Author: Jonas Schnelli 2016-06-30 12:43:07
Published on: 2016-06-30T12:43:07+00:00
The context discusses the problem of a man-in-the-middle (MITM) attack on BIP151 and the implied solution that requires a peer to trust that another is not an attacker. It is unclear how an anonymous peer's attack on privacy can be detected, but if Mallory substitutes the ephemeral keys in both directions and intercepts the channel, Alice and Bob can detect the MITM attack during authentication. This is demonstrated through a dummy example where Alice requests Bob to sign the session-ID with his identity key, which becomes unusable for Mallory due to the substituted sessionID in both directions. However, it should be noted that this is not an authentication proposal. The implementation of BIP151 would increase the risks for MITM attackers.
Updated on: 2023-06-11T18:58:36.521785+00:00