Build your own storagecoin - Group11

[PauluzzNL]

Project H: Build your own Storagecoin

You will make your own storagecoin within this project. Filecoin is the largest ICO in the history of cybercurrency, see our analysis. A total of $257 million is given to a project without any running code. The big idea of your project and Filecoin is to turn any storage device into a cash generation machine. Key target is expanding an existing system with mobility of mined storage coins. Your code will allow send credits to another Android wallet. First task is to understand the Trustchain fabric by TUDelft, our 12 years of ledger prototyping and Android implementation. See project A for starting point with coding. Second task is to enable Android-to-Android transfer of coins. Finally, implement private key importing within your Android code and exporting using QR codes from the Tribler credit mining system.

@devbridie @PauluzzNL @mitchellolsthoorn @roelofsol @DavidGSB

[RoelofSol]

Our first milestone is:

Extend Tribler with the feature to generate a QR code from a key pair ( pybip38 ) This QR code can be picked up by a mobile phone using a version of the TrustChain Android app . The Android app can transfer credits to a second phone without using wifi. ( bluetooth/NFC/QR-codes/audio)

Our first week objective:

Have local builds of Tribler and Android and get acquainted with their code base.

[RoelofSol]

Meeting - Friday - 24 Nov We heard that there are problems with the available Android app. We hope to get a POC QR exchange between PC and Android working.

Tasks:

• Activate the Tribler market? and extract the key pair ( @DavidGSB & @PauluzzNL & @mitchellolsthoorn )
• Use Python to generate QR codes and display in Qt5 ( @RoelofSol )
• POC Android app to scan and display QR Codes ( @devbridie )

[RoelofSol]

QR generation examples

[RoelofSol]

Meeting with Pouwelse - Tuesday - 28 Nov

We discussed the progress so far, and came to the conclusion that we should start communicating with the other group and TA that is working on the Android App.

• [ ] Update existing android app with QR scan to import the key to android ( @devbridie , @PauluzzNL )
• [ ] Export QR code button in Tribler ( @mitchellolsthoorn ) .
• [ ] Contact Overlay app group & student assistants (@RoelofSol )
• [ ] Checkout Qt native QR code geneneration ( @RoelofSol )
• [ ] Setup Android & Tribler Dev environment ( @DavidGSR)

[mitchellolsthoorn]

Progress on key export in Tribler, code can be found in PR #3267 :

The individual buttons export the three different key pairs present in the session state of Tribler.

[RoelofSol]

The goal will be changed to wallet management, and no transactions

Tribler uses libsodium to generate dual key format keys. The problem is that the crypto libraries in Android (bouncycastle) does not support these dual format keys.

Possible TODO:

• phone - phone import and export solution
• phone -> pc export
• tribler import
• Use libsodium in Android?

[devos50]

We already compiled libsodium for Android.

To use it, you should add the following code to your build.gradle:

sodium {
                binaries.withType(SharedLibraryBinary) {
                    sharedLibraryFile = file("src/main/jniLibs/armeabi-v7a/libsodium.so")
                }
            }

Note that it's only compiled for armv7 so it cannot be loaded on Intel-based devices. Also, you probably have to write some glue code (bindings) using JNI (or SWIG) to invoke methods in the libsodium.so file.

libsodium.so.zip

UPDATE: https://github.com/joshjdevl/libsodium-jni seems exactly what you want here 👍

[RoelofSol]

Meeting - Dec 5

We changed our Goal. We will transfer money from a PC to an Android

TODO

• [x] ONHOLD Pull request QR Code Backup system
• [x] Libsodium working on android.
• [ ] Trustchain - Android chain Compatibility ( http://trustchain-android.readthedocs.io/en/latest/database.html )
• [ ] Give all money Payment request PC -> Android

[synctext]

Sprint goal: empty a PC wallet to a fresh Android Trustchain wallet with protection against man-in-the-middle attacks. Assume PC shows it's public IPv4:port and is connectable.

