcoin-based AKE” and present two concrete protocols: one is non-interactive with no forward secrecy, while the other is interactive with additional guarantee of forward secrecy. Finally, we present proof-of-concept prototypes for both protocols with experimental results to demonstrate their practical feasibility.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

next chapter Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment

An adversary may not require 51 % of computational power in reality [3, 4, 10].

By “extra” information, we mean information other than what is derivable from the honest party’s already available public key.

Note that the results apply to a slightly modified version of ECDSA in which \(e=H(r|m)\) where | denotes concatenation. Although the Bitcoin Core implementation is based on the original ECDSA standard, the above modification is included in more recent standards of ECDSA such as ISO/IEC 14888 [1]. Furthermore, as another option for signing, the Bitcoin community is considering including Schnorr signature [2], which is proven to be a zero-knowledge proof of knowledge of the private key.

A bug in the Bitcoin implementation for the SIGHASH_SINGLE flag allows the message that is signed to authorise the transaction to be 1 instead of the hash of the transaction [8]. This bug is not likely to be fixed in the near-future as it is consensus-critical code. To address this bug, we assume that an implementation of our protocol properly checks that the message signed is a hash of a valid transaction as published on the Blockchain rather than 1.

ISO/IEC 14888: Information technology - Security techniques - Digital signatures with appendix (2008)

Andersen, G.: Conversation about OP_SCHNORRVERIFY. Freenode IRC bitcoin-wizards, October 2014. https://botbot.me/freenode/bitcoin-wizards/

Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013) CrossRef

Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012) CrossRef

BBC: New Paypal partnership enables limited Bitcoin payments (2015). http://www.bbc.co.uk/news/technology-29341886. Accessed 06 January 2015

Research, Certicom: SEC 2: Recommended Elliptic Curve Domain Parameters. Standards for Efficient Cryptography Group, September 2000

Clark, J., Essex, A.: CommitCoin: carbon dating commitments with bitcoin. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 390–398. Springer, Heidelberg (2012) CrossRef

Corallo, M.: [Bitcoin-development] Warning to rawtx creators: bug in SIGHASH_SINGLE (2012). http://sourceforge.net/p/bitcoin/mailman/message/29699385/. Accessed 16 September 2015

Dell: Were Now Accepting Bitcoin on Dell.com (2015). http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2014/07/18/we-re-now-accepting-bitcoin-on-dell-com. Accessed January 06 2015

10.

Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable (2013). arXiv preprint arXiv:1311.0243

11.

Hankerson, D., Vanstone, S., Menezes, A.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, New York (2004) MATH

12.

Hao, F.: On robust key agreement based on public key authentication. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 383–390. Springer, Heidelberg (2010) CrossRef

13.

Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)CrossRef

14.

Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)

15.

Lo, S., Wang, J.: Bitcoin as money? current policy and perspectives, September 2014

16.

Malone-Lee, J., Smart, N.P.: Modifications of ECDSA. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 1–12. Springer, Heidelberg (2003) CrossRef

17.

Maurer, B., Nelms, T., Swartz, L.: When perhaps the real problem is money itself!: the practical materiality of Bitcoin. Soc. Semiot. 23(2), 261–277 (2013)CrossRef

18.

Merrill, N.: The Calyx institute: privacy by design for everyone (2015). https://www.calyxinstitute.org/support-us/donate-via-bitcoin. Accessed January 06 2015

19.

Miers, I., Garman, C., Green, M., Rubin, A.: Zerocoin: anonymous distributed E-cash from Bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)

20.

Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

21.

Mozilla: Help protect the open Web (2015). https://sendto.mozilla.org/page/content/give-bitcoin/. Accessed January 06 2015

22.

Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

23.

Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: 2011 IEEE Third International Conference on Social Computing (socialcom) Privacy, Security, Risk and Trust (Passat), pp. 1318–1326, October 2011

24.

Rizzo, P.: Expedia exec says bitcoin spending has exceeded estimates (2015). http://www.coindesk.com/expedia-exec-bitcoin-payments-have-exceeded-estimates/. Accessed January 06 2015

25.

Robleh, A., Barrdear, J., Clews, R., Southgate, J.: The economics of digital currencies. Q. Bull. 54, Q3 (2014)

26.

Ron, D., Shamir, A.: Quantitative analysis of the full bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013) CrossRef

27.

Tor: Make A Donation. 2015. https://www.torproject.org/donate/donate.html.en. Accessed January 06 2015

28.

Vaudenay, S.: The security of DSA and ECDSA. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2002) CrossRef

29.

Woo, D., Gordon, I., Iaralov, V.: Bitcoin: a first assessment. Bank of America Merrill Lynch, December 2013

Title: Authenticated Key Exchange over Bitcoin
Authors: Patrick McCorry
Siamak F. Shahandashti
Dylan Clarke
Feng Hao
Publisher: Springer International Publishing
Book: Security Standardisation Research
Print ISBN: 978-3-319-27151-4

Electronic ISBN: 978-3-319-27152-1

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-27152-1_1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner