Author: MⒶrtin HⒶboⓋštiak 2015-02-06 00:04:04
Published on: 2015-02-06T00:04:04+00:00
The RedPhone code is a secure and convenient way to initiate connections. The initiator sends a commit message containing the hash of their temporary public ECDH part, the second party sends back their public ECDH part, and then the initiator sends his public ECDH part in open. All three messages are hashed together, and the first two bytes are used to select two words from a shared dictionary that are displayed on the screens of both parties. The selected words are communicated, and both parties verify that they match.In a Bitcoin payment scenario, a user's phone would broadcast their name, the merchant would input the amount and select the name from the list, and then the commit message would be sent. The remaining two messages are then sent, and the merchant spells out four words they see on their screen while the buyer confirms the transaction after verifying that the words match.The issue with BIP-70 signed payment requests is that, due to the public nature of the broadcast coupled with strong public identity, privacy compromise is much worse, and transactions are cryptographically tainted. An interloper on communication, desktop, datacenter, etc., can capture payment requests and strongly correlate transactions to identities in an automated manner. To address this problem, encryption with forward secrecy can be used. A merchant generates a signed request containing a public ECDH part, and a buyer sends back a transaction encrypted with ECDH and their public ECDH part. If receiving address/amount is meant to be private, the commit protocol (see ZRTP/RedPhone) and short authentication phrase can be used. However, there is still a need to verify the ownership of the public key, as a MITM can substitute the key.
Updated on: 2023-06-09T16:37:46.297615+00:00