Secure Passwordless Authentication Using Blockchain: A Cryptographic Challenge-Response Approach


Authors : Kadambari Marne; Parag Jambulkar; Siddhi Khandarkar; Mrunal Mohite

Volume/Issue : Volume 10 - 2025, Issue 10 - October

Google Scholar : https://tinyurl.com/ys6tvfcm

Scribd : https://tinyurl.com/46fnfxrp

DOI : https://doi.org/10.38124/ijisrt/25oct1365

PlumX Metrics

Semantic Scholar

ResearchGate

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 30 to 40 days to display the article.

Abstract : Traditional web authentication mechanisms depend heavily on centralized password storage, which introduces signif- icant vulnerabilities including data breaches, credential stuffing attacks, and phishing threats. This research presents a novel pass- wordless authentication framework that utilizes the non-custodial cryptographic identity capabilities of modern Ethereum wallets combined with an immutable public key registry implemented through blockchain smart contracts. Our approach fundamen- tally transforms conventional username-password validation into a secure cryptographic challenge-response protocol. The backend server generates unique, session-specific challenge strings that users sign locally using their private keys through browser wallets. Signature verification against registered public addresses enables robust, tamper-resistant authentication without exposing private keys, storing passwords, or depending on centralized secret management systems. This architecture significantly en- hances security while maintaining user convenience and system integrity.

Keywords : Blockchain, Passwordless Authentication, Ethereum, Cryptography, Smart Contracts, Decentralized Identity, Challenge-Response Protocol, Web3, Security.

References :

  1. A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder, Bit- coin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, 2016.
  2. G. Wood, “Ethereum: A secure decentralised generalised transaction ledger,” Ethereum Project Yellow Paper, vol. 151, no. 2014, pp. 1-32, 2014.
  3. S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” Decen- tralized Business Review, p. 21260, 2008.
  4. M. Conti, E. S. Kumar, C. Lal, and S. Ruj, “A survey on security and privacy issues of bitcoin,” IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3416-3452, 2018.
  5. D. Boneh and V. Shoup, A Graduate Course in Applied Cryptography. Draft 0.5, 2020.
  6. N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of Computation, vol. 48, no. 177, pp. 203-209, 1987.
  7. J. Bonneau, C. Herley, P. C. Van Oorschot, and F. Stajano, “The quest to replace passwords: A framework for comparative evaluation of web authentication schemes,” in 2012 IEEE Symposium on Security and Privacy, 2012, pp. 553-567.
  8. M. Swan, Blockchain: Blueprint for a New Economy. O’Reilly Media, Inc., 2015.
  9. M. I. M. Yusop, N. H. Kamarudin, N. H. S. Suhaimi, and M. K. Hasan, “Advancing passwordless authentication: A systematic review of methods, challenges, and future directions for secure user identity,” IEEE Access, vol. 13, pp. 12345-12367, 2025.
  10. P. Khobragade and A. K. Turuk, “A gateway-assisted blockchain-based authentication scheme for internet-of-things,” Journal of Network and Computer Applications, vol. 235, article 103974, 2025.
  11. K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the internet of things,” IEEE Access, vol. 4, pp. 2292-2303, 2016.
  12. M. Alharby and A. van Moorsel, “Blockchain smart contracts: Appli- cations, challenges, and future trends,” Peer-to-Peer Networking and Applications, vol. 14, pp. 2901-2925, 2021.
  13. S. Wang, L. Ouyang, Y. Yuan, X. Ni, X. Han, and F. Y. Wang, “Blockchain-enabled smart contracts: Architecture, applications, and future trends,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 49, no. 11, pp. 2266-2277, 2019.
  14. Z. Li, J. Kang, R. Yu, D. Ye, Q. Deng, and Y. Zhang, “Consortium blockchain for secure energy trading in industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3690- 3700, 2018.

Traditional web authentication mechanisms depend heavily on centralized password storage, which introduces signif- icant vulnerabilities including data breaches, credential stuffing attacks, and phishing threats. This research presents a novel pass- wordless authentication framework that utilizes the non-custodial cryptographic identity capabilities of modern Ethereum wallets combined with an immutable public key registry implemented through blockchain smart contracts. Our approach fundamen- tally transforms conventional username-password validation into a secure cryptographic challenge-response protocol. The backend server generates unique, session-specific challenge strings that users sign locally using their private keys through browser wallets. Signature verification against registered public addresses enables robust, tamper-resistant authentication without exposing private keys, storing passwords, or depending on centralized secret management systems. This architecture significantly en- hances security while maintaining user convenience and system integrity.

Keywords : Blockchain, Passwordless Authentication, Ethereum, Cryptography, Smart Contracts, Decentralized Identity, Challenge-Response Protocol, Web3, Security.

CALL FOR PAPERS


Paper Submission Last Date
31 - December - 2025

Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe