Hardware-Secured Hot Wallets for Live Services (Dexes, Bridges, Side-Chains, Dapps, & more)

[GENERAL] Name and Surname of Main Applicant

Willie Marchetto

[GENERAL] Email address of Main Applicant

willie@viperscience.com

Additional Applicants

Dylan Crocker, PhD

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

12

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

Yes

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” in this field.

Milestone 3 of our project will entail partnering with a project within the community to demonstrate the capabilities of our developed prototype. Since our solution has wide applicability within the Cardano ecosystem, we expect the likelihood of a successful partnership to be high.

[GENERAL] Will your project outputs be fully Open Source?

Yes

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.” in this field.

Project will be fully open source.

[METADATA] Category of Proposal

Wallet

[IMPACT] Please describe your proposed solution.

Cryptocurrency projects often require the use of "hot wallets'' to sign wallet transactions necessary for live services, making them vulnerable to private key theft and fraudulent activities by attackers. Traditional hardware wallet devices cannot be used for these purposes, as they require a human-in-the-loop to manually approve and authenticate every transaction. To address this issue, we propose the development of a hardware-based hot wallet that ensures enhanced security and autonomy for cryptocurrency projects, such as cross-chain bridges, side-chains, dexes, and token mints.

Existing hot wallets pose a significant security risk, as their private keys can be compromised, leading to fraudulent transactions and theft of funds. Protecting the integrity of autonomous transactions is crucial for the success and trustworthiness of cryptocurrency services.

Our solution is to develop a field-programmable gate array (FPGA)-based hardware device that leverages physical unclonable function (PUF) technology and deliberate electrical interface restrictions to prevent attackers from extracting private keys from the device. The hardware hot wallet will differ from traditional hardware wallets by providing continuous and automatic transaction signing once the device owner unlocks it with an authentication code.

A PUF utilizes unique physical properties of a hardware device to generate a one-of-a-kind response to a challenge. In the context of our solution, the PUF is leveraged to securely store a wallet’s key within the device. The primary advantage of using a PUF is that it makes it virtually impossible for an attacker to retrieve the private key from the device, even through sophisticated attacks. By utilizing this unclonable and tamper-resistant mechanism, our solution would ensure a high level of security and protection for the private key, safeguarding it against unauthorized access and potential theft.

In addition to leveraging the PUF for securing the private key, our solution implements an additional layer of security by restricting access to the device itself. To ensure maximum protection, we will employ a restricted UART interface for communication between the hardware device and a host computer. This deliberate choice eliminates any potential vulnerabilities that could arise from complex and exploitable communication protocols, such as Ethernet. The device’s software will only accept a very limited communication protocol and will not allow shell access to the device. By utilizing this basic interface, we effectively minimize the attack surface and make it virtually impossible for an attacker to gain remote access to the hardware.

In this project, we are committed to an open-source hardware approach rather than relying on a closed-source secure element for security. By embracing open-source principles, we ensure transparency, collaboration, and community involvement in the development and security of our hardware-based hot wallet. This approach allows for peer review, audits, and contributions from a diverse group of experts, which enhances the overall robustness and trustworthiness of our solution. By utilizing open-source hardware, we promote accessibility, encourage innovation, and foster an ecosystem where the broader community can contribute to and benefit from advancements in hardware-based security for cryptocurrency projects.

Key benefits:

• Enhanced security: The use of PUF technology guarantees protection against private key theft, ensuring the integrity of cryptocurrency transactions.
• Autonomous transaction signing: The hardware hot wallet will streamline operations by automatically signing incoming transactions (once authenticated), removing the need to manually sign wallet transactions in order to ensure the security of wallet keys.
• Versatile application space: The hardware-based wallet can be utilized (and customized) for various cryptocurrency services, including cross-chain bridges, side-chains, dexes, and NFT mints. Application-specific firmware can be developed to run within the secure environment of the embedded device.

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

Our solution is applicable to a variety of services throughout the Cardano ecosystem. By providing a hardware wallet solution for live services, our solution could greatly enhance the security of projects running on Cardano, strengthening the overall trust and reliability of the Cardano ecosystem, and attracting more developers and users to build and engage with the blockchain.

The hardware hot wallet automates transaction signing without compromising the security of private keys, streamlining and simplifying live wallet operation for service developers building on Cardano. This enhancement in security enables developers to focus on building and scaling their applications, making it easier and more efficient to develop on Cardano.

[IMPACT] How do you intend to measure the success of your project?

Success will be measured through several key metrics, primarily focusing on the adoption and integration of our solution into services running on the Cardano blockchain. By the end of our 12-month project, we aim to achieve the following milestones:

1. Community partnerships: Our primary goal is to establish a partnership with at least one Cardano project, where our hardware hot wallet will be integrated and utilized in their live service. This collaboration will serve as a tangible demonstration of our capabilities and validate the practical implementation of our solution.
2. Adoption and integration: Going forward, we will track the number of services and projects that successfully adopt and integrate our hardware hot wallet into their infrastructure.
3. User engagement and feedback: We will actively collect feedback from project teams who have utilized our hardware wallet. Their input will provide valuable insights into the usability, security, and overall satisfaction with our solution.
4. Developer interest: We will gauge the level of developer interest and engagement in our solution by tracking metrics such as the number of developers accessing our documentation and contributing to the open-source community around our hardware hot wallet. Developer interest will indicate the relevance and potential impact of our solution on the Cardano developer ecosystem.

[IMPACT] Please describe your plans to share the outputs and results of your project?

We plan to open source the hardware specifications, software repository, and project documentation developed throughout the course of this project.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

The Viper Science team has been an active contributor to the Cardano community for over four years. In addition to operating stake pools since the Incentivized Testnet, we have developed several open source tools for Cardano developers and SPOs. Three of these projects have been successfully funded through Catalyst in the past:

• Cardano-Tools Python Library (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-tools-python-library) 
• Cardano development library in C++ (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-development-library-in-c)
• API for Multi-Delegation Portfolios (https://projectcatalyst.io/funds/6/f6-dapps-and-integrations/api-for-multi-delegation-portfolios) 

A complete list of our contributions can be found at https://viperscience.com. Additionally, our team has specific domain expertise to develop the FPGA-based hardware and accompanying firmware required to make this project successful. Details about the team members’ technical backgrounds are included below.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

The main goal of this project is to develop a functional prototype that showcases the feasibility and effectiveness of utilizing a hardware device to enhance the security of a live service’s hot wallet. By successfully demonstrating the capabilities of our hardware-based solution, we aim to provide tangible evidence of how such a device can significantly mitigate the risks associated with hot wallets – private key theft and fraudulent transactions. Through this prototype, we seek to establish the viability of our approach and lay the foundation for future advancements in hardware-based security solutions for live cryptocurrency services.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Milestone 1 - Prevent remote attacks on the hardware hot wallet keys [20 weeks, 49,842 ada]

Sign transactions on the hardware device. The wallet’s private key will be generated offline and stored encrypted on the device. The electrical interface between the PC running the live Cardano node and the hardware device will be intentionally limited to a heavily restricted UART interface that only accepts binary transaction packets. This will prevent remote attackers from exploiting software vulnerabilities to access the private key, e.g. by gaining remote network/shell access to the hardware device from the host PC.

1. Purchase two system-on-a-chip (SoC) development boards for the prototype units (the SoC devices will contain 64-bit ARM CPU cores and an FPGA) [2 weeks]
2. Develop & implement a command and control protocol for coordinating transaction signing between the PC and the hardware device [6 weeks]
3. Implement Ed25519 signing algorithm on the SoC’s CPU [6 weeks]
4. Demonstrate the ability for the host PC to pass binary transaction packets to the hardware device and receive valid signed transactions back [6 weeks]

Milestone 2 - Harden the hardware hot wallet to local side-channel attacks [22 weeks, 38,346 ada]

Implement a PUF on the SoC’s FPGA to encrypt/decrypt a private key generated on the device. This makes the device resilient to physical side-channel attacks.

