Author: MⒶrtin HⒶboⓋštiak 2015-02-06 09:07:18
Published on: 2015-02-06T09:07:18+00:00
In a discussion between Eric Voskuil and Martin Habovštiak, they were discussing the security of transactions. Voskuil said that to prevent Man-in-the-Middle (MITM) attacks, there must be a shared secret or a trusted public key associated with the public key infrastructure/web of trust. One way to establish this is through manual verification, but this has its own problems such as long addresses, plaintext broadcasting of addresses and amounts, and address prefix brute-force attacks. Habovštiak suggested using the commit protocol for encryption and authentication while still keeping the user experience simple. Habovštiak also mentioned RedPhone (Signal on iPhone), an open-source app for end-to-end encrypted communication, which remembers public keys so that users do not need to verify a second time. However, Voskuil remained skeptical of smartphones as secure platforms. They then discussed how the commit protocol could work in a Bitcoin payment scenario where a merchant inputs an amount and selects a name from a list while the buyer broadcasts their name. The parties would communicate two words derived from four words chosen from a shared dictionary. Voskuil asked how the parties would compare words if they hadn't established a secure channel yet. Habovštiak responded that there must exist a proximity-based communication channel. Voskuil also pointed out that MITM attacks are possible without verifiable ownership of a public key.
Updated on: 2023-06-09T16:35:11.159328+00:00