[RoelofSol]

Options

1. Generate Identity on PC, transfer money on pc ( spin up second dispensery) and Move it to the android.
2. Move PC identity to Android and generate new Identity
3. Create a transfer from PC to Android

[RoelofSol]

We are focusing on option 1. ( We are using the chain as a tool and are not ensuring the security/consistency of a specific usecase. ) The tickets are :

• [ ] Spin up a second Tribler core

  • create identity
  • create exchange ( the Bandwidth currency )

• [ ] Tribler: generate QR code with Key+Chain

• [ ] Android: Chain + Key compatibility

  • Android libsodium key
  • Tribler libsodium key

• [ ] Android: Read and save Key + Chain

[PauluzzNL]

Current Progress:

• libsodium is integrated into the Android application (jni).
• Old bouncycastle crypto implementation replaced.
• Keys exported and re-imported in the application via QR.
• Key importing should still be tested
• Currently working on getting a second wallet to transfer the keys to on the computer.

Solved roadblocks:

• QR encoding character set can be problematic when using binary data
• Libsodium keys pulled out from dual key format
• Android implementation rewritten to use libsodium at all callsites.

[PauluzzNL]

Progress for upcoming weeks:

• Transfer identity to a new wallet
• Import identity to Android phone
• Export keys from Android to Android
• Export identity from Android to Android

[synctext]

Status:

• ToDo: Create new keypair in Tribler, sign coin transfer, and generate QR code
• ToDo: Merge Android app enhancements with QR reading and private key replacement
• Future sprints: Android-to-Android transfers like a wallet in Android app

[RoelofSol]

Dec 19 Done :

• [x] Create new keypair in Tribler, sign coin transfer, and generate QR code
• [ ] Merge Android app enhancements with QR reading and private key replacement ( https://github.com/wkmeijer/CS4160-trustchain-android/pull/54 )
• [ ] Future sprints: Android-to-Android transfers like a wallet in Android app

TODO : Integration test Tribler -> Android

[synctext]

Progress:

• QR code to scan with

  • genesis block to create fresh chain on Android
  • both private key and public key in QR
  • replace existing chain on phone
  • transaction "1" to fill it with funds from PC

• {optionally fancy} GUI and android-to-android transfer

• future sprint: use the QR code as a transport wallet

  • no longer overwrite existing chain
  • move incoming funds into local chain
  • transaction "2" to fully empty transport wallet into existing Android wallet

[RoelofSol]

We are now tracking progress on https://github.com/orgs/blockchain-storage/projects/1

[PauluzzNL]

After importing the current QR code the block is currently directly inserted into the chain and the private key is overridden. Currently the 'chain' becomes 'corrupted' because of this, because the genesis block is missing (for now). So the history of previous blocks is now incorrect, as they were from a different keypair.

The better approach and first next goal is to actually transfer the transaction from the 'temporary block/identity' to the already existing wallet on the phone.

[devbridie]

For transactions that have associated coin data, an Activity has been created displaying the transaction data.

[PauluzzNL]

Current concept:

• Create a new identity in Tribler and transfer the funds to the new identity. Replace the identity on the phone with the new identity. There are currently a few issues with this approach.

New Approach:

• Create a temporary identity on the computer called 'temp'. Transfer the funds from the computer to this identity. Send the identity + transaction to the phone. On the phone, transfer the funds from the 'temp' identity to the identity of the phone.

[synctext]

Remarks and progress :

• Binary QR codes are not easy. Is it UTF8, ANSI or Unicode? No compatibility between apps
• The JSON high-density QR is quite a bit of size: 675 Byte with medium error correction.
• Most time is spend understanding existing code and discussion in the team which design is best
• Coding of solution is merely 10%. Design and debug is vast majority
• External constrains are the big time-sink (QR, Android, Tribler, LibSodium, Dispersy, TriblerChain).
• Merging upstream into main TrustChain app is still pending
• impossible to do test-driven development:
  • unknown where to go or how to do it at the project start
  • original project description was too vage
  • the solution is only discovered during (re-)development and multiple itterations
• Stanford deadline: your work will be presented in some form on 26Jan.
• ToDo next week: pretty transport transaction and transport identity

[synctext]

Final documentation is contribution to: http://trustchain-android.readthedocs.io/

[PauluzzNL]

Short overview of the block structure used for the throwaway transfer identity.

