Author: Eric Voskuil 2015-02-10 16:55:58
Published on: 2015-02-10T16:55:58+00:00
The discussion is about preventing the vandalous address substitution attack in Bitcoin transactions. The commit protocol can be used to ensure transaction integrity but there is a risk of privacy loss without manual verification. To prevent this, the customer must visually confirm a "phrase" and verbally tell the merchant to proceed with sending the payment request. The use of encryption with forward secrecy is suggested, but the problem is verifying ownership of the public key. A shared secret such as a secret phrase can be used, but establishing it over a public channel is subject to attack. WoT is not subject to a CA attack, but it's also not sufficiently deployed for some scenarios. The commit protocol can be used for both encryption and authentication while user experience is not bad and everything is still secure.
Updated on: 2023-06-09T16:33:38.707197+00:00