BcFCKA:Blockchain-based Fair and continuous key agreement for DIDComm in Self-Sovereign Identity

Self-Sovereign Identity (SSI) is a novel identity management paradigm that empowers entities to control their own identities through agents, without relying on centralized authorities. However, the widely adopted DIDComm framework for secure communication between agents in SSI still faces several critical challenges, such as the lack of perfect forward secrecy, insufficient message loss resilience, and the absence of continuous key updates. To address these issues, we propose a blockchain-based Fair and Continuous Key Agreement (BcFCKA) primitive, which enables agents to perform fair and continuous session key updates, even in the presence of message loss and without relying on any centralized trusted entity. We further present a concrete scheme instantiation, namely BcFCX3DH, and provide both formal and informal analyses to demonstrate that our scheme achieves several security properties (e.g., known-key security and perfect forward secrecy) as well as several design goals (e.g., key pre-storage freedom and message loss resilience). In addition, simulation results show that the proposed scheme establishes the initial session key and performs key updates within only a few milliseconds, demonstrating its practicality.