Guardian Wallet

[GENERAL] Name and surname of main applicant

Eric Duneau

[GENERAL] Email address of main applicant

eric@incubiq.com

Additional applicants

None

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

10

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

No

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

No dependencies

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

Will open source all JS libraries and Apps

However, it is planned that a very simple marketing website will be delivered, and it may not necessarily be open-source, and will be hosted on a dedicated private server. It will not contain much apart from links redirecting to the various repos and app downloads.

[METADATA] Category of Proposal

Wallet

[METADATA] SDG rating

SDG 9: Industry, Innovation, and Infrastructure - By developing an innovative digital identity solution, you are contributing to infrastructure development that fosters technological progress.

 

SDG 16: Peace, Justice, and Strong Institutions - By protecting users' personal data, your solution enhances privacy rights and promotes just and transparent institutions.

[IMPACT] Please describe your proposed solution.

The problem explained simply

When you open a self-sovereign crypto account, you are given a seed phrase consisting of a set number of words (e.g., 15, 12, or 24) that serve as the gateway to your wallet. These words can generate the private key required to sign transactions. However, if these seed phrases are stored online or kept in plain sight, they become vulnerable to hacking and theft.

a typical seedphrase and warning message

• If you store those 15 words online (backup system, cloud, or any system that is accessible via the internet) or in clear on a computer connected to internet (unfortunately prone to hacks), you are at risk that it will leak, and any day your wallet could be emptied. 

• If you write them on paper and keep it safe in your house, you are at risk that anyone seeing this paper could access your wallet and empty it.

Unfortunately, the crypto industry lacks a comprehensive solution to this problem, resorting to impractical suggestions like burying metal sheets with the seed phrase. This issue creates fear, uncertainty, and doubt (FUD) for new users entering the crypto space. See this link for example: (https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-

Addressing this problem is crucial for overcoming a major barrier to entry and ensuring the secure onboarding of new users into the world of crypto and self-custody. By eliminating this risk, we can make a significant impact in promoting widespread adoption and confidence in the crypto industry.

A novel solution to the problem:

The solution must address the following requirements:

1/ Ensure the 15 words never come close to the internet, avoiding any risk of compromise.

2/ Store the 15 words in a secure manner, preventing unauthorized access.

3/ Provide quick accessibility to the seed phrase without the need for complex procedures (or digging under the house!).

I have developed a system that offers a solution to these challenges. Although I have a working prototype (video attached), it currently lacks the necessary features to be embraced by the crypto community. It is a closed-source, commercial product with a backend, database, and login requirement, which may raise concerns among end users regarding its trustworthiness in safeguarding their seed phrases.

To address this, my proposal involves dedicating time and effort to transform the prototype into a robust, open-source app available on iOS and Android.

The final app will deliver the following:

1/ Open-source code, ensuring transparency and enabling community audit.

2/ Offline functionality for seed phrase management and encryption, minimizing the risk of leakage.

3/ Users will enter their 12, 15, or 24 words from their self-custodian wallet into the app.

4/ The app will encrypt the words using a strong encryption library and a user-specific private key.

5/ The encrypted result will be presented to the user as a QR code, downloadable and printable for future use.

6/ Scanning the QR code will reveal only encrypted content, while the app allows the user to decode and view the words instantly.

7/ Users can delegate QR code reading to another user via their public key, with attached conditions for retrieval, making traditional methods like private wills obsolete.

8/ The main private key for encoding will be generated by the user, using words of their choice, simplifying control over all keys."

a QR code containing a seed phrase that nobody else can decode

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

Addressing the challenge

The proposed solution addresses the challenge of improving interoperability within blockchains, as well as offering core infrastructure and common tooling to the eco-system. The project specifically focuses on 'Security and Privacy, and more precisely on the significant issue of seed phrase vulnerability and the risk of compromised private keys and wallet contents.

Onboarding users onto self-custodian wallets is a critical step in their crypto journey, and security concerns can deter potential users. The blockchain that offers the best security measures will gain trust and goodwill.

The project recognizes that onboarding the next billion users onto on-chain self-custodian wallets is a fundamental challenge for the entire crypto community. By providing a robust solution that ensures the safety of users' seed phrases, educates them, and alleviates concerns, I will contribute to overcoming this common global challenge.

The proposed app will be compatible with major blockchains, presenting a compelling reason for Cardano to be recognized as a leading and trustworthy blockchain. By demonstrating that the Cardano community can deliver a superior solution, it conveys Cardano's commitment to ethical practices and showcases its developer community's capabilities.

