Localethereum: A secure and reliable Ethereum trading platform

For Ethereum owners, a reliable trading platform is the most important carrier for buying and selling Ethereum. Localethereum is a P2P Ethereum trading platform, but unlike traditional exchanges, localethereum is just a platform that connects Ethereum buyers and sellers from all over the world.

In view of the security issues that buyers and sellers are most concerned about, when creating localethereum, the designers took some precautions in website security to ensure the security of users' accounts:

1. End-to-end information encryption

2. Forward confidentiality of information

3. Financial forward secrecy

Let's start with end-to-end message encryption (P2P message encryption). Every message sent through localethereum.com is encrypted end-to-end in the browser. No one - including the localethereum team - can read this information. To localethereum's servers, your messages look like a bunch of random, indistinguishable numbers. Once the key that encrypted the message is destroyed, the conversation is gone forever. Only when it is necessary to decrypt the keys of both parties, and one of the parties is willing (this is done in the event of a dispute), can our localethereum staff read the information.

Technical description: (Our protocol is heavily influenced by the signaling protocol of the Open Whisper System, a trusted open source standard supported by Edward Snowden and used by Whatsapp, Facebook, and Google Allo.) Each localethereum user pre-generates hundreds of signing key pairs when registering and sends them to the localethereum server. They are called "maker keys" and they allow people to securely initiate transactions, send secure messages, send ether messages, and install smart contracts on offline accounts while maintaining forward secrecy.

Purpose and benefits of using "maker keys":

• Complete end-to-end encryption - no one except the two parties can see the transaction information you send.

• Asynchronous method - when one party of the transaction is offline, information and ether can still be successfully sent to the other party.

• Authentication - Each prekey is signed with the identity key of its owner, so you can tell the identity of the person you are talking to.

• Forward secrecy - forward secrecy of information. Once the key used to encrypt a message is destroyed, the previous conversation is gone forever, but you can still continue to talk to it.

• Simple dispute resolution - When either party to a transaction submits a complaint, our staff will review the records of both parties based on the key they shared.

For example, Alice publishes transaction information on localethereum

1. A 256-bit secp256k1 public-private key pair will be securely generated in her browser (MakerKeyprivate and MakerKeypublic).

2. Alice will then use her account’s identity key (MakerKeysignature) to ECDSA sign the SHA3 (MakerKeypublic).

3. MakerKeyprivate and MakerKeypublic are submitted to localethereum's servers for safekeeping. The private keys are securely encrypted using AES-256 and stored online (at least for now).

4. (Repeat 100 times)

Replaying the above steps, Alice will generate and sign (with her identity private key) hundreds of Ethereum addresses.

When Bob sees the transaction information published by Alice and is interested in one of the transactions, he will obtain a pre-key signed by Alice and an Ethereum address signed by Alice from localethereum. Localethereum will provide him with Alice's next "unused" maker key (MakerKeypublic) and Ethereum address (and will not show the same key or address to others).

Once Bob verifies both signatures to Alice’s public key, he can be sure that both the key and the Ethereum address belong to her. At this point, Bob can send Ether or encrypted information to Alice—but for many reasons, this process is not simple (but at this point, Alice cannot actively send forward-secret information to Bob, or verify the Ethereum address signed by Bob, and there is no mechanism to resolve disputes at this time).

At this stage, Bob did three things:

1. He continues to talk to Alice and generates his own new one-time secp256k1 key pair (TakerKeyprivate and TakerKeypublic).

2. He obtains a wallet address of his own (TakerAddress).

3. Bob signs the SHA3(MakerKeypublic + MakerAddressaddress + TakerKeypublic + TakerAddress) with his identity key (TradeSignature) and ties everything together to prove his new taker key, Ethereum address and commitment to this transaction.

Now he has all the necessary conditions to trade with Alice. He can send his transaction signature, transaction public key and transaction address to Alice through localethereum, and Alice can check whether his signature is valid after going online.

For secure messaging, both parties share a secret key using an anonymous protocol. The way it works is through an asynchronous key exchange protocol called Elliptic Curve Decryption (ECDH), which allows Alice and Bob to use the private key of one party and the public key of the other party to get the same shared secret key.

The advantage of the ECDH algorithm is that the two parties can negotiate a key without sharing any secrets, that is, ECDH(MakerKeypublic, TakerKeyprivate)= ECDH(TakerKeypublic, MakerKeyprivate). Using this equation, SharedSecretroot uses the HKDF algorithm to generate more secure keys (using SharedSecrettenc to encrypt AES-256 and using SharedSecretmac to confirm HMAC-SHA256) - to prevent unnecessary potential interactions between different encryption schemes.

When sending messages to each other in a transaction, Alice and Bob encrypt the message using AES256-CBC and encrypt it with a random IV. To verify the identity, each message is signed with the user's identity. Finally, the HMAC-SHA256 of each encrypted message is verified using SharedSecretmac for further authentication and integrity checks.

In the event of a dispute over a transaction, either party can provide the SharedSecretroot to localethereum staff. This will allow us to view the transaction and inspect the contents of the messages, but it will not give us access to your wallet or the power to decrypt anything else.

The above is the security guarantee that localethereum provides to users. For more information, please join the QQ group: 783740442.

This article is for commercial promotion only and does not represent the position of Wabi.com. Cryptocurrency is a high-risk industry. Please invest with caution. We are not responsible for any losses!