Author: Eric Voskuil 2015-02-06 00:22:23
Published on: 2015-02-06T00:22:23+00:00
In an email conversation, MⒶrtin HⒶboⓋštiak suggested that merchants generate signed requests containing public ECDH parts, and buyers send back encrypted transactions along with their own public ECDH parts. However, Eric Voskuil pointed out that this method is vulnerable to man-in-the-middle attacks because there is no way to verify the ownership of the public key. To address this issue, a shared secret phrase could be used, but establishing it over a public channel would still be problematic. Voskuil suggests bootstrapping a private session over the untrusted network using a trusted public key, such as PKI/WoT, but this process is subject to attack at the Certificate Authority (CA). Voskuil also notes that WoT is not sufficiently deployed for some scenarios. In addition, MⒶrtin HⒶboⓋštiak proposed using a commit protocol, similar to ZRTP/RedPhone, and short authentication phrases to establish a secure communication channel. This approach involves sending a commit message, hashing all three messages together, and selecting two words from a shared dictionary based on the first two bytes. The parties then communicate those two words and verify they match. If four words from BIP39 wordlist were chosen instead, it would provide entropy of 44 bits, which should be sufficient even for paranoid people. This method could potentially be used in a Bitcoin payment scenario where a user's phone broadcasts their name, the merchant inputs the amount and selects the name from the list, and the buyer confirms the transaction after verifying that the words match.
Updated on: 2023-06-09T16:30:35.790395+00:00