The Library
Formal modelling and security analysis of Bitcoin’s payment protocol
Tools
Modesti, Paolo, Shahandashti, Siamak F., McCorry, Patrick and Hao, Feng (2021) Formal modelling and security analysis of Bitcoin’s payment protocol. Computers & Security, 107 . 102279. doi:10.1016/j.cose.2021.102279 ISSN 0167-4048.
|
PDF
WRAP-Formal-modelling-security-analysis-Bitcoins-payment-protocol-2021.pdf - Accepted Version - Requires a PDF viewer. Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0. Download (1042Kb) | Preview |
Official URL: http://dx.doi.org/10.1016/j.cose.2021.102279
Abstract
The Payment Protocol standard BIP70, specifying how payments in Bitcoin are performed by merchants and customers, is supported by the largest payment processors and most widely-used wallets. The protocol has been shown to be vulnerable to refund attacks due to lack of authentication of the refund addresses. In this paper, we give the first formal model of the protocol and formalise the refund address security goals for the protocol, namely refund address authentication and secrecy. The formal model utilises communication channels as abstractions conveying security goals on which the protocol modeller and verifier can rely. We analyse the Payment Protocol confirming that it is vulnerable to an attack violating the refund address authentication security goal. Moreover, we present a concrete protocol revision proposal supporting the merchant with publicly verifiable evidence that can mitigate the attack. We verify that the revised protocol meets the security goals defined for the refund address. Hence, we demonstrate that the revised protocol is secure, not only against the existing attacks, but also against any further attacks violating the formalised security goals.
Item Type: | Journal Article | ||||||||
---|---|---|---|---|---|---|---|---|---|
Subjects: | H Social Sciences > HG Finance | ||||||||
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||||||
Library of Congress Subject Headings (LCSH): | Bitcoin , Cryptocurrencies , Cryptocurrencies -- Security measures, Electronic funds transfers, Electronic funds transfers -- Security measures | ||||||||
Journal or Publication Title: | Computers & Security | ||||||||
Publisher: | Elsevier Advanced Technology | ||||||||
ISSN: | 0167-4048 | ||||||||
Official Date: | August 2021 | ||||||||
Dates: |
|
||||||||
Volume: | 107 | ||||||||
Article Number: | 102279 | ||||||||
DOI: | 10.1016/j.cose.2021.102279 | ||||||||
Status: | Peer Reviewed | ||||||||
Publication Status: | Published | ||||||||
Access rights to Published version: | Restricted or Subscription Access | ||||||||
Date of first compliant deposit: | 13 September 2021 | ||||||||
Date of first compliant Open Access: | 18 April 2022 | ||||||||
RIOXX Funder/Project Grant: |
|
||||||||
Related URLs: |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year