Toggle Main Menu Toggle Search

Open Access padlockePrints

Authenticated Key Exchange over Bitcoin

Lookup NU author(s): Patrick McCorry, Dr Siamak Fayyaz Shahandashti, Dr Dylan Clarke, Professor Feng Hao


Full text for this publication is not currently held within this repository. Alternative links are provided below where available.


Bitcoin is designed to protect user anonymity (or pseudonymity) in a financial transaction, and has been increasingly adopted by major e-commerce websites such as Dell, PayPal and Expedia. While the anonymity of Bitcoin transactions has been extensively studied, little attention has been paid to the security of post-transaction correspondence. In a commercial application, the merchant and the user often need to engage in follow-up correspondence after a Bitcoin transaction is completed, e.g., to acknowledge the receipt of payment, to confirm the billing address, to arrange the product delivery, to discuss refund and so on. Currently, such follow-up correspondence is typically done in plaintext via email with no guarantee on confidentiality. Obviously, leakage of sensitive data from the correspondence (e.g., billing address) can trivially compromise the anonymity of Bitcoin users. In this paper, we initiate the first study on how to realise end-to-end secure communication between Bitcoin users in a post-transaction scenario without requiring any trusted third party or additional authentication credentials. This is an important new area that has not been covered by any IEEE or ISO/IEC security standard, as none of the existing PKI-based or password-based AKE schemes are suitable for the purpose. Instead, our idea is to leverage the Bitcoin's append-only ledger as an additional layer of authentication between previously confirmed transactions. This naturally leads to a new category of AKE protocols that bootstrap trust entirely from the block chain. We call this new category "Bitcoin-based AKE" and present two concrete protocols: one is non-interactive with no forward secrecy, while the other is interactive with additional guarantee of forward secrecy. Finally, we present proof-of-concept prototypes for both protocols with experimental results to demonstrate their practical feasibility.

Publication metadata

Author(s): McCorry P, Shahandashti SF, Clarke D, Hao F

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: 2nd International Conference on Research in Security Standardisation

Year of Conference: 2015

Pages: 3-20

Print publication date: 01/01/2015

Acceptance date: 01/01/1900

Publisher: Springer International Publishing


DOI: 10.1007/978-3-319-27152-1_1

Library holdings: Search Newcastle University Library for this item

Series Title: Security Standardisation Research

ISBN: 9783319271514