Authenticated Key Exchange over Bitcoin

  • Patrick McCorry
  • Siamak F. Shahandashti
  • Dylan Clarke
  • Feng Hao
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9497)


Bitcoin is designed to protect user anonymity (or pseudo nymity) in a financial transaction, and has been increasingly adopted by major e-commerce websites such as Dell, PayPal and Expedia. While the anonymity of Bitcoin transactions has been extensively studied, little attention has been paid to the security of post-transaction correspondence. In a commercial application, the merchant and the user often need to engage in follow-up correspondence after a Bitcoin transaction is completed, e.g., to acknowledge the receipt of payment, to confirm the billing address, to arrange the product delivery, to discuss refund and so on. Currently, such follow-up correspondence is typically done in plaintext via email with no guarantee on confidentiality. Obviously, leakage of sensitive data from the correspondence (e.g., billing address) can trivially compromise the anonymity of Bitcoin users. In this paper, we initiate the first study on how to realise end-to-end secure communication between Bitcoin users in a post-transaction scenario without requiring any trusted third party or additional authentication credentials. This is an important new area that has not been covered by any IEEE or ISO/IEC security standard, as none of the existing PKI-based or password-based AKE schemes are suitable for the purpose. Instead, our idea is to leverage the Bitcoin’s append-only ledger as an additional layer of authentication between previously confirmed transactions. This naturally leads to a new category of AKE protocols that bootstrap trust entirely from the block chain. We call this new category “Bitcoin-based AKE” and present two concrete protocols: one is non-interactive with no forward secrecy, while the other is interactive with additional guarantee of forward secrecy. Finally, we present proof-of-concept prototypes for both protocols with experimental results to demonstrate their practical feasibility.


Authenticated key exchange Bitcoin Diffie-Hellman YAK 



The second, third and fourth authors are supported by the European Research Council (ERC) Starting Grant (No. 306994). We also thank Greg Maxwell for bringing the SIGHASH_SINGLE implementation bug to our attention.


  1. 1.
    ISO/IEC 14888: Information technology - Security techniques - Digital signatures with appendix (2008)Google Scholar
  2. 2.
    Andersen, G.: Conversation about OP_SCHNORRVERIFY. Freenode IRC bitcoin-wizards, October 2014.
  3. 3.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  4. 4.
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  5. 5.
    BBC: New Paypal partnership enables limited Bitcoin payments (2015). Accessed 06 January 2015
  6. 6.
    Research, Certicom: SEC 2: Recommended Elliptic Curve Domain Parameters. Standards for Efficient Cryptography Group, September 2000Google Scholar
  7. 7.
    Clark, J., Essex, A.: CommitCoin: carbon dating commitments with bitcoin. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 390–398. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  8. 8.
    Corallo, M.: [Bitcoin-development] Warning to rawtx creators: bug in SIGHASH_SINGLE (2012). Accessed 16 September 2015
  9. 9.
  10. 10.
    Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable (2013). arXiv preprint arXiv:1311.0243
  11. 11.
    Hankerson, D., Vanstone, S., Menezes, A.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, New York (2004) zbMATHGoogle Scholar
  12. 12.
    Hao, F.: On robust key agreement based on public key authentication. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 383–390. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  13. 13.
    Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)CrossRefGoogle Scholar
  14. 14.
    Karame, G.O., Androulaki, E., Capkun, S.: Double-spending fast payments in bitcoin. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 906–917. ACM (2012)Google Scholar
  15. 15.
    Lo, S., Wang, J.: Bitcoin as money? current policy and perspectives, September 2014Google Scholar
  16. 16.
    Malone-Lee, J., Smart, N.P.: Modifications of ECDSA. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 1–12. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  17. 17.
    Maurer, B., Nelms, T., Swartz, L.: When perhaps the real problem is money itself!: the practical materiality of Bitcoin. Soc. Semiot. 23(2), 261–277 (2013)CrossRefGoogle Scholar
  18. 18.
    Merrill, N.: The Calyx institute: privacy by design for everyone (2015). Accessed January 06 2015
  19. 19.
    Miers, I., Garman, C., Green, M., Rubin, A.: Zerocoin: anonymous distributed E-cash from Bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)Google Scholar
  20. 20.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986) Google Scholar
  21. 21.
    Mozilla: Help protect the open Web (2015). Accessed January 06 2015
  22. 22.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  23. 23.
    Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: 2011 IEEE Third International Conference on Social Computing (socialcom) Privacy, Security, Risk and Trust (Passat), pp. 1318–1326, October 2011Google Scholar
  24. 24.
    Rizzo, P.: Expedia exec says bitcoin spending has exceeded estimates (2015). Accessed January 06 2015
  25. 25.
    Robleh, A., Barrdear, J., Clews, R., Southgate, J.: The economics of digital currencies. Q. Bull. 54, Q3 (2014)Google Scholar
  26. 26.
    Ron, D., Shamir, A.: Quantitative analysis of the full bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  27. 27.
    Tor: Make A Donation. 2015. Accessed January 06 2015
  28. 28.
    Vaudenay, S.: The security of DSA and ECDSA. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 309–323. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  29. 29.
    Woo, D., Gordon, I., Iaralov, V.: Bitcoin: a first assessment. Bank of America Merrill Lynch, December 2013Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Patrick McCorry
    • 1
  • Siamak F. Shahandashti
    • 1
  • Dylan Clarke
    • 1
  • Feng Hao
    • 1
  1. 1.School of Computing ScienceNewcastle UniversityNewcastle upon TyneUK

Personalised recommendations