To promote Cardano within the crypto eco-system, the app will prominently display a 'Funded By Cardano' or 'Funded by Catalyst' logo, raising awareness and reputation.

Furthermore, to enhance Cardano's visibility, I intend to create onboarding tutorials and explainer videos based on Cardano, featuring user experiences with Cardano wallets and incorporating Cardano branding and visuals.

Since the app will be able to operate mostly offline, scalability is not a concern. And given that most crypto seed phrases adhere to standards like Bitcoin BIP39, the solution can have a broad impact across multiple chains, demonstrating scalability and benefiting the entire eco-system.

[IMPACT] How do you intend to measure the success of your project?

Measuring the success

The first major measure of success is the delivery of the project in open-source access. Actual experience of past open-source JS libraries delivered by Eric (see below) show over 1,000 downloads after a few months of upload.

Beyond the delivery of the source code, I intend to assess the project's impact through tracking, feedback, and engagement. In the initial stages, I will prioritize the dissemination into the Cardano community via demos, workshops, and participation into the eco-system. This will provide valuable insights to improve the app and refine the "longer-term" measures of success.

Ultimately, I will consider various metrics and feedback to evaluate the benefits brought by this innovation, including those:

1/ Adoption rate: Tracking the number of users (per blockchain) who adopt the app as a secure solution for safeguarding their seed phrases. I will specifically track adoption rate on the Cardano network.

2/ User feedback: Especially during the alpha stage, collecting qualitative data through surveys and user testimonials to gauge user satisfaction and confidence in the app's security features.

3/ Community engagement: Measuring the level of engagement and discussions within the Cardano community regarding the app and its contributions.

[IMPACT] Please describe your plans to share the outputs and results of your project?

Sharing the results

Here is my plan to share the outputs and results of the project:

1/ Dedicated website: I will create a dedicated website that serves as a central hub for the project, providing access to all open-source outputs, including the app's source code, documentation, and relevant resources. The website will showcase the project's impact, objectives, and achievements.

2/ Marketing videos: To demonstrate the app's ease of use and highlight its key features, I will create short marketing videos. These videos will showcase the app's functionality, security measures, and user experience, aiming to attract and engage potential users.

3/ Alpha release on Test Flight: In the early stages, I will make the app available in an Alpha release on Test Flight. This limited release will target around 10-20 early adopters, primarily drawn from the Cardano community. Their feedback and insights will be invaluable for refining the app and identifying areas for improvement.

4/ Catalyst Townhall session: Once the app reaches its official release version, I plan to showcase it in a Catalyst Townhall session. This session will provide an opportunity to present the app's features, benefits, and real-world use cases to the wider Cardano community, fostering engagement, feedback, and collaboration.

5/ Collaboration within the Cardano eco-system: The results generated from this project could serve as a foundation for further research and development activities, as well as direct integration of the open-source libraries in other web3 projects.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

Capability to deliver the project with high levels of trust and accountability

Risk evaluation:

At this stage, there are no significant technological challenges remaining. I have already developed a 'web2' version of the solution, as showcased in the videos and available for download from the App Store. The next step involves refactoring the solution, eliminating the need for a backend and database, and rebuilding it on a modern framework (such as React Native) to deliver the app for both iOS and Android platforms.

Trustworthy implementation:

The new app will not require user registration, eliminating the need for a backend or database. During the initial login equivalent, users will enter their own original seed phrase, which will generate a private key for encoding future seed phrases into QR codes. The original seed phrase will be securely stored within the app (local storage or equivalent), inaccessible and immune to external hacking attempts. To enhance security, I plan to integrate phone security systems like fingerprint or face recognition for app access. In certain cases, users may be prompted to enter the original seed phrase at each app usage for stronger security, although less convenient.

Mitigating deadlines:

To ensure adequate time allocation, I have defined a project duration of 10 months although it is clearly evaluated in the proposal that the development workload is at most of 2 months. This approach will mitigate any risk of unexpected delays and ensure project completion within a reasonable timeframe.

Credentials:

Regarding wallet integration, I have previously delivered an open-source solution in Fund8 through the project 'Sign-In with Cardano' (accessible at https://cardano.ideascale.com/c/idea/62330). The associated open-source code for accessing multiple chains and wallets has already been downloaded over 1,000 times (available at https://www.npmjs.com/package/@incubiq/siww). This demonstrates my proven experience and capabilities in delivering reliable and widely adopted solutions.

