Message signing for Trezor and Ledger (CIP-8, CIP30)

[GENERAL] Name and surname of main applicant

[GENERAL] Email address of main applicant

Additional applicants

-

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.” .

• External security audit for Ledger
• Ledger review and release process
• Trezor security review and release process
• Current Ledger PR with new Catalyst support and few other minor changes needs to be released before this PR will be released.
• Ledger application needs to be split into lite (Nano S) and full (other Ledgers) versions - currently in progress

[GENERAL] Will your project’s output/s be fully open source?

[GENERAL] If NO, please describe which outputs are not going to be open source. If YES, please write “Project will be fully open source.”

The project will be fully open source.

[METADATA] Category of Proposal

[IMPACT] Please describe your proposed solution.

More and more dApps require users to sign some messages with their wallet. This is done for different purposes, the most common purpose is to validate that the user owns a secret key to the injected public key (when performing actions such as log in to dApp, prove ownership of address, asset, stake key, governance voting etc). This feature was long missing on HW wallets which blocks HW wallets users from using some popular Cardano dApps and we would like to fix it.

Many dApps developers were shy of implementing message signing functionality to their dApps because this was not supported by HW wallets in the past.

Here are a few examples of Cardano apps currently using message signing:

• Jpg.store - login
• summon dao - login
• Sundaeswap - voting
• GateKeeper - prove ownership of digital assets

Looking at the Ethereum ecosystem, we may expect widespread use of message signing for different purposes in the future. 

We will implement the signData endpoint (as described in https://cips.cardano.org/cips/cip30/#apisigndataaddraddresspayloadbytespromisedatasignature) for Ledger and Trezor devices (we may not be able to do it for Nano S due to memory constraints) and in cardano-hw-cli.

Details: COSE_Sign1 (with the only allowed context "Signature1"), with support for hashed payload and also non-hashed payload with a limit on payload length (to be still determined, depending on Ledger and Trezor capabilities). No COSE encryption.

[IMPACT] How does your proposