BLOCKTRUST Identity Wallet (PRISM) v1.0 for Android and iOS

[GENERAL] Name and surname of main applicant

Ed Eykholt

[GENERAL] Email address of main applicant

ed.eykholt@gmail.com

Additional applicants

Björn Sandmann

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

9

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

Yes

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

We are aiming to align with the currently available version of the PRISM v2 specification (https://github.com/input-output-hk/prism-did-method-spec). Our objective is to create a solution that can work seamlessly between Blocktrust and the PRISM components.

We will contract for an external code security review.

We will engage an attorney for helping with our Terms of Use and Privacy Policy.

There is an additional dependency on Microsoft’s .NET Multi-platform App UI (.NET MAUI), which is already released, but will undergo further changes we will need in the .NET 8 release scheduled for November 2023.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

Project will be fully open source. The compiling of the source may depend on external components that are available only in binary form.

[METADATA] Category of proposal

Identity Solutions

[IMPACT] Please describe your proposed solution.

This Android and iOS products will implement the same use cases as described in the proposal “BLOCKTRUST Identity Wallet (PRISM) - Browser Extension and Shared Features, v1.0”, with some UI design and implementation elements that are unique to smartphones and their operating system. The Android and iOS wallet products will be built on the shared features described in that “base” proposal.

Vote for this Android and iOS proposal only if you also have voted for the base proposal.

The Wallet operates on the principles of self-sovereign identity (SSI) and utilizes Atala PRISM technology. Self-sovereign identity lets you have multiple digital identities (personas), composed of a decentralized identifier (DID) and a collection of verifiable claims, or Verifiable Credentials, about you.

These Verifiable Credentials (VCs) are generated by entities called Issuers. The VCs contain information about you (you're the Subject), and you hold them (making you the Holder). You can then present these verifiable claims to another entity called a Verifier.

Our Wallet not only receives these VCs from Issuers but also supports the roles of a Holder and a Verifier. It essentially lets you collect, store, and present your verifiable credentials.

The VCs are of type W3C JSON-JWT, and additional types will be added in the future. The communication protocols between agents (e.g. issuer-to-holder, holder-to-verifier) are based on Hyperledger Aries, and make use of a DIDComm v2 Mediator service, which the user can specify, one of those being Blocktrust's.

Additionally, our Wallet also uses DIDComm and a Mediator to implement secure, end-to-end encrypted chat messaging between you and another Wallet user or with any other compliant identity agent.

Specific implementation and differences for targeting Android and iOS (when compared with the browser extension product) include:

• Android
• Targeting Android 12L or later.
• Wallet Connect protocol
• User interface layouts (platform-specific designs and paradigms)
• Android Keystore System for key vault and signing
• Other areas: Android Manifest File. Resource Management, Signing the App, Min SDK Version, Platform-Specific APIs, Google-Specific Services.

• iOS
• Target is iOS 16.
• Wallet Connect Protocol
• User Interface Layouts (platform-specific designs and paradigms)
• Trusted Enclave use for key vault and signing
• Other areas: Info.plist File, Asset Catalog:, Entitlements:, Platform-Specific APIs, Apple-Specific Services, and Provisioning Profiles and Certificates.

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

Using decentralized identity wallets and agents such as Blocktrust's, developers of decentralized applications (DApps) or centralized solutions interfacing with the Cardano ecosystem will be better equipped to fulfill their goals. These often involve establishing trust between different parties and ensuring regulatory compliance. Without the availability of Blocktrust's wallet, developers could face increased risks. They may find their progress impeded or become overly reliant on another provider's identity wallet solution, limiting their flexibility.

[IMPACT] How do you intend to measure the success of your project?

We plan to gather user feedback through a specific Discord channel dedicated to this purpose. Additionally, we'll keep track of the number of times our product is downloaded from the Chrome Web Store after it's released for beta testing and when it's made generally available. These download numbers will give us tangible data about our product's reach. We're also currently investigating potential ways to generate revenue from the product in the future.

[IMPACT] Please describe your plans to share the outputs and results of your project?

Blocktrust will keep the Cardano community informed about our progress by providing updates as we achieve each of our milestones, typically on a monthly basis. We'll be communicating through Catalyst progress reports, our dedicated Discord channel, and videos showcasing the latest features of our product.

Occasionally, we may interact with the community in real-time during the Catalyst After Town Hall sessions. These sessions will give us an opportunity to show our progress and collect immediate feedback.

For Android, we’ll have Beta and Generally Available releases and distribution via the Google Play Store. For the iOS releases, they will be via Apple App Store.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

Blocktrust is committed to the vision of widely implementing top-notch Self-Sovereign Identity (SSI) solutions for the Cardano ecosystem.

Our team currently comprises two seasoned software engineers, both of whom have an track record of successfully delivered projects (as seen on our website). Throughout our Fund 9 projects, we've demonstrated an excellent collaborative spirit. To further boost our productivity during this project, we plan to bring on board an additional full-stack C# developer.