With the approach, capabilities, and credentials listed above, I believe that I am well-suited to deliver the project with a high level of trust and accountability, ensuring the proper management of funds and meeting the expectations of the Cardano eco-system.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

Main goals for the project and approach feasibility

The main goals for this project are as follows:

1/ Develop a robust and secure solution: The primary objective is to create a solution that allows self-custodian wallet owners to keep their seed phrases safe while ensuring easy accessibility. The feasibility of this approach will be validated through rigorous testing, code review, and adherence to best security practices. Additionally, the open-source nature of the project will allow the broader community to review, audit, and contribute to the solution's ongoing improvement.

2/ Enhance user experience: An important goal is to provide a user-friendly experience for managing and accessing seed phrases. While this goal is qualitative and not easily quantifiable, I will evaluate the achievement of this objective through user feedback, surveys, and usability testing.

3/ Resolve the issue of inaccessible wallets: when someone looses their seed phrase, the access to on-chain assets is lost forever. It creates a particularly acute problem in case of death of the wallet owner. Seed phrase delegation which activates upon specific events will resolve this issue.

4/ Promote adoption and trust: The project aims to contribute to the growth and adoption of the Cardano eco-system by addressing a critical security concern. I will track the number of app downloads, number of Cardano seed-phrase secured, user engagement, and community feedback.

Implementation approach:

The implementation of the project will follow an agile practice:

1/ Development and testing: I follow an iterative development approach, with constant testing, constant delivery, and embedded quality assurance processes.

2/ User feedback and iteration: Regular feedback loops with users and the Cardano community will be established to gather insights, identify areas for improvement, and iterate on the solution.

By pursuing these goals and following a comprehensive implementation approach, I believe that this project will deliver a feasible and impactful solution that addresses the critical security concerns surrounding seed phrase management and delegation, first in the Cardano eco-system, but also for all blockchains in general.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Project breakdown into milestones

Here is the detailed breakdown of the project's 3 milestones (wd= working day of 8 hours):

Milestone 1: delivery of the main JS lib

[9 days] Lib for encode / decode / delegate

• [1 wd] open source repo setup, various readme for usage, install, test...
• [3 wd] QR encode, QR decode, master seed, private key
• [5 wd] delegation of secret, conditions of delegation, share with other's pub key

Acceptance: the JS Lib is working and delivered on GitHub. A video report is made showing how to use it.

Milestone 2: delivery of the App on TestFlight in Alpha release

[15 days] App setup phase

• [5 wd] build skeleton of app (likely in React Native, backup plan would be to use Cordova)
• [2 wd] iOS / Android setup pages, test env, build scripts, ongoing postman tests, etc...
• [5 wd] implement the various biometric scans in the app + security aspects (iOS / Android)
• [2 wd] integrate various encryption libs, protect user own original seed from hacks
• [1 wd] integrate with iOS/Android policies (1/2 day each)

[18 days] Most functional UI/app

• [6 wd] UI for seed phrase data entry, storage, QR generation, QR export
• [4 wd] UI for listing all secured wallets (metadata) + edit metadata / sort...
• [4 wd] UI encode / decode / delegate
• [4 wd] UI for all onboarding and to create original seed phrase for app

Acceptance: the App is on TestFlight and can encode/decode/delegate seed phrases. A video report is made showing how to use it.

Milestone 3: delivery of the final App, video, website, and all open-source code

[6 days] Nice app onboarding + tutorials

• [2 wd] splash / welcome / graphics, all formats, all devices
• [4 wd] short video and guides

[6 days] Simple entry website + doc/ marketing videos

• [3 wd] hosted website (nodeJS / react?)
• [3 wd] various pages including for dissemination / SEO

[12 days] Delivery + test + risk mgt

• [2 wd] iOS app test
• [1 wd] iOS app deliver
• [2 wd] Android App test
• [1 wd] Android App deliver
• [6 wd] risk mitigation on the whole dev part of project

Acceptance: the App is available on GooglePlay and AppStore in official release. It and can encode/decode/delegate seed phrases. A website links to the various open source resources, and to the app for download. At least one marketing video is accessible on the website. A video report is made showing all the above.

Not included in cost (but will be delivered on a needs basis)

• ongoing maintenance and delivery of app upgrades (minimum commitment of 3 years)
• reviewer / gatekeeper of integration fixes or evolution of app driven by community / devs
• fees for hosting website + domain name (for at least 3 years)
• fees for iOS App release / various tools (for at least 3 years)
• product demo / attend webinars to showcase the product when requested

Project duration:

This project has a total of 66 days.

All test, doc, and marketing activities (including producing video) will be subcontracted for more efficiency. That is a total of 21 days, or one month. Dev time is the remaining 45 days, or two months.

