A lightweight web wallet for Zcash

Hi everyone,

@fireice_uk and I have just submitted a proposal to build a lightweight web wallet for Zcash. A web wallet would be a great addition to the ecosystem and a user-friendly approach to low value / high frequency transactions such as receiving mining payouts, sending and receiving tips, and more.

Our proposal has just been approved for public discussion - here is a link to the grant proposal with all the details.

6 Likes

Zecwallet built a full implementation of this last year. You can find all the code and instructions here:

I’ll only comment on the technical aspects of this:

  • The web version of the lightwallet was live for about 6 months, but was deprecated after that. Primarily because (1) no one was using it and (2) It was slow.
  • I surveyed people who tried it out, and the main feedback was that
    1. They’d rather use the desktop app or the mobile app, and they didn’t “trust the web browser to keep my private transactions private”.
    2. They were also very hesitant to keep their wallets in the web browser or enter their seed phrases into the browser.
  • The second factor was that it was very slow. The WASM sync is excruciatingly slow because
    1. WASM is inherently slower than running native code
    2. WASM is single threaded, so it is not very efficient. This is particularly visible when constructing the zkproof for outgoing transactions, which was very very slow in the browser or WASM.
    3. WASM doesn’t have access to the network, so it has to jump context to Javascript to fetch blocks, transactions, memos etc…, and the context switch adds a lot of latency
    4. The browser doesn’t support gRPC streaming, so it has to use HTTP/JSON to fetch blocks, which adds another layer of latency.

Note that this was 6 months ago, so things might have changed now. At the time, there was no obvious way to overcome these limitations and the desktop/mobile wallets seemed to be working fine, so I ended up deprecating it.

10 Likes

Hi @adityapk00 - thank you for your feedback! Wanted to share a few thoughts we have in response.

As to demand for a web wallet, we appreciate your user conversations. Our interest in the project came, in part, from the web wallets that already exist for other currencies. Two examples:

  1. https://wallet.mymonero.com

  2. Ryo Wallet Quasar

The existence of these web wallets for other coins makes us think that having a similar option available for Zcash would be an overall plus for the ecosystem, and implies a general demand. In addition, I think there is messaging that can be communicated to the people through the user experience to address concerns.

To your second point on the speed factor, especially as it pertains to the WASM engine: we believe that we can build an engine that performs well. To your specific point on thread support, we do think that WASM now supports multi-threading. Please check out this article for more details:

To your more general point of WASM vs. native code, please see this discussion:

A key quote here: “Of course, when running through JavaScript performance still takes a bit of a toll, but it’s not that bad. The miner installed on CreativeApplications.Net uses WebAssembly and runs with about 65% of the performance of a native Miner.”

@fireice_uk has found that number to be generally correct in his experience.

To your points about network access - we feel that those are factors where the chief limiting factor ends up being bandwidth, and not latency capped. On the Rx side, we can set batch size to the most optimal value, thus minimizing latency. On the Tx side, only a few KB of transaction data is set, which should be a negligible hurdle.

Of course sharing article links is one thing, and the true proof would be in the code itself. That’s why we have our initial performance tests in our second milestone - so that we can see real numbers around how our approach performs early in the project.

Hope these points have been helpful - looking forward to continuing the conversation.

@adityapk00 concerns are well-founded. I think a proof of concept is in order before M2. It should alleviate any potential issue regarding WASM performance, especially during the zksnark creation.
What are your project performance targets/requirements?

5 Likes

In addition to the proof of concept, I think validating demand is also in order, especially given the Zecwallet team’s experience. Would it be possible to do this? How would you go about validating demand - perhaps by surveying the builders/users of mymonero and ryo wallet (maybe we can help)?

(Note: the zomg has not yet formally discussed this proposal; these are my personal thoughts only.)

2 Likes

Personally I think having a web-based wallet with shielded support would be useful. It can also mean that we can have metamask-style extension wallet with shielded zcash.

Imagine loggin into an app with your shielded wallet. People might know your address on the dapp but not necessarily what’s stored in the address. That would be a really cool use case especially if ECC decides to develop UDA.

2 Likes

Hi all,

Thanks again for your feedback. These are all important points and we had a bit of a discussion on the best way to address your concerns.

Performance Concerns

On the performance side, we would like to propose some benchmarks to get some real numbers early in the project.

Specifically - in Milestone 1 we propose delivering a hosted, timed benchmark page that demonstrates generation times of a zk-proof in our WASM engine. Anyone would be able to visit the test page and get benchmark numbers for their device. We will target 10 second or less timing on this test for desktops.

