NotesIdentity spoofing

Identity spoofing

An actor is identified through the SHA-256 hash of its public key object. For the reasons stated below, this ensures that actor hashes are almost certainly unique, and cannot be spoofed.

Probability of choosing the same actor hash

An actor generates an RSA key pair consisting of a private key and a public key. For such a cryptographic scheme to be secure, a huge number of key pairs must exist. Otherwise, an attacker could break the scheme by enumerating all key pairs (brute force attack). Hence, users will almost certainly generate different key pairs.

If all key pairs have different public keys, users will almost certainly have different actor hashes.

One could imagine a strong cryptographic scheme in which some key pairs have different private keys, but share the same public key. Inevitably, any of the private keys could decrypt the message encrypted using the public key. Such a scheme is strong only if a huge number of public keys exist, so that users are likely to have different public keys. This, in turn, ensures that actor hashes are almost certainly unique.

Malicious spoofing

To spoof an actor hash, an attacker would have to come up with a valid key pair of which the SHA-256 hash of the public key yields the actor hash to be spoofed. To do this, he must either break the SHA-256 hash function to find a colliding public key, or break the asymmetric cryptography scheme by finding the private key corresponding to the public key of the account. Both are believed to be hard.