Author: Alan Reiner 2013-06-19 19:00:42
Published on: 2013-06-19T19:00:42+00:00
In an email exchange, Adam Back suggested a method to simplify and make compatible with existing type2 public keys. The method involves sending an ECDSA signature of the multiplier which can be used to compute the parent public key. However, requiring a signature on each multiplier defeats the purpose of a deterministic wallet. Alan argued that in cases with a persistent business relationship, the parent public key is already verified and does not need to be transmitted. Furthermore, computing an alternate {PubKey', Mult'} that produces the same address and then using it in a MitM attack doesn't work here if the two parties pre-verified the public keys. In the case that a business is checking whether the cashout address of a customer is the same as the last time, if the first payout was not replaced by an attacker, then the business already has the correct public key in their DB.
Updated on: 2023-06-06T18:58:46.013833+00:00