The Blockchain Handshake: Trustless Key Exchange

Before two Z-Text users can exchange messages, they must complete a "handshake" -- a cryptographic protocol that establishes a shared encryption key. This article explains how it works and why it matters for security.

Why a Handshake?

In traditional encrypted messengers, a central server mediates key exchange. When you message someone on Signal, their server facilitates the initial key agreement. This works well but introduces a trust dependency -- you trust the server to deliver the correct keys.

Z-Text has no servers. The handshake is performed entirely through blockchain transactions, making it trustless and verifiable. No intermediary can tamper with or observe the key exchange.

The Protocol

The Z-Text handshake follows a modified Diffie-Hellman key exchange protocol, adapted for blockchain-based delivery:

Step 1: Initiation

Alice wants to message Bob. She knows Bob's z-address. Alice's app generates an ephemeral key pair and creates a shielded transaction to Bob's z-address. The transaction memo contains Alice's ephemeral public key and her z-address.

Because this is a shielded transaction, no one observing the blockchain can see that Alice sent anything to Bob, or what the memo contains.

Step 2: Detection

When Bob syncs his wallet, his app detects the incoming transaction and reads the memo. It recognizes this as a handshake request because of a specific protocol marker in the memo format.

Bob's app displays the handshake request with Alice's z-address, prompting him to accept or decline.

Step 3: Response

If Bob accepts, his app generates its own ephemeral key pair and sends a response transaction back to Alice's z-address. The memo contains Bob's ephemeral public key.

Step 4: Key Derivation

Both Alice and Bob now have each other's ephemeral public keys. Each independently computes the shared secret using Elliptic Curve Diffie-Hellman (ECDH). The mathematical properties of ECDH guarantee that both sides arrive at the same shared secret without it ever being transmitted.

This shared secret is then used as the basis for deriving symmetric encryption keys for all future messages between Alice and Bob.

Security Properties

The blockchain handshake provides several important security properties:

• Confidentiality: The key exchange is hidden inside shielded transactions, invisible to observers
• Integrity: The blockchain's proof-of-work ensures transactions cannot be tampered with
• Authenticity: Only the holder of the z-address private key can create the handshake response
• No MITM: Without a central server, there is no intermediary who could substitute keys

Comparison to Signal Protocol

The Signal Protocol uses a central server to store and deliver pre-keys. While this enables asynchronous key exchange (you can message someone who is offline), it requires trusting Signal's servers to deliver correct keys.

Z-Text's blockchain handshake is also asynchronous (Bob doesn't need to be online when Alice sends the request), but the delivery mechanism is the decentralized blockchain rather than a corporate server. Handshake steps are detected via G-stream mempool push, completing in seconds per step, and the trust model is fundamentally stronger.

Practical Considerations

The handshake typically completes within seconds per step via G-stream mempool push. Each step requires a small BTCZ transaction fee. Once established, the shared key is stored locally and does not need to be renewed -- all future messages between the two contacts use the same key.

If a contact is removed and re-added, a new handshake must be performed, generating a completely new shared secret.