forked from JoinMarket-Org/joinmarket
-
Notifications
You must be signed in to change notification settings - Fork 0
/
encryption_protocol.txt
40 lines (30 loc) · 1.72 KB
/
encryption_protocol.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Encryption handshake in JoinMarket
==================================
In the clear
============
TAK: !fill <order id> <coinjoin amount> <taker encryption pubkey>
MAK: !pubkey <maker encryption pubkey>
Both maker and taker construct a crypto Box object to allow authenticated encryption between the parties.
These Box objects are properties of the CoinJoinTx and CoinJoinOrder objects, so they are specific to
transactions and not to Maker and Taker entities.
Encrypted
=========
TAK: !auth <input utxo pubkey> <btc sig of taker encryption pubkey using input utxo pubkey>
(Maker verifies the btc sig; if not valid, connection is dropped - send REJECT message)
MAK: !ioauth <utxo list> <coinjoin pubkey> <change address> <btc sig of maker encryption pubkey using coinjoin pubkey>
(Taker verifies the btc sig; if not valid, as for previous)
Because the !auth messages are under encryption, there is no privacy leak of bitcoin pubkeys or output addresses.
If both verifications pass, the remainder of the messages exchanged between the two parties will continue under encryption.
Specifically, these message types will be encrypted:
!auth
!ioauth
!tx
!sig
Note
====
A key part of the authorisation process is the matching between the bitcoin pubkeys used in the coinjoin
transaction and the encryption pubkeys used. This ensures that the messages we are sending are only
readable by the entity which is conducting the bitcoin transaction with us.
To ensure this, the maker should not sign any transaction that doesn't use the previously identified
input utxo as its input, and the taker should not push/sign any transaction that doesn't use the
previously identified maker coinjoin pubkey/address as its output.