Context
We plan to integrate Zcash to AirGap cold wallet solution enabling both shielded and non-shielded Zcash transactions. With AirGap users will be able to turn their spare device into a cold wallet. With AirGap’s additional security features, Zcash users can get a full-fledged secure, truly air-gapped cold wallet setup at home.
Detailed proposal - GitHub
Project Summary
AirGap is an open-source, air-gapped wallet solution with a unique two-app approach: AirGap Vault for offline transaction signing and AirGap Wallet for transaction creation and management. This setup transforms any spare smartphone into a secure cold wallet, offering robust security without the need for dedicated hardware.
Project Description
AirGap is a self-custody open source cold wallet that transforms any spare smartphone into an air-gapped cold wallet, providing maximum security without the need for dedicated hardware wallets. It consists of two applications:
- AirGap Vault (offline) – Stores private keys completely offline and signs transactions securely via QR codes, preventing any exposure to online threats.
- AirGap Wallet (online) – Manages balances, initiates transactions, and interacts with dApps, ensuring a seamless user experience.
But why us?
True Randomness for Seed Generation – Unlike traditional wallets that rely on a device’s RNG (which can be manipulated), AirGap supports dice roll and coin flip entropy to generate seed phrases, ensuring verifiable, human-generated randomness for maximum security.
Totally Air-gapped Security – AirGap Vault operates without Bluetooth, USB cables, Wi-Fi, or NFC, making it 100% offline, eliminating any potential attack vector from connected devices.
Advanced Security features - AirGap includes BIP-39 passphrase protection, BIP-85 deterministic seed derivation, and social recovery, allowing users to add extra layers of security and flexibility to their wallets.
Experience with shielded protocols: Our team did implement shielded Sapling transactions for Tezos in AirGap Wallet. We have the skills, experience and knowledge to tackle this integration.
AirGap Presentation - General pitch deck.pdf
Proposed Problem
Zcash currently faces multiple challenges related to secure wallet storage and accessibility:
- Limited Hardware Wallet Options: Zcash users only have Trezor as a hardware wallet option. However, Trezor is not available in all regions, limiting its adoption.
- Supply Chain Vulnerabilities: Hardware wallets like Trezor are susceptible to supply chain attacks, where compromised devices can be tampered with before reaching the end user.
- Lack of Universally Accessible Cold Storage: Many users cannot access secure cold storage solutions due to geographic or financial barriers.
- Absence of User-Generated Entropy: Current Zcash wallets rely entirely on hardware-generated RNG (Random Number Generator) chips, which can be a single point of failure. They do not incorporate user-generated entropy, such as dice rolls or coin flips, which enhance randomness and security.
- Connectivity Risks in Existing Wallets: Most wallets rely on USB or Bluetooth connections, which can introduce attack vectors. A fully air-gapped solution would eliminate this risk.
Proposed Solution
AirGap provides a highly secure, universally accessible, and open-source alternative to traditional hardware wallets for Zcash users. It addresses the identified challenges through the following solutions:
1. Expanding Access to Secure Cold Storage
- Hardware Wallet Alternative: AirGap enables users to turn any spare smartphone into a cold wallet, removing reliance on proprietary hardware like Trezor.
- No Geographic Restrictions: Unlike Trezor, which is not available everywhere, AirGap is accessible globally to anyone with a smartphone.
- Cost-Effective Security: Users don’t need to invest in expensive dedicated hardware. Any old phone can be repurposed as an offline, air-gapped wallet.
2. Fully Air-Gapped Security Model
- No USB, Bluetooth, or NFC Connectivity: AirGap Vault (the signing app) never connects to the internet, reducing the risk of remote attacks.
- QR Code-Based Transaction Signing: Transactions are created on AirGap Wallet (online device) and signed on AirGap Vault (offline device) using QR codes—eliminating online attack surfaces.
- Mitigation of Supply Chain Attacks: Since users use their own smartphones, there’s no risk of pre-installed malware or tampered hardware during shipping.
3. Advanced Security Features for Zcash Users
- User-Collected Entropy: AirGap allows users to generate their private keys using dice rolls and coin flips, adding an extra layer of randomness beyond traditional RNG chips. This ensures greater unpredictability and protects against potential vulnerabilities in hardware-generated randomness.
Multi-Layered Encryption: AirGap employs advanced cryptographic techniques to secure private keys, ensuring they remain protected even in case of device compromise.
4. Open-Source, Transparent Security
- Community Auditable Code: AirGap is fully open-source, allowing independent audits and ensuring there are no hidden backdoors.
- Trustless Verification: Users can verify the security of the application code themselves, unlike proprietary hardware wallets where firmware updates may introduce unknown vulnerabilities.
Software Deliverables
AirGap Coin Library (Open-Source SDK - TypeScript)
- Enables Zcash integration for any developer via an open-source library.
- Handles address derivation, transaction encoding, and signing.
- Available on GitHub under MIT License for community contributions.
- Support for Shielded and Transparent transaction signing
ZCash support in AirGap Vault (Mobile App - Offline, Cold Storage)
- Securely stores Zcash private keys on an offline device.
- Signs Zcash transactions via QR code-based air-gapped communication.
- Supports manual entropy generation (dice rolls, coin flips) for enhanced security.
- Updates Available on iOS, Android and GitHub.
AirGap Wallet (Mobile App - Online, Transaction Creation & Management)
- Allows users to create and broadcast Zcash transactions. Support for both Shielded and Transparent transaction signing.
- Provides transaction history, address management.
- Updates Available on iOS, Android and GitHub.
Detailed proposal - GitHub