Use the ethereum blockchain to solve the man-in-the-middle problem.
One of the core technologies used in encryption are public & private key pairs. You use them everyday, even if you don’t know about it.
For example: Say you want to buy something online, and need to enter your credit card number. How can you be sure that your number is safely transmitted across the Internet such that ONLY the intended recipient can read the information? The answer relies on public/private key pairs. The online store generates 2 keys. The private key is kept secret on their server, and they don’t reveal it to anyone. The corresponding public key, however, is given out to everyone. |

One of the core technologies used in encryption are public & private key pairs. You use them everyday, even if you don’t know about it.
For example: Say you want to buy something online, and need to enter your credit card number. How can you be sure that your number is safely transmitted across the Internet such that ONLY the intended recipient can read the information?
The answer relies on public/private key pairs.
The online store generates 2 keys. The private key is kept secret on their server, and they don’t reveal it to anyone. The corresponding public key, however, is given out to everyone.
For example: Say you want to buy something online, and need to enter your credit card number. How can you be sure that your number is safely transmitted across the Internet such that ONLY the intended recipient can read the information?
The answer relies on public/private key pairs.
The online store generates 2 keys. The private key is kept secret on their server, and they don’t reveal it to anyone. The corresponding public key, however, is given out to everyone.
If data is encrypted using the public key, then ONLY the private key can be used to decrypt it.
If data is encrypted (signed) using the private key, then anyone with the public key can decrypt (verify) it. (Note that since everybody has the public key, this isn’t used to keep secrets, but rather to prove that the entity with the private key is actually the one who sent you this data.)
So sending your credit card information can be safe if you encrypt that information using the public key of the online store.
But wait ! How do you get the public key of the online store in the first place?
And this is where the man-in-the-middle attack comes into play. Here’s how it would work:
If data is encrypted (signed) using the private key, then anyone with the public key can decrypt (verify) it. (Note that since everybody has the public key, this isn’t used to keep secrets, but rather to prove that the entity with the private key is actually the one who sent you this data.)
So sending your credit card information can be safe if you encrypt that information using the public key of the online store.
But wait ! How do you get the public key of the online store in the first place?
And this is where the man-in-the-middle attack comes into play. Here’s how it would work:
The Man-in-the-Middle Attack
|

- You try to download the public key for OnlineStore.com.
- An evil man-in-the-middle (MITM) sends you a FAKE public key. (One that he has the private key for.)
- You encrypt your credit card information with the FAKE public key, and then send it out on the Internet.
- The MITM catches the information, and can now decrypt it.
- The MITM gets bonus points if he re-encrypts your information with the real public key, and sends it to OnlineStore.com for you. Because then you won’t even realize your credit card information was stolen !
Public Key Infrastructure
Of course, there’s a solution for this. And it’s already on your computer.
Public key infrastructure has been around for decades now, and works to keep your credit card information safe on the Internet. Here’s a brief overview of how it protects you everyday.
Problem solved ! With a caveat…
The caveat is that companies have to pay the CA to host their public keys. And this can be expensive. Hundreds or thousands of dollars. Which is OK for large online companies, but not OK for regular people.
Public key infrastructure has been around for decades now, and works to keep your credit card information safe on the Internet. Here’s a brief overview of how it protects you everyday.
- Your computer came pre-installed with the public keys for various Certificate Authorities (CA).
- You can ask a CA for the public key of OnlineStore.com.
- They will send it to you, and sign it using their private key.
- Since you already have the public key for the CA, you can verify that the CA sent it to you, and not an evil MITM.
Problem solved ! With a caveat…
The caveat is that companies have to pay the CA to host their public keys. And this can be expensive. Hundreds or thousands of dollars. Which is OK for large online companies, but not OK for regular people.
Blockchain to the Rescue
Bitcoin invented blockchain technology in 2009. And ever since then it has become a rapidly growing field in computer science. More recently Ethereum applied the idea of blockchains to computer code.
Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.
In other words, it's now possible to write a small computer program, and deploy that code to a network of thousands of computers. All the computers on the network have agreed to a protocol which states that the code cannot be modified in any way. If any computer attempts to modify the code, or execute the program in a way that differs from the code, those changes will be rejected by the network.
This is a paradigm shift in computing. In the past, trusted third parties were required to solve many tricky issues. Today, many of those tasks can be replaced by a distributed blockchain.
This is a paradigm shift in computing. In the past, trusted third parties were required to solve many tricky issues. Today, many of those tasks can be replaced by a distributed blockchain.
Our Smart Contract Helps Protect You
When you create your Storm4 account, the application (running on your machine) automatically creates a public/private key pair. The public key is automatically uploaded to our server. And we make it easy for other users to search for you (using the social identities you’ve added to your account), and easy for them to download your public key.
But now we’re back to the Man-in-the-Middle problem again.
If Alice is trying to download Bob’s public key, how can she be sure that it’s actually Bob’s public key ? For example, how can she be sure a hacker didn’t get into our servers, and replace Bob’s public key with a FAKE key ?
To solve this problem we wrote and deployed a smart contract (read: small program on ethereum network) that can be used to independently verify the public key of a user. Here's how it works:
But now we’re back to the Man-in-the-Middle problem again.
If Alice is trying to download Bob’s public key, how can she be sure that it’s actually Bob’s public key ? For example, how can she be sure a hacker didn’t get into our servers, and replace Bob’s public key with a FAKE key ?
To solve this problem we wrote and deployed a smart contract (read: small program on ethereum network) that can be used to independently verify the public key of a user. Here's how it works:
|

- When Bob becomes a customer, we store a proof of Bob's public key on the Ethereum blockchain using our smart contract.
- The contract code is written in such a way that Bob's information can be stored once (and only once), and never modified. And Ethereum ensures the code cannot ever be changed.
- Thus anyone can query the contract to discover Bob's information, which can then be used to cryptographically prove that Bob's public key has not been modified.
This means the public keys of users in our system are immutable, verifiable, auditable & tamper-proof.
Our smart contract is open source, and can be audited by anyone. For more technical information on how it works, see our blog post: How the Storm4 smart contract works.
Blockchain tech is just another way that Storm4 works to protect your privacy and your intellectual property.
Our smart contract is open source, and can be audited by anyone. For more technical information on how it works, see our blog post: How the Storm4 smart contract works.
Blockchain tech is just another way that Storm4 works to protect your privacy and your intellectual property.