Intercoin Wallet

It's a secure wallet -- and you don't have to install it!

Advantages:

1. 🚀 Nothing to install. Users can seamlessly start to use Web3 upon visiting a site.
2. ⛽ No gas needed. The wallet can sign meta-transactions, allowing the website operator to pay gas.
3. 📜 Standards-compliant. The wallet is designed to work with with the new Account Abstraction standard (ERC 4337)
4. 🔍 Transparency. The user is shown the contract, method and parameters for a transaction, before approving it (EIP 712 and EIP 6384)
5. 🔒 Extra Security. The wallet maintains a managed whitelist of trusted smart contracts for each website, protecting users in case the site is compromised. It can also require the user to scan a QR code from another device to double-check and approve their transaction.

In addition, the wallet natively integrates a growing number of applications developed by Intercoin and audited by third parties, that lets people participate in, and manage, various community activities across websites: :

1. 🌐 Community DAO – inviting people, managing roles and permissions. (GitHub)
2. 🎨 NFTs -- connect with artists to release your own collection, memberships (GitHub)
3. 💱 Currencies – issue and manage your own local money supply (GitHub)
4. 🔄 Subscriptions – manages recurring subscriptions to maintain some benefits (GitHub)
5. 💸 Income – managing disbursements, including Universal Basic Income (GitHub)
6. 📊 Stats – understand how money is being spent from consumer price activity (GitHub)
7. 🏆 Contests – elect judges and reward teams for solving community problems (GitHub)
8. 🌱 Fundraising - raising money with multiple rounds and bonus structures (GitHub)
9. 🔨 Auctions - have buyers compete on price for NFTs, roles, reservations, etc. (GitHub)
10. 💰 Escrow – off-chain transactions and alternatives for reputation and trust (GitHub)
11. 🤝 Control – let multiple parties collectively manage an account and its actions (GitHub)
12. 🗳️ Voting – secure elections to democratically govern your community (GitHub)

Other Crypto Wallets Today

The way crypto wallet browser extensions store the user's private keys is actually by encrypting them at runtime in Javascript (using material derived from the user's password), and storing the encrypted version in the browser's local storage. Then they load the keys into their Javascript execution environment and use it to sign the transactions. Wallets deployed as apps do a similar thing, except the code might not be in a browser extension.

An exception is the "Fortmatic/Magic wallet" and related wallets which use Amazon Key Management Service so users basically trust Amazon.

Intercoin Wallet Security Foundations

The Intercoin wallet don't rely on Amazon and won't require a browser extension or an app, but will work inside iframes. It leverages subresource integrity and service workers to ensure that the client-side code hasn't changed, and exactly matches what's been audited by third parties, and doesn't "phone home" any private information to any server.

Authentication in the Intercoin Wallet is done by means of WebAuthn (you can see a demo of how it works in your own browser). The keys are stored inside a U2F device or -- these days very often -- in a secure enclave inside the computer or phone on which the browser is running.

The challenge comes from the blockchain, with the material being derived from a pseudo-random oracle that is infeasible to predict. The user signs the challenge using either WebAuthn or a Web Crypto using a non-extractable key. For now, most operating systems and hardware modules only support the secp256r1 elliptic curve, instead of the secp256k1 used in Bitcoin and Ethereum.

(Some prominent people in the crypto space, including Vitalik Buterin, believe that the r1 curve was chosen because it has a weakness that can be exploited by state actors. However, it is used in all major security implementations outside crypto, including TLS, DNSSEC, Apple’s Secure Enclave, Passkeys, Android Keystore, and Yubikey, which can be used in the EVM.)