Stealth Text Details (Whitepaper Rough Draft)
This isn't the final draft of the whitepaper, but I hope it answers some basic questions. Indeed, StealthText is the technology for "
anonymous SMS transactions".
The following text explains the illustration below.Let's imagine Bob wants to send 420 XST to Carol. Bob has set up his own pipeline or is a customer of an online wallet service that has provides a pipeline. Either is possible because anyone can set up his or her own pipeline.
Now, Bob is operating under some constraints today. He has his phone and can SMS, but for whatever reason has no access to his data services. But he needs his transaction to get to Carol securely and privately (anonymously). He can't afford for anyone to tamper with his transaction, like "flipping a bit" to change the amount, nor can he afford for an adversary, such as a competing business, to know the nature of his transaction with Carol.
Bob is in luck today, because he has installed StealthText on his phone. In his settings dialog, he has entered a secret passphrase (that could be a random string of characters), the phone number of his SMS forwarding service (like google voice), and a client ID, that is not essential but can be used for routing (in the screenshots, this is 1zrL2Jk, which is random for the sake of the example).
His wallet (whether on the cloud or in his computer at home) knows this secret passphrase and his PIN , which is the second part of StealthText's two-factor authentication. To make his transaction, he enters Carol's XST address ("SGVQhkwom..", the first S has been cut off in the screenshots) the amount (420 XST) and his PIN, which he shares with no one and has memorized. He then hits "Send" and confirms the transaction. StealthText then sends the anonymous, encrypted transaction through SMS where it enters the pipeline.
The SMS message with the anonymous transaction, is routed to Bob's SMS forwarding service (like google voice) which then turns it into an email that is sent to Bob's email account. If using google voice, this would be a gmail account. The mail is then handled by Bob's mail client (like Thunderbird) enabled with an addon that can send it to his file system, or in cases like OS X mail, send it directly to a simple message processor on his computer that turns it into a wallet command and sends it to his wallet. (We will provide the message processor for Thunderbird as an open source project).
The XST wallet (as of version 1.2.0.1) is enabled to recognize this this command and the anonymous, encrypted transaction. The wallet decrypts the transaction. Because the transaction is encrypted on Bob's phone but never decrypted until it hits his wallet, it remains secure and anonymous until the transaction is created inside the wallet.
As with all transactions, the wallet broadcasts Carlol's 420 XST to the TOR network, which ensures that Carol gets her funds securely and privately.
Note that StealthText has the following attributes:
AnonymousStealthText is anonymous because no one except for Bob can know the contents of the encrypted transaction while on transit to his wallet. Once there, it remains anonymous because StealthCoin uses the Tor network.
SecureStealthText uses AES encryption combined with GCM encrypted authentication. This means that a multitude of attacks which try to blindly manipulate the encrypted transaction to change it's value, destination, or otherwise corrupt it, will be detected by the wallet. In fact, the transaction will be rejected by the wallet if just one bit of one byte of the encrypted transaction is modified ("bit flip attack").
Moreover the wallet has safeguards against delayed transactions and "replay attacks". That is, once the wallet broadcasts the transaction, it will not accept the same transaction again. So, if an adversary intercepts the message and sends it numerous times to Bob's wallet, the wallet will not re-send the funds no matter how many replays the adversary attempts.
SMSStealthText does not rely on Bob's phone having data capabilities. This allows Bob to send funds anonymously and securely from any part of the world where SMS is available, or when his data services experience outage due to adversarial attack or natural causes.
DecentralizedAny person or servcie can establish their own pipeline. They only need the StealthText app and a StealthCoin wallet greater than or equal to version 1.2.0.1. Any SMS forwarding service can send the message to any media of delivery. Email is the most convenient for me, but it could also be http or any other protocol. For the proof-of-concept, I used google voice and gmail. The only glue in the entire chain is a program that can change an email with the message, for example, into a wallet command that looks like this:
StealthCoind decryptsend '1zrL2Jk,IDlf0wy....'
As mentioned above, we will provide the glue in the form of a message processor for the Thunderbird email client.
I hope this answers questions. I'm also looking forward to writing a more detailed whitepaper and to see it incarnate with the awesome graphics that I'm sure our designer will produce (I'll admit that my graphics are a bit primitive).
We will release the StealthText Android app as soon as we have some testers try it out. Our Android dev is on vacation in the Mediterranean region right now, so hopefully we can get ahold of him to put it up on google play. If not, we will simply release a bundle that can be installed manually fairly easily. In such a case, we'll put it on google play when he returns from vacation. Either way, it will be available to users within a day or so, after beta testing.
Also, we do plan an iOS version for iPhone users and soon after that we will port StealthText to platforms that are not considered "smartphones".
-- Hondo
