Developing a Steem hardware wallet application on BOLOS [Proposal]

avatar
(Edited)

steemwalletproposalthumbnail.png

Introduction

Hardware wallets are one of the most well-known ways to securely store your crypto assets, where transactions are signed securely on the device, and the private keys never leaves the device which is never connected to the internet. As there are many reported cases where people lost their coins for various reasons (malware, exchange hacks etc.), people in the crypto world have been promoting the use of such wallets to securely store crypto assets.

I was researching on a Steem supported hardware wallet, and discovered that there are no hardware wallets that officially supports STEEM. There was an attempt to add support for STEEM on Trezor 3 years ago, however it never got officially supported (and it will probably never unless STEEM becomes a top 30 coin, as outlined in their listing policies here).

I have found that Ledger hardware wallets are the most developer and open source friendly, therefore I bought a Nano S (here), with the main purpose of developing a Steem hardware wallet app on BOLOS, the operating system used by Ledger hardware wallets.

Proposal funding details

Funding period: 1 October 2019 to 31 December 2019 (91 days)
Funding requested: 50 SBD daily (totaling 4,550 SBD)

Funding allocation

70% of the received funding (3,185 SBD maximum) will be used to fund the development of the hardware wallet application itself, which may include:

  • Cost of purchasing test devices (I may need a Nano X for further testing as I do not currently own one)
  • Rewarding code contributions to the project (as @utopian-io vanished from Steem, therefore SPS funding is now an alternative source of dev funding)
  • Hundreds of hours spent on writing code, debugging etc.

30% of the received funding (1,365 SBD maximum) will be used to incentivize community contributions (other than code contributions), such as:

  • Bug bounties
  • Reviewers

More details about the bounty rewards will be announced as development progresses.

Resulting benefits for Steem ecosystem

Support of Steem on hardware wallets will improve the user friendliness of the Steem blockchain, as there is no need to manage 4 separate private keys (plus a master password). It results in an easier onboarding of new users onto the Steem ecosystem.

In addition, having the ability to store STEEM and Steem based tokens in a hardware wallet could result in a reduction of the number of STEEM stored on exchanges.

Deliverables

As outlined in the application listing requirements in Ledger's developer documentation:

  • Main BOLOS application written in the C programming language, with its open source repository
  • Companion desktop app (I will also integrate hardware wallet signing on Steem Keychain, and possibly SteemConnect and other Steem applications)
  • Tutorial on using the application (according to Ledger team, it must be a video demonstration, therefore it will be posted on DTube)

In addition, I will be producing the following:

  • JavaScript API library for easy integration on Steem applications
  • Documentation on app integration
  • Web based, offline private key derivation tool for account recovery
  • Offline address index finder to recover forgotten address index of public key

The application will support storage of native STEEM and SBD tokens, as well as Steem Engine tokens and SMTs (if it will ever be released). The first release will not have support for DTC tokens to speed up the development and app approval process.

Current progress

Some work have been completed as a proof of technical viability of the application development, which may be found in the GitHub repository here. Currently the BOLOS app is able to generate Steem public keys from a BIP44 derivation path, which is m/44'/135'/0'/0/address_index_requested, as shown in the GIF below.


For some reason the GIF does not animate on steemit.com. Click here for the direct link to animation on IPFS.

EDIT: I just noticed that right after 3 days from the initial commit to the GitHub repository, 5 people have already found this project. That's 10 days before the first project announcement post (aka this one).

Huge shoutouts to @heimindanger, @mkt, @ausbitbank, @followbtcnews, and @roadscape for showing your early interest in this project!

early stargazers.PNG

early watchers.PNG

Programming experience

This is the first time I'm writing a real world application in C programming language, however I have built tools for Steem blockchain DApps (DTube in particular), mainly in JavaScript.

These are the following tools I developed (hyperlinked to the latest update of the respective projects):

I have also contributed to the main DTube source code, as outlined here.

Final words

If you are with me who is also looking to store STEEM and Steem related tokens on a hardware wallet, or find that this project adds value to the Steem ecosystem, please consider voting for this proposal by clicking the button below.

nj_Vote_Button_Circle.png

steem hardware wallet ledger palnet steemleo neoxian blockchain cryptocurrency
0
0
0.000
10 comments
avatar

This is a great idea. I have a Nano S. I'm just curious, will only the master key be stored on the device or will all of them be stored?

0
0
0.000
Reply
avatar
(Edited)

In the case of hardware wallets, the 24-word recovery seed will be the master password. The public and private keys are derived from this recovery seed using m/44'/135'/0'/0/address_index derivation path, the same way of how EOS public keys get generated but with a different coin type in the derivation path, which is outlined here. I have tried generating a Steem public key from the private key generated from an EOS keypair generation tool, and the only difference in the generated public keys are the first 3 letters, where Steem public keys start with STM, whereas EOS public keys start with EOS.

The address_index that completes the path to derive the public key (that is bound to Steem accounts) will be stored in desktop wallets. The WIF private key will be generated using the same derivation path every time there is a signing request, hence there is nothing to write to the flash memory which has limited cycles (500,000 writes according to Ledger's documentation)

You may find the source code here

0
0
0.000
Reply
avatar

Thanks for explaining. I take it that means the master password and keys will have to change to make the account compatible without compromising or resetting the device. It should also mean it is possible to store additional accounts by changing the address path similar to how separate xlm accounts are stored (change last 0).

0
0
0.000
Reply
avatar
(Edited)

There will be options in the desktop wallet apps to only change certain public keys, so that an account is not tied completely to the hardware wallet.

For example a curation bot may need to store plain text private posting key on a server. They have the option to only change their active and owner public keys, so that funds may only be accessed through the hardware wallet, but able to comment/vote with the posting key like how we're doing it now.

An account may also have more than one public key associated with a particular authority. For example there may be 2 public keys that is associated with posting authority, in which transactions that only require posting authority can be signed with the hardware wallet or another private key.

0
0
0.000
Reply
avatar

Would there be any listing fees by Ledger to get a working application listed on Ledger's "app store"?

0
0
0.000
Reply
avatar

You should explore the ledger nano related githubs . This is an adventure in software development finally we cn all join in, steem has made things accessible to all, we ARE the new github.

IM SO HAPPY @techcoderx decided to do this becaus eI was thinking I WAS going to have to be the one who did iut, but THANK YOU so MUCH techcoderx for this!!!1

WOOOWWWW Youre ALREADY almost there! MAKE SURE the title is changed to SHOW everyone YOU ALREADY HAVE A WORKING PROTOTYPE thats IMPORTANT!

@inertia @surfyogi @meesterboom @luciper @thejohalfiles should all know about this project so we can get this funded, however, id be willing to help get private funding for @techcoderx to ENSURE this happens.

When we combine THIS SPS proposal for ledger nano support with my Steem on Scatter proposal, things will get very serious!

0
0
0.000
Reply
avatar

I will have an update video on DTube coming soon 😃

Spoiler alert: it still can't generate a valid signature yet 😔

0
0
0.000
Reply
avatar

Its ok let this image be inspiration for you. Make this silver diamond steem pendent with pedger on the chain have meaning finally!

image.png

I believe in you!

(Tell ppl i have an extra for sale, $500 and its silver 999 and lab diamonds . i can then make another one for eos :)

Soone nuf we will be using your sps for hardware wallet, mine for scatter, and we will be getting steem MAIN NET on newdex and trading main net steem with hardware wallets on a Real dex no pegged assets needed! we could even get steem engine tokens trading on newdex for steem directly

0
0
0.000
Reply