Invoices Against Wallet Forging

Each Zold transaction requires an invoice. This may sound a bit confusing, since most other cryptocurrencies don’t have such a thing. Here is a quick explaination of invoices: what they are for, how they improve security, and why they usually are not visible during payments making.

As you know from the White Paper, each Zold transaction consists of a few data fields, like ID, time, amount, beneficiary and details. Transactions stay together in wallets, which are plain text files. For example, here is the wallet 00000000000ff1ce and this is one of its transactions:

0013;2018-07-27T07:36:12Z;ffffb1e000000000;HiG8USrC;17737fee5b825835;funded

Here, 0013 is the ID, 2018-07-27T07:36:12Z is the ISO-8601 date and time, ffffb1e000000000 is the amount in hexadecimal 16-bytes format (-20000.00ZLD), 17737fee5b825835 is the beneficiary’s wallet ID and funded is the transaction details.

What is HiG8USrC? It is an invoice.

Technically, it is a short text clip, taken from the public RSA key of the beneficiary’s wallet. Here is the full public RSA key of that wallet. If you look closer, you will find HiG8USrC inside it.

Thus, each payment embeds a piece of the public RSA key of the receiving wallet. It’s a random piece, of 8-32 characters length. In order to generate it, you can just run invoice command from the command line:

$ zold invoice 17737fee5b825835
A7vJrarq@17737fee5b825835

Every time you run it, the invoice will be different and you can specify its length:

$ zold invoice --length=12 17737fee5b825835
heQtNWX5SiXA@17737fee5b825835

Every time a new random piece is taken from the wallet’s public RSA key.

What is the point of that? It’s for extra security. If one day, for some reason, the beneficiary’s wallet disappears from the network, a phisher may create a wallet with the same ID and push it to the network, with an attempt to collect all payments previously sent to the wallet.

Thanks to invoices, this won’t be possible, since the phisher won’t be able to create a public RSA key that will contain all “invoice” texts in it. The longer the invoice, the stronger the protection.

When you send a payment with pay command, an invoice is generated automatically. You don’t need to worry about it. But you have to understand what’s happening behind the scene: each payment has its own unique invoice.

Well, invoices may be reused, but it’s recommended to have a new invoice for each new payment you make. Theoretically, there are 385 possible invoices in each wallet, since the length of the public key is 393 characters and the standard length of the invoice is 8 characters.