Demand Concerns

We are open to community input on the best way to establish this. It may be challenging to get hard user data from wallet teams in competing ecosystems.

The almost ubiquitous existence of web wallets for other major coins continues to be a strong data point for us. A few more examples:

We feel that if we create a Zcash web wallet with great performance and an intuitive user experience users will love it.

Again, thank you for your attention and feedback to our proposal.

3 Likes

In my experience, web wallets are fine as a one-off use case, but I’ve given up the idea of ever recommending anyone to use a web wallet as it attracts scammers setting up similar sites and newbies losing their coin.

I like @tokidoki suggestion of looking in to a browser plugin as a wallet.

3 Likes

In general I’m not a fan of web wallets due to privacy, phishing, etc… but I do see a use case for simple ease of onboarding new users. How confident are you that you and @fireice_uk can overcome the performance hurdles mentioned above?

Also I am intrigued by the idea posted by @tokidoki . When/if UDAs come online having a easy to use browser plugin that can function like metamask could be a real game changer. Do you think that is a job your team could tackle?

2 Likes

I don’t think that itself should be the reason for not funding web wallets. Just like lightclient wallets, web client would have to make some tradeoffs if any. Phishing is a concern but there are many web wallets that people already use. We should recommend users to not store large ZEC in web wallets or mobile wallets.

1 Like

agree


You’ll be surprised to learn about the security chips shipping with today’s smartphones making them on par or even better than storing coin on a desktop wallet as long as the users are not running a modified OS. Either way, mobile wallets can’t beat hardware wallet or paper wallet which have limited or no UI, thereby limiting the attack vectors.

Hi everyone - thanks for the continued feedback. I think our inclination at this moment is to see how the committee feels about our initial web wallet concept. I know there is a lot of difference of opinion around the web wallet concept in general as it relates to phishing / single use / etc. Once a decision on that is made, I know I’d certainly be interested in exploring a Metamask / Temple / etc type scenario for this ecosystem if there is community interest.

I think Aditya’s experience providing a webwallet is really helpful and should guide us.

Zecwallet is the most popular wallet and very visible in the community, so I think it’s a valid test of demand.

I agree with ml_sudo that validating demand is really important here. And I hope this isn’t seen as a barrier or a lack of confidence in @elliotblanchard or @fireice_uk.

@elliotblanchard it would be a huge bummer for both of you if you did all this work and didn’t see any more uptake than Aditya did. (And your skills and excitement can go towards some other project if we have a reason to think this one won’t work.)

Looking at the comparable project in the Monero space, do we have any clear indication that it’s getting much use? For example, in order to receive Monero I’m prompted to download the app:

So it seems more like a web-based user acquisition / onboarding flow for the “real” desktop wallet than anything else. Am I missing something here or do others have this impression?

And in the ETH example given above, users are urged to download an app and not use a web wallet: MyEtherWallet | MEW

Given Zecwallet’s experience showing a lack of demand, neither of these examples seem strong enough to disprove that. If anything they confirm it.

Perhaps we could size this proposal down to a minimal proof of concept, working with some initial group of users who really want a web wallet and will use it frequently if you build them something?

Or perhaps it could be to re-deploy Zecwallet’s existing work on this, market that, and expand it if there’s a decent amount of usage?

3 Likes

Quick update from us. We’re certainly interested in pursuing a Metamask style browser extension if the community does not want to proceed with the web wallet. We would need to do some additional research to update our proposal, but are totally open to that.

8 Likes

Hi @elliotblanchard and @fireice_uk , thanks again for this proposal.

This week ZOMG met to discuss several proposals including yours. The overall feedback for a web-based wallet was lukewarm due to challenges that have been brought up by Adityas previous implementation and general issues surrounding the security of web based wallets.

However, the ZOMG was pretty much unanimous with thier support for a MetaMask style browser plugin. This could be something that would initially just support sending/receiving funds but could be added onto in the future when/if zcash UDAs/ZRC-20 style tokens are added to Zcash. In short it could be a good way to start building a foundation to be built upon.

Please take your time and research as to your desire/ability to pivot to this kind of work and let us know what you think.

5 Likes

this may be relevant

2 Likes

So is it a rejection?

I don’t think community is against it. Having more options is better than not having web wallet even if there are 100-1000 users.

Here’s the poll, hands up or down for minimal & secure Zcash webwallet?:

Zcash webwallet
  • Yes
  • No

0 voters

1 Like

Huge +1 to this.