1. Develop FPGA firmware to implement a suitable PUF [10 weeks]
2. Implement encryption/decryption scheme to keep the private key securely stored in local memory on the device [6 weeks]
3. Demonstrate the ability for the host PC to pass binary transaction packets to the hardware device and receive signed transactions back with the PUF in the loop [6 weeks]

Milestone 3 - Demonstrate capabilities with a live Cardano project [10 weeks, 32,447 ada]

Partner with a member of the Cardano community to utilize our prototype to protect their service’s hot wallet keys (this will likely be done on the testnet)

1. Reach out to the community to find interested parties and select a suitable project for the demonstration [4 weeks]
2. Work with the chosen project to integrate our prototype hardware into their service [4 weeks]
3. Demonstrate the service running on the Cardano testnet using our prototype [2 weeks]

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Milestone 1

• Deliverables: Demonstration video showing the hardware device successfully signing Cardano testnet transactions.
• Outputs: Prototype hardware specifications, software repository, and documentation.
• Intended outcomes: At this stage, a functional prototype will be able to make it impossible for a remote attacker to gain access to the hardware hot wallet’s private keys due to physical restrictions on the device’s electrical interface.

Milestone 2

• Deliverables: Demonstration video showing the hardware device successfully signing Cardano testnet transactions.
• Outputs: Prototype hardware specifications, software repository, and documentation.
• Intended outcomes: At this stage, the wallet key will be protected from local side channel attacks on the hardware

Milestone 3

• Deliverables: Demonstration video showing the hardware device successfully running within a live service on the Cardano testnet.
• Outputs: Feedback from the partner service on the effectiveness and ease of use for our prototype.
• Intended outcomes: At this final stage, we will have demonstrated the capability to protect a live service’s wallet keys and gained valuable feedback that could be used to further develop this concept for widespread use.

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

The project team consists of engineers with advanced degrees, each with over ten years of professional experience developing and building complex systems in research & development environments. As a baseline labor rate, we are using a relatively conservative rate of $63.91, which is the mean hourly wage for software developers in the US according to the US Bureau of Labor Statistics. 

Budget breakdown:

• Labor ($27,865):
• Milestone 1: 148 hours
• Milestone 2: 156 hours
• Milestone 3: 132 hours
• Materials ($3500): 
• FPGA SoC development board (x2): $3500

Assumed ada exchange rate: $0.26/ada

Total project cost: 120,635 ada

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The cost of the project represents excellent value for money for the Cardano ecosystem for four key reasons: 

• By investing in the development of a hardware-based hot wallet, the ecosystem gains a robust and secure solution to address the vulnerabilities associated with hot wallets required by many live blockchain services. This increased security translates to a lower risk of funds being stolen or fraudulent activities occurring, which ultimately preserves the value and integrity of the Cardano ecosystem.
• The proposed solution offers an autonomous transaction signing capability, streamlining operations for developers and reducing the need for manual intervention. This efficiency not only saves time and resources but also enhances the scalability and growth potential of projects built on Cardano. The long-term benefits of improved developer productivity and streamlined operations justify the investment in the project.
• The hardware hot wallet concept can be employed across a wide range of services running on Cardano, including cross-chain bridges, side-chains, dexes, and NFT mints. This versatility maximizes the value derived from the project, as the solution can benefit multiple sectors within the ecosystem.
• The project's emphasis on partnership with the community to demonstrate the capabilities of the hardware-based hot wallet in a live service further reinforces the value for money. This tangible demonstration serves as a proof-of-concept and showcases the practical implementation of the solution within the Cardano ecosystem.

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.

I Accept