kilrau
commented
6 years ago xud enables two levels of signing/encrypting:
- Sign only: Sign all order packets, peer verifies authenticity with my public key
- Sign & encrypt: Sign & encrypt order to verify authenticity and encrypt orders with clients
nodePubKeyto ensure order info can only be decrypted by white-listed peers
Notes:
1. is the default and signs all orders via ECDSA with the xud's private key. This ensures that the xuds nodePubKey carried in the order's invoice is the actual pubKey of the xud sending the invoice. We decided to place the nodePubKey directly in the invoice description field for a faster processing, since this avoids a payment hash vs. nodePubKey lookup for each incoming new order. This mode prevents xud's pretending to be someone else and knowing the actual issuer of an order is important for e.g. the incentive & punishing mechanism to work. This mode connects to all available peers and is suitable for exchanges located in jurisdictions without a strict legal framework for digital assets.
To be discussed @sangaman @moshababo : it could be enough to just verify the nodePubKey on handshake (https://github.com/ExchangeUnion/xud/issues/341) and not sign and verify every packet. This would increase processing speed.
2. is optional, can be enabled in the config. Additionally to everything 1. does, xud encrypts orders with the public key of each white-listed peer. This mode is more resource intensive and requires maintaining a white-list of peers. It is suitable for exchanges located in jurisdictions with a strict legal framework and ensures that order information can only be received and processed by white-listed trading partners, e.g. other licensed exchanges.
This issue is about implementing Mode 2.
moshababo
Decide which encryption schemes we want to apply.