Solving the 'unknown stranger' problem

The ‘unknown stranger’ problem

This thread is about how UCS managed to solve the ‘unknown stranger’ problem. It basically says that you cannot trust a person you just met for the first time. It is a common problem in public key cryptography when trying to form a web of trust. In view of PGP so called key signing parties are intended to solve this problem by performing a public key authenticity check. During these keysigning parties users verify each other by checking their ID cards/passports.

In UCS the transaction receiver is identified by address string only. To avoid that other users claim to have the same address we hash the user’s account name with the PIN and the timestamp at the point of creation. This hash together with the stamp is the key file name and at the same time the address. Then a hash of the public key is being timestamped. The timestamp of the timestamping authority response must not be older than 120 seconds to acknowledge the created key. After this period (120 seconds after key creation) it is impossible for other users to pretend to have the same address.