Volume 13, Number 1

Defeating MITM Attacks on Cryptocurrency Exchange Accounts with Individual User Keys


Cheman Shaik, VISH Consulting Services Inc, USA


Presented herein is a User-SpecificKey Scheme based on Elliptic Curve Cryptography that defeats man-inthe-middle attacks on cryptocurrency exchange accounts. In this scheme, a separate public and private key pair is assigned to every account and the public key is shifted either forward or backward on the elliptic curve by a difference of the account user’s password. When a user logs into his account, the server sends the shifted public key of his account. The user computes the actual public key of his account by reverse shifting the shifted public key exactly by a difference of his password. Alternatively, shifting can be applied to the user’s generator instead of the public key. Described in detail is as to how aman-in-the-middle attack takes place and how the proposed scheme defeats the attack.

Provided detailed security analysis in both the cases of publickey shifting and generator shifting. Further, compared the effectiveness of another three authentication schemes in defending passwords against MITM attacks.


Cryptocurrency Exchange, Elliptic Curve Cryptography, Man-in-the-middle Attack, MITM Attack, Public Key, Private Key, Key Spoofing, Shifting.