namecoin / namecoin-legacy

Legacy client. New version here: https://github.com/namecoin/namecoin-core Note the release branch! - Official website:
https://namecoin.org
MIT License
448 stars 177 forks source link

Trezor Hardware Wallet Support #148

Closed JeremyRand closed 10 years ago

JeremyRand commented 10 years ago

This is a tracking ticket for Trezor support for Namecoin (not necessarily in Namecoin-Qt). See the following links:

https://forum.namecoin.info/viewtopic.php?p=12340#p12340 https://bitcointalk.org/index.php?topic=122438.msg6926871#msg6926871 https://bitcointalk.org/index.php?topic=644755.0

There are a number of ways that this could be implemented.

The method that the Trezor people mention basically involves setting up a blockchain explorer API that can provide the Trezor web wallet with enough data for the web wallet to interact with the user's Trezor.

That method, as I understand it (anyone want to confirm?), has some security issues. Specifically, while it is not possible for the web wallet operator to steal your NMC (since the keys stay in your Trezor), they are able to falsely claim that you have received NMC (which might let someone commit fraud against you), as well as make your legitimately owned NMC unspendable (which might let someone punish users monetarily, or even steal names by forcing a name to expire). In my opinion, this is not adequate security.

The other method, which the Trezor people didn't mention, is to directly implement the Trezor hardware library into a Namecoin client which validates the blockchain as normal (this could be a full client, or a libcoin-style light client, or an SPV+UTXO ultra-light client). This gives the same security guarantees as the standard Namecoin client, with the additional benefit that your wallet is effectively in cold storage. I'm pretty sure that the Armory guys are planning on doing this; I'm not sure about other clients since I don't follow them as much. In my opinion, this is a better route to take.

NOTE TO DONORS: Please do not place bounties on this issue; place them on specific implementations as described above. That way this issue can remain open as a tracking issue.

ghost commented 10 years ago

Any plans to implement any of these 2 solutions?

JeremyRand commented 10 years ago

Hi @bat100,

Last I heard Armory is planning on adding Trezor support. If they add Namecoin support too ( see https://github.com/etotheipi/BitcoinArmory/issues/230 ) then that would solve this issue. I've had difficulty getting a clear answer from the Armory devs on this... feel free to post in the issue I linked and ask them if they would merge Namecoin support. If the Armory devs are willing to merge, and funding is available (BountySource), I'm willing to put some dev effort into it.

ghost commented 10 years ago

How much bounty would it take for you to develop option 1 and/or option 2 independently of armory?

JeremyRand commented 10 years ago

@bat100 If I personally were to try to develop this, it would be in the form of Armory support for Namecoin. The Armory team would still have to implement Trezor support on their end (which I believe they are planning to do, but I don't know a specific timeline). Armory Namecoin support would be a potentially major task, and would probably be best if split into smaller sub-bounties. If I had to guess without much information, I'd say Armory would be around 5-6 sub-bounties, each valued at about $100. However, please realize that that estimate isn't with much information, and it could be more or less than that.

I can tell you that I'm counting my time at $20/hr (relatively low for a comp sci major), and if I require less time than initially estimated, the remainder of the bounty can be repurposed toward any other Namecoin bounty of your choice. So, if I overestimate the time involved, I won't just take your money. :-)

If that's acceptable to you, let me know, and I'll do a bit more preliminary work (including tracking down the Armory guys to see if my plans have overlooked any important details) and then I'll open up some tickets where you can place BountySource bounties.

I'm personally unable to work on non-Armory solutions to this. But, if someone else is interested in implementing this and has a different plan, they're totally welcome to post their estimate here too. For what it's worth, Armory Namecoin support would be useful for a lot of use cases other than Trezor usage... so all those benefits come in the package.

Cheers.

ghost commented 10 years ago

what about an API for mytrezor.com support?

