Add private invite system #3
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add private user invitation system. This system works like so: 1. Alice already has an account on Bloom 2. Alice generates a secret value and computes ``` sha3(secret + "/" + aliceAddress) ``` add publishes this to the smart contract via `createInvite` 3. Alice shares the secret value with Bob out-of-band (not via the blockchain). 4. Bob computes `sha3(secret + "/" + bobAddress)` and calls the function `beginAcceptInvite` 5. After 4 confirmations, Bob calls ``` finishAcceptInvite(aliceAddress, secret) ``` at which point he should have an account This system is designed to allow Alice to invite Bob without knowing his Ethereum address. The secret makes sure that only he is able to claim the invite. The separate `beginAcceptInvite` and `finishAcceptInvite` functions are to avoid an attacker replaying accepting an invite but with their own account. They can't replay the `beginAcceptInvite` function because the hashed value does not contain an address they control. They could observe the `finishAcceptInvite` call and replay both the begin and finish functions, but the contract requires that they happen at least 5 blocks apart. This delay gives the person accepting the invite a secure window of time where no one else can replay and steal their invite.
backus
force-pushed
the
feature/privateInvites
branch
from
5da36e2
to
2f594c6
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add private user invitation system. This system works like so:
Alice already has an account on Bloom
Alice generates a secret value and computes
add publishes this to the smart contract via
createInviteAlice shares the secret value with Bob out-of-band (not via the
blockchain).
Bob computes
sha3(secret + "/" + bobAddress)and calls the functionbeginAcceptInviteAfter 4 confirmations, Bob calls
at which point he should have an account
This system is designed to allow Alice to invite Bob without knowing his
Ethereum address. The secret makes sure that only he is able to claim
the invite. The separate
beginAcceptInviteandfinishAcceptInvitefunctions are to avoid an attacker replaying accepting an invite but
with their own account. They can't replay the
beginAcceptInvitefunction because the hashed value does not contain an address they
control. They could observe the
finishAcceptInvitecall and replayboth the begin and finish functions, but the contract requires that they
happen at least 5 blocks apart. This delay gives the person accepting
the invite a secure window of time where no one else can replay and
steal their invite.
There are still small risks that could come from user error that we should be able to avoid via the UI. For example, if I reveal the secret in a transaction that fails or is submitted with a really low gas price, then an attacker could possibly get their transaction in 5 blocks later if I don't get a successful transaction processed before that.