[RFC] Embrace secure signing methods

[dongwon8247]

Co-authors: @dongwon8247 @adr-sk

Background

Crypto wallets should pursue the highest degree of security and foster proper education on good self-custody practices to protect users from potential threats.

To achieve both high security and a quality user experience (UX), we need to explore various key management and signing options such as offline air-gapped accounts, QR-based transaction signing, session-based signing with std.Session, and account abstraction tech with Multi-Party Computation (MPC).

As a part of this initiative, we have integrated MPC in Adena via Web3Auth, an auth infrastructure provider. At a high level, Web3Auth's MPC "splits" a private key into multiple shares, which are each bound to various factors such as a social account, a device, or a backup phrase. Using threshold cryptography, the shares can be used to reconstruct the key in the front end of the wallet app. A typical setup is to create a 2 out of 3 threshold, requiring at least 2 shares to recover the key.

This kind of integration has been adopted and popularized by leading wallets such as Gnosis Safe, Ronin Wallet for Axie Infinity, Binance Wallet, and McDonald's App. As of June 2023, more than 15M accounts were powered by Web3Auth.

By allowing a user to bind a share to a Google account on Adena, we provide a friendly login flow that's identical to Web2, while maintaining secure self-custody for users.

Our next objective is to add support for an air-gapped signing environment by allowing users to broadcast transactions signed in a completely separate environment. The UX might be unfamiliar to most users, but it is the most secure method for key management, which is why we will advocate the use and education of airgap accounts.

The Airgap Userflow on Adena

Below is the planned airgap user flow on Adena:

1. The user generates a seed phrase (or a private key) in their own environment with gnokey.

2. The user adds the account to Adena by only entering the account address, essentially creating a watch-only account.

3. The user creates a signed.tx file in their own environment with gnokey.

4. The user transfers the file to the device (via USB, SD Card, or QR Code) on which Adena is installed - This process can be completely air-gapped (offline).

5. The user uploads the signed.tx file to Adena and broadcasts it to the blockchain.

Below is the UI in the works.

We're also considering adding a feature to create an unsigned transaction file from Adena. Creating complex transactions such as interactions with DeFi apps and DAOs or building chained transactions in a local development setting can be quite inconvenient and difficult. Having Adena automate this process will improve the UX.

Ideas to Improve the Usability of QR Codes

A Standard for Data Transmission via QR Codes
A standardized format for exchanging data with QR codes between offline signers and watch-only wallets is essential to encourage more wallets to support airgap accounts. The simplest approach seems to be adopting and encouraging the community to use an existing standard like the EIP-4527.

Generating QR Codes With ASCII
A command-line utility like qrencode that generates QR codes for signed transaction data in ASCII Art could essentially turn a custom airgapped device into a QR-based Hardware Wallet. Here is a visual example of this. Implementing a similar tool in Gno could foster wider adoption of airgap accounts by removing the need to use a flash drive or an SD card to transfer data from or to an air-gapped environment.

It would be nice to have feedback on our airgap work and ideas on QR codes from the community.

Additionally, there was a suggestion from @jaekwon @moul to adopt std.Session, a concept in which the main account delegates signing permission, divided by sessions, to subaccounts. Combined with the airgap support, this could be a great way to ensure security and usability for Web3 wallets. Can you please elaborate more on this concept and how it could be implemented? It would be greatly helpful.

[moul]

The QR code system could become a standard used throughout the ecosystem, not just on Adena. cc @gnolang/berty, @gnolang/teritori.

Also pinging @gnolang/teritori for their feedback on multisig UX and asynchronous signing flows in general.

Regarding the last paragraph, the name won't be std.Session, but it's essentially an extension of the tm2 account. We're considering having a volatile subkey similar to browser sessions using cookies. I'll create a dedicated issue for this soon (if it hasn't been done already).

[n0izn0iz]

re: asynchronous signing: using a sequence instead of a random nonce is a huge huge pain
except in specific case that don't happen in practice, you have to resign all pending txs when you broadcast a tx which forces "synchronous" signing