JeremyRand commented 10 years ago

@bat100 That's a good question. I don't have the ability to work on a MyTrezor API server, but if someone else is interested in working on that, I'd encourage them to chime in here. (Just be aware that an API server could potentially steal names by forcing them to expire, while Armory doesn't have that vulnerability.)

ghost commented 10 years ago

I thought what you mentioned as option 1 was an API for the block chain that would then allow the web wallet to get the information. At this stage I think we should worry first about the coins aspect rather than the domain registration aspect (which could be done with a small hot wallet). Would you be able to do that for a small bounty? Thanks

JeremyRand commented 10 years ago

@bat100 That's correct, if someone is able to set up an API server for the blockchain which MyTrezor could access, then I think that will allow transactions to be signed on the Trezor. I know there are some people working on API servers (John Kenney and jonasbits were both doing relevant work); maybe they can chime in here. (I don't recall their GitHub usernames, anyone want to tag them?)

This probably depends on individual use cases, but for me, I'd be much more worried about names than currency, because names aren't replaceable (for any price) if stolen. I believe that Option 1 would only work for currency unless the MyTrezor devs add support for interpreting name scripts to their code. Similarly, Armory would only support currency until name script support is added. I'd certainly be willing to work on name scripts for Armory (that was factored into my bounty estimate), but I don't know if anyone at MyTrezor is interested in doing the same. Since MyTrezor isn't open-source, if they don't want to work on it, then it won't happen.

JeremyRand commented 10 years ago

@jonasbits, want to chime in here?

ghost commented 10 years ago

I'm not currently working on any api server, busy with a website. I'd prefer 'option 2' to be implemented anyway.

JeremyRand commented 10 years ago

Thanks for the quick reply @John-Kenney, sorry I forgot your GitHub username :-)

ghost commented 10 years ago

Also, IMO, option 2 should be done with libcoin, I'm not sure we should be adding features to namecoin.

JeremyRand commented 10 years ago

@John-Kenney I agree on that. The only difference between namecoind and libcoind as far as Armory cares is the database format. Someone should ask the Armory devs when they're planning to implement the P2P-protocol replacement for database parsing; if that's coming soon then the exact same Armory code will work on namecoind and libcoind.

If you're talking about supporting Trezor directly as a libcoind wallet, that's probably doable, but it means replacing the wallet format with something that handles the HD wallet scheme. (Of course, that needs to be done at some point anyway.) I don't have enough experience with the libcoin codebase to do that, but it would certainly be a useful endeavor if someone is willing to tackle it.

ghost commented 10 years ago

I don't have the experience to do it either, but I'd like to see some generic interface for Trezor & any other similar simple hardware wallets that come in future.

ghost commented 10 years ago

I don't have any money to buy a Trezor for testing or anything either, they're still expensive for my tastes, but I like the idea & hope similar cheaper devices will come along.

JeremyRand commented 10 years ago

For what it's worth, if Bitcoin Core is planning to switch to an HD wallet (which I vaguely remember they are, but I might remember wrong), it might be wise to wait for that and merge it into libcoin rather than add HD wallets to libcoin ourselves and have it be obsoleted later.

ghost commented 10 years ago

Yeah, I agree, libcoin isn't just Namecoin & it's not just a Namecoin feature. Are there any software Bitcoin wallets that support Trezor now, or just their web service?

JeremyRand commented 10 years ago

Last I heard (which was a while ago and could be outdated), both Armory and Electrum were planning to add Trezor support, but the web service was the only client supporting it currently.

ghost commented 10 years ago

I was thinking of creating or modding a block explorer based on reading libcoin's database, I could possibly add some web api to that, but it's a long way off getting started even, I have a lot of other things to work on too.

ghost commented 10 years ago

Anyone would be willing to implement the option with the block chain API? I understand there is a potential risk of fraud in case someone hacks the block chain server, however for people interested in cold storage that could initiate the transaction themselves it would not be a problem. Also people could receive the payments on their computer to be sure they are real and then transfer them from there. It's not perfect but it still a nice improvement I think.

JeremyRand commented 10 years ago

@bat100 I'm probably not able to implement the option with the blockchain API, but maybe someone else is able to. I'm not sure whom to ask.

JeremyRand commented 10 years ago

Please continue this discussion at https://github.com/namecoin/meta/issues/1 , since this isn't related directly to namecoind/Namecoin-Qt. Thanks.