Our robust performance in the Fund 9 and earlier projects, as evidenced by our accepted milestone reports and informative videos, underscores our capacity to deliver high-quality results. We've also established good relationships with key members of the Atala PRISM team and several early adopters within the Atala Astros group.

In our nearly concluded Fund 9 wallet project, expected to complete by October 2023, we've surmounted unexpected challenges and exceeded our initial project scope. Notably, we began the project on the PRISM v1 infrastructure. However, after IOG discontinued its support for v1 following the launch of v2, we adapted. Our Fund 10 wallet and its underlying infrastructure will align with the publicly released PRISM v2 specification. Beyond the original scope of Fund 9, we've introduced additional features like DIDComm - a safe, decentralized, and encrypted peer-to-peer communication protocol.

As we proceed with the Fund 10 project, we anticipate encountering similar challenges and opportunities for enhancement. We are ready to tackle these head-on, with tenacity to ensure we deliver a product of substantial value.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

*Implement the wallet's features, leveraging the progress made on the Fund 9 browser extension and Fund 10 browser extension code that can be leveraged for Android and iOS as shared code. Deliver public releases (including Beta and General Availability).

*Continue to expand and preserve our wallet's interoperability with W3C Verifiable Credentials (JSON-JWT), the Atala PRISM v2 specification for on-chain transaction metadata, DIDComm v2-based communications, and the Hyperledger Aries credential exchange protocol.

*Test and showcase the above-mentioned interoperability with other identity agents compatible with our system.

*Facilitate the resolution of significant, comprehensive use cases involving decentralized identifiers and verifiable credentials, which would be beneficial for the dApp developers community.

*Promote discussions with other Cardano teams that require DIDs and verifiable credentials, and be prepared to advise on how our features can be integrated into their workflows.

Our approach's validation will be gauged through feedback from the DApp teams. We anticipate this feedback to be based on their experience with our Beta and Generally Available releases, as well as their ability to incorporate these into workflows that help them address their end-to-end use cases and business scenarios.

The implementations of the wallet for Android and iOS will be developed in .NET C# Blazor as a Mixed-Native WASM application.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

This project’s tasks and milestones will follow after most of the shared work on those components common to browser, iOS, and Android is complete. This Android- and iOS-specific project is planned to start in earnest beginning February 2024.

Milestone 1:

Activities: 

• Design Ux specific for Android and iOS mobile, where menu, navigation, and certain swipe gestures are different then the browser, but accomplish the same net effect.
• Begin initial builds in .NET Maui Mixed-Native
• Set up CI/CD pipelines

Finish: March 1, 2024  

Milestone 2:

• Implement key vault and signing appropriate for platform trusted execution environment (Android Keystore System and iOS Trusted Enclave).
• Update backup / restore implementation

Finish: April 1, 2024

Milestone 3:

• Update QR Code scanning implementation to use device’s camera
• Implement ability to unlock the app with device biometrics

Finish: May 1, 2024

Milestone 4:

• Conduct a security code review
• Implement Wallet Connect or similar protocol (for interacting with other Smartphone apps)
• Finalize implementation of all other UI updates
• Implement automated tests

Finish: June 1, 2024

Milestone 5:

• Additional bug fixing, testing
• Prepare to release Beta products via the Google Play Store and Apple App Store

Finish: July 1, 2024

Milestone 6:

• Prepare for Beta and release Beta products

Finish: August 1, 2024

Milestone 7:

• Collect Beta feedback and begin updates to products.

Finish: September 1, 2024

Milestone 8:

• Complete updates to products from Beta feedback

Finish: October 1, 2024

Milestone 9:

• Finalize testing for GA
• Generally Available Releases, published to the Google Play Store and Apple App Store.

Finish: November 1, 2024

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

• Every Milestone:
• Videos 
• Updated source code in public repos
• Release Milestones:
• Releases via Google Play Store and Apple App Store in the Beta (Milestone 6) and General Availability (Milestone 9).

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

Project team: (architecture, design, software development, testing, DevOps, community, project management, documentation)

• Ed Eykholt = 150,000 ADA
• Björn Sandmann = 55,500 ADA
• New Team Member = 0 (if added, they will be allocated portion of above)

Third party products and services:

• hardware = 0
• software licenses = 0
• cloud services = 0
• code auditing / security review = 20,000 ADA
• legal services (Terms of Use and Privacy Policy) = 20,000 ADA

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

This project brings direct value in accelerating the implementation of many use cases involving trust for many participants in the Cardano ecosystem, especially for holders and verifiers of credentials. Without good identity wallets like Blocktrust's, the completion and adoption of many dApps and enterprise solutions will be slowed. That's a large opportunity cost to the Cardano ecosystem, which far exceeds this project's cost.

We computed effort, in hours, and multiplied that by a below-market rate of US$70 per hour (in both Germany and USA) for the expertise of our team. Then we devided this by a recent price of Ada, US$/ada = 0.28. By doing the, the team is taking a downside risk if the price of Ada drops from that point.

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.

I Accept