[mitchellolsthoorn]

Schematic overview of offline transaction with throw-away identity

We do not send all information of the zeroth block of the C node, because it will make the QR to big too display on a mobile phone.

Data sent:

• sequence number
• block_hash
• private_key
• Tx

[mitchellolsthoorn]

Beta version of the documentation: https://drive.google.com/open?id=1bQvnE0p48Zd2m9tBiCfNTQtZnYXVR4yS

This will be uploaded to the read the docs of the android app and put into the issue

[mitchellolsthoorn]

To be done/improved

• Documentation (token, not currency)
• Merge PR on android side
• Merge PR on Tribler side
• Change button name to 'Fully or Partial Empty funds into another account'
• Change Warning to 'This is an one-way action and cannot be revered, if the QR code is not scanned the funds will be lost'
• Tribler partial emptying in GUI
• Android to Android offline emptying

The current PR's are #3358 https://github.com/wkmeijer/CS4160-trustchain-android/pull/54

[synctext]

wish list :

• Stanford release PR
• 2 pictures for .PPT (16:9 aspect ratio)
• stable .APK
• final report and release
• Android-to-Android coin transfer wallet-like

Final grading doc; PR to read-the-docs which should not exceed 5 pages including introduction with proper references, problem statement, high level description of the system, and reason for certain critical choices made in the design.

[PauluzzNL]

QR code to test the android functionality.

[mitchellolsthoorn]

Ideas for the pictures for the Stanford talk:

• Android-to-Android offline transaction (showing the phone scanning the QR-code)
• Tribler with the emptying button and the QR visible

[devbridie]

https://github.com/blockchain-storage/app/releases/tag/funds-preprealpha

[mitchellolsthoorn]

Screenshot of new partial emptying support on Tribler, new confirmation screens and changed wording

[mitchellolsthoorn]

Presentation image:

[synctext]

Stauts

• nice refactoring of critical crypto code
• offline Android-to-Android token transfer works
• Final meeting: https://doodle.com/poll/ha9q5n8un4ftanec

[RoelofSol]

[mitchellolsthoorn]

Discovered problem during last sprint:

• Verification on Android was not working because of the dualsecret key issues from changing the crypto library (SOLVED: Because the old crypto system only used one key pair, instead of the current implementation's two, a special key format had to be applied, that not only contained the public key of the crypto key pair, but also the public key (verify key) from the signing key pair.)
• Database constraint error from the double inserted blocks, because of failed connections (SOLVED: using database check, to verify existence of block)

[RoelofSol]

Prettier usage gif

[PauluzzNL]

Here is our process report which also includes the technical information. We'll have one final pull request with documentation changes to the android master.

[synctext]

Quick comments used for final grading:

• "you can see it, you can steal it" security model
• code and engineering excellence
  • devised an elegant solution to the QR transfer problem
  • implemented an atomic single-QR code with throw-away identity
  • identities of both sender and receiver are stable
  • operational demo and double spending
  • went through battle of the PRs
  • replaced core crypto lib
  • when scanning 1 QR code for second time, double spending attack detected, refuses to accept it, but no clear specific error.
• documentation of Android seems to be stuck
• readthedocs should auto-update, yet latest docs seem to be outdated
• quality assurance
  • normally it seems readthedocs is auto-updated
  • code coverage for Android and Tribler
  • Little Android testing, very GUI focussed
  • Due to time constraint, no big mocking of JSON struct/QR down to see that valid blocks are created
  • suggested future work: QR double spending checks when coming online