[Question] Are XDR transaction envelopes tamper proof?

Lord-Samuel

I would like to know if it is safe to share transaction evelopes in xdr format for multi sig accounts, is it safe from a man in the middle attack? Lets suppose user A creates a transaction object and adds it to the transaction envelope and than sign that transaction, after that he signs it and send the xdr to user B so that user B can sign it an then send it to the network, cant a man in the middle intercept the xdr and replace the transaction object with his own and then send it to User B like nothing happened? or even extract user A secret key from the xdr? thanks in advance

dzham

Lord-Samuel

If the MITM changes the transaction, then A's signature isn't valid anymore since it signs for something completely different.

B is safe as long as he/she only signs a partially signed transaction envelope where the existing signatures validate.

MisterTicot

Asymmetric cryptography rely on two numbers: the public key & the private key.

In this case, the private key is used to sign a piece of data (the hash of the transaction). The Public key allow to check that the signature is legit - and it is also used as the account number.

Both public key & signatures can be shared publicly. The computing power required to find back the private key from those data is so high that we generally consider that nobody will have the technology before around 20 years.

This is what makes blockchains reliable. So:

An attacker can't find your private key from the transaction envelope.
If an attacker changes the transaction object, the signature will become invalid (hash changes) and it won't get validated on the network.

Stellar Authenticator & Cosmic Links can be used to share partially signed transaction as URLs, just like you described in your question.

Lord-Samuel

MisterTicot thanks for the explanation

Crypt0Pro

MisterTicot Thanks for the comprehensive answer.

Lord-Samuel

dzham thank you for the explanation