Key exchange with the help of a public ledger

TL;DR

This paper proposes a method for secure key exchange using public ledgers like blockchains to detect man-in-the-middle attacks by leveraging the ledger's consistency, reducing reliance on trusted third parties.

Contribution

It introduces a novel approach to key exchange that utilizes public ledgers for attack detection, minimizing prior trust assumptions and enhancing security.

Findings

Detects MitM attacks via ledger inconsistencies

Reduces user interaction compared to existing protocols

Eliminates need for trusted third parties

Abstract

Blockchains and other public ledger structures promise a new way to create globally consistent event logs and other records. We make use of this consistency property to detect and prevent man-in-the-middle attacks in a key exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates an inconsistency in the world views of the two honest parties, and they can detect it with the help of the ledger. Thus, there is no need for prior knowledge or trusted third parties apart from the distributed ledger. To prevent impersonation attacks, we require user interaction. It appears that, in some applications, the required user interaction is reduced in comparison to other user-assisted key-exchange protocols.