2018-04-03 22:14:01 +03:00
|
|
|
|
|
|
|
Mode of Interactions
|
|
|
|
====================
|
|
|
|
|
|
|
|
There's a variety of ways wallet software can be integrated with, from hardware
|
|
|
|
to automated bots to the more classic desktop wallets. No single implementation
|
|
|
|
can hope to accomodate all possible interactions, especially if it wants to
|
|
|
|
remain user friendly (who or whatever the user may be). With that in mind, Grin
|
|
|
|
needs to provide a healthy base for a more complete wallet ecosystem to
|
|
|
|
develop.
|
|
|
|
|
|
|
|
We propose to achieve this by implementing, as part of the "standard" wallet:
|
|
|
|
|
|
|
|
* A good set of APIs that are flexible enough for most cases.
|
|
|
|
* One or two default main mode of interaction.
|
|
|
|
|
|
|
|
While not being exhaustive, the different ways we can imagine wallet software
|
|
|
|
working with Grin are the following:
|
|
|
|
|
|
|
|
1. A receive-only online wallet server. This should have some well-known network
|
|
|
|
address that can be reached by a client. There should be a spending key kept
|
|
|
|
offline.
|
|
|
|
2. A fully offline interaction. The sender uses her wallet to dump a file that's
|
|
|
|
sent to the receiver in any practical way. The receiver builds upon that file,
|
|
|
|
sending it back to the sender. The sender finalizes the transaction and sends it
|
|
|
|
to a Grin node.
|
2018-04-03 23:15:12 +03:00
|
|
|
3. Fully online interaction through a non-trusted 3rd party. In this mode
|
|
|
|
receiver and sender both connect to a web server that facilitates the
|
|
|
|
interaction. Exchanges can be all be encrypted.
|
|
|
|
4. Hardware wallet. Similar to offline but the hardware wallet interacts with
|
2018-04-03 22:14:01 +03:00
|
|
|
a computer to produce required public keys and signatures.
|
2018-04-03 23:15:12 +03:00
|
|
|
5. Web wallet. A 3rd party runs the required software behind the scenes and
|
2018-04-03 22:14:01 +03:00
|
|
|
handles some of the key generation. This could be done in a custodial,
|
|
|
|
non-custodial and multisig fashion.
|
2018-04-03 23:15:12 +03:00
|
|
|
6. Fully programmatic. Similar to the online server, but both for receiving and
|
2018-04-03 22:14:01 +03:00
|
|
|
sending, most likely by an automated bot of some sorts.
|
|
|
|
|
|
|
|
As part of the Grin project, we will only consider the first 2 modes of
|
|
|
|
interaction. We hope that other projects and businesses will tackle other modes
|
|
|
|
and perhaps even create new ones we haven't considered.
|
|
|
|
|
|
|
|
Design Considerations
|
|
|
|
=====================
|
|
|
|
|
|
|
|
Lower-level APIs
|
|
|
|
----------------
|
|
|
|
|
|
|
|
Rust can easily be [reused by other languages](https://doc.rust-lang.org/1.2.0/book/rust-inside-other-languages.html)
|
|
|
|
like Ruby, Python or node.js, using standard FFI libraries. By providing APIs
|
|
|
|
to build and manipulate commitments, related bulletproofs and aggregate
|
|
|
|
signatures we can kill many birds with one stone:
|
|
|
|
|
|
|
|
* Make the job of wallet implementers easier. The underlying cryptographic
|
|
|
|
concepts can be quite complex.
|
|
|
|
* Make wallet implementations more secure. As we provide a higher level API,
|
|
|
|
there is less risk in misusing lower-level constructs.
|
|
|
|
* Provide some standardization in the way aggregations are done. There are
|
|
|
|
sometimes multiple ways to build a commitment or aggregate signatures or proofs
|
|
|
|
in a multiparty output.
|
|
|
|
* Provide more eyeballs and more security to the standard library. We need to
|
|
|
|
have the wallet APIs thoroughly reviewed regardless.
|
|
|
|
|
|
|
|
Receive-only Online Wallet
|
|
|
|
--------------------------
|
|
|
|
|
|
|
|
To be receive only we need an aggregation between a "hot" receiving key and an
|
|
|
|
offline spending key. To receive, only the receiving key should be required, to
|
|
|
|
spend both keys are needed.
|
|
|
|
|
|
|
|
This can work by forming a multi-party output (multisig) where only the public
|
|
|
|
part of the spending key is known to the receiving server. Practically a master
|
|
|
|
public key that can be derived similarly to Hierarchical Deterministic wallets
|
|
|
|
would provide the best security and privacy.
|
|
|
|
|
|
|
|
TODO figure out what's needed for the bulletproof. Maybe pre-compute multiple
|
|
|
|
of them for ranges of receiving amounts (i.e. 1-10 grins, 10-100 grins, etc).
|
|
|
|
|
|
|
|
Offline Wallet
|
|
|
|
--------------
|
|
|
|
|
|
|
|
This is likely the simplest to implement, with each interaction dumping its
|
|
|
|
intermediate values to a file and building off each other.
|