The "Dev time" is the one on the critical path. This proposal is set for a delivery within 10 months, which is basically factoring only a 20% capacity on the dev tasks. This choice was made to de-risk entirely this project and make it "easy" to deliver within deadline, budget, and functionalities.

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Deliverables, outputs, and intended outcomes of each milestone

Milestone 1:

• Production-ready JS Lib delivered on GitHub: The JavaScript library will be fully developed, tested, and available as an open-source project on GitHub. It will include functions for encoding, decoding, and delegating seed phrases.
• Video report: A comprehensive video report will showcase the functionality and usage of the JS Lib.

Intended outcome: Milestone 1 establishes a solid foundation by delivering a reliable and well-documented JS Lib. This milestone enables the subsequent development and integration of the app while allowing the Cardano community to review and contribute to the project's progress.

Milestone 2:

• App on iOS TestFlight (alpha release): The app will be made available on iOS TestFlight, allowing a selected group of early adopters to access and test its functionalities for encoding, decoding, and delegating seed phrases.
• Video report: A video report will be created to demonstrate how to use the app, showcasing its features and guiding users through the process of managing their seed phrases securely.

Intended outcome: Milestone 2 marks the alpha release of the app, validating its core functionalities and gathering valuable feedback from users. It ensures that the app meets the expected standards of security and usability, with insights gained from user testing contributing to further refinements.

Milestone 3:

• App available on GooglePlay and AppStore: The app will be officially released on both GooglePlay and AppStore, making it accessible to a wider audience of users on Android and iOS platforms.
• Full functionality for seed phrase management: The app will support encoding, decoding, and delegating seed phrases, providing users with a seamless and secure experience.
• Marketing website and resources: A dedicated website will be created to promote the app and its open-source resources. The website will feature links to download the app, documentation, and provide access to at least one marketing video.
• Complete source code on GitHub: The entire source code of the app will be published on GitHub, in a dedicated repo under https://github.com/incubiq, allowing developers to review, contribute, and ensure transparency in the project's development process.
• Video report: A comprehensive video report will summarize the app's features, its availability on app stores, and the open-source resources available. The video report will serve as a demonstration of the project's accomplishments.

Intended outcome: Milestone 3 signifies the successful completion of the project, with the app fully available to users, comprehensive documentation accessible, and a marketing website highlighting its features.

Project tracking:

To track the project's progress, the following measures will be employed:

• Timelines: Tracking the completion of milestones within the specified timeframe, ensuring efficient project management.
• User feedback: Gathering feedback from users during alpha and official releases to evaluate their satisfaction, identify any issues, and drive improvements.
• Adoption metrics: Monitoring the number of app downloads, user engagement, and community response to measure the app's acceptance and impact.
• GitHub activity: Tracking engagement with the open-source codebase, such as the number of contributions, issues raised, and community involvement.
• Catalyst engagement: each month, a video progress report will be sent to catalyst for the benefit of the Cardano community.

These measures will provide a holistic view of the project's progress and its impact on users, developers, and the broader Cardano eco-system. They will also ensure full accountability up to the final delivery.

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

Budget breakdown

The budget of the entire project is 120,721 ADA. It is calculated as follows:

• cost of all test, documentation, video editing, and other marketing activities: $32.50 per hour
• code of dev: $75 per hour
• ADA/USD conversion rate: 0.2775

The table below explains the cost per each activity

In summary, the payments are as per below:

• Milestone 1: 19,459 ADA (16.1%)
• Milestone 2: 71,351 ADA (59.1%)
• Milestone 3: 29,910 ADA (24.8%)

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

Value for money in the Cardano eco-system

The cost of the project represents excellent value for money. As the main developer, Eric is based in the UK, where he generally command a rate way in excess of the $75 per hour agreed for this project.

The project's cost accounts for a mere 3.8% of the allocated budget for Open Source developments. If all projects deliver comparable value, it would allow for the funding of approximately 26 projects in this category alone!

This project addresses a critical aspect of infrastructure - securing wallets - which has been overlooked by the broader crypto community even after 15 years since Bitcoin's inception. Therefore, the value for money is amplified by the recognition it brings to the Cardano eco-system, positioning it as a leading force in the world of thousands of blockchains in need of robust security measures.

The project's costs have been carefully considered and down-adjusted to reflect a fair and proportionate investment. By delivering exceptional value for money, the project maximizes the impact of the allocated resources and aligns with the goals and aspirations of the Cardano eco-system.

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.

I Accept