Keystone Hardware Wallet Support Grant Application

I was originally against filtering while the sandblasting was ongoing, because I thought it had too high a risk of false positives. We also observed that the filtering done by YWallet was in practice catching some false-positive transactions that we knew were not spam. It is slightly different to apply filtering retrospectively to a known span of time in which the sandblasting adversary can be observed with careful analysis to have been using particular strategies.

(Also, speaking frankly, if the engineers had had our way then ZIP 317 would have been deployed much earlier and the sandblasting would have been stopped earlier. I wasn’t anticipating that its deployment would be obstructed by then-ECC-management for so long, and that fed into why I originally thought filtering wouldn’t be needed.)

Yes, but that’s a privacy risk, not a spend authority risk (assuming the user thoroughly checks the transaction as displayed on the Keystone wallet). And if a user is transferring the QR video via a secure messaging app that they were relying on anyway for privacy of metadata around the payment, that seems like a reasonable choice they could make.

How do you get the file to the hardware wallet? If it’s a video then you can just play it to the wallet’s camera. Otherwise you need USB or Bluetooth which is extra attack surface (and not supported by Keystone). Note that a “video” could be an animated WebP file, which is widely supported and would be only a fairly small constant factor larger than the PCZT it encodes — small enough to be practical at current typical mobile data bandwidth, anyway. Also note that the grant includes specifying a PCZT format, so you can use that directly if you have software on a device physically close to the Keystone wallet that you can use to “play” it. Encoding it as a video is for the case where you don’t (i.e. you only have a device with a web browser or video player, and a camera for the other direction).

[Edit, since Discourse won’t let me make more than three posts in a row ]

I did an experiment, and this stands up: the “fairly small constant factor” is about 20.4 (edit: or 11.6 when using BC-UR with optimal parameters), which is fine for likely PCZT sizes and data connections.

How big is a WebP of an animated QR code, relative to the original file?

For this experiment we’ll use the TXQR format, and gif2webp from the libwebp library. We use a random file to simulate data that is not further compressible.

[Comprehensive instructions on how to reproduce this result.]

Conclusion

For an incompressible input file of 10000 bytes, a WebP-encoded TXQR is roughly 20.4 times larger than the original file. This does not change very much across input sizes. Using WebP saves a factor of ~5 relative to animated GIF.

Example resulting animated GIF (Discourse doesn’t allow WebP, but they look identical in a browser). This is not optimized for frame rate, size etc.:

Further edit: The format that Keystone actually uses is BC-UR, which is widely adopted in the Bitcoin world. A WebP-encoded BC-UR can be roughly 11.6 times larger than the original file if the max_fragment_size parameter is chosen optimally.

Outstanding! Looks like a on radar, love it!

Is this how tamagotchis are born?

How do you plan of getting this work done so fast compared to Ledger and Trezor, both of whom have not lived up to their marks?

I mean, is it already made?

We could make a deal. If they make it on time, they get 10% more. If it’s delayed, 10% less.

I’m kidding @Lixin, I feel confident you can deliver on time.

TBH I can’t 100% promise for the delivery date.

But we are not doing this from scratch -

1. My first call with @joshs was Jul 18th and our engineer started some research since then.
2. We setup our Slack channel with @joshs and other engineers on July 23rd (sorry can’t provide a link as a proof). And we have technical discussion back-and-forth asynchronously based on our own research.
3. We had a more focused technical call with @joshs @daira @str4d and other folks from ECC team on Aug 5th.

And this is also the reason @daira @str4d is answering technical questions above (kudos to @daira @str4d and the whole ECC team which is super helpful).

With the early research and communication mentioned above, we are kind of confident that we can deliver this before the end of October. So we put this date in the application. But again, we will do our best and this is not a guarantee.

Also please kindly note that the final delivery date of this integration also depends on

1. when this grant is approved.
2. how long it takes for Zashi team to finish the integration on their end.

Thanks we will do our best.

DM sent to @ZcashGrants and please kindly take a look. Thanks!

@Lixin at the most recent meeting, the @ZcashGrants Committee voted to conditionally approve this proposal with the stipulation that Least Authority review the SDK and address concerns before final payout. ZCG has requested that you provide monthly updates via the forum in this thread.

Just to confirm - Least Authority is a security auditing firm, correct?
If so, who would pay them to do the review? ZCG?

For sure. We will do this even if you don’t ask us to, as we are taking a build-in-public approach for our work.

Hi @Lixin - Yes, Least Authority is a security auditing firm that is fulfilling a ZCG funded role as the Zcash Ecosystem Security Lead. See their monthly updates here.

@Liz315 can help facilitate with information about the auditing process and scoping that work. Least Authority is also available for consultation sessions related to your project if needed.

Thanks @wobbzz !

Hi @Lixin - Feel free to reach out with questions anytime. When convenient, it would be great for us to learn more about the scope and timeline so we can meet any necessary deadlines. You can send details to us or we can schedule a call to discuss it all.

Thanks so much for your explanation!

Nice! This is a nice template to give update on our end too. Thanks @Liz315

Hey @Liz315 nice to e-mmet you here! And we are excited for our coming collaboration!

Do you mind joining our Slack channel with ECC team? So that they can be also synced with the collaboration between us and they may potentially have some comments too.

If so, would you DM me your email for Slack?

Hey Zcash Fams,

Here is our weekly update -

• Our dev mainly focused on researching some official Rust libraries (GitHub - zcash/librustzcash: Rust-language assets for Zcash).
• On the other hand, our dev set up a wallet with the command-line wallet provided by ECC team, with which we are going to make a demo for the integration to speed up the final integration with Zashi.
• Currently, our dev is working on wallet address verification, which involves trying to generate a Zcash address using the same mnemonic in our codebase and checking if it matches the one generated by the software wallet.

Please kindly note that we received the confirmation email on Thursday and we only spent 2 days on the work mentioned above. Thanks!

Happy weekend to y’all!!!

You guys are awesome Lixin. So thankful to have folks like you in the hardware industry making an effort for this. Ledger has been a nightmare they are so slow and out of touch. It would be very impressive if we got shielded support on Keystone before Ledger…

If Keystone releases their shielded app before Ledger, I will buy at least 2 Keystone wallets. I already planned to buy a Ledger Flex or Stax, but I think Keystone 3 Pro is better suited for me.

I think you meant to say that it would be impressive if we got shielded support on Ledger before we get it on Keystone. You know, realistically.

I’d definitely be interested in a zebra striped Keystone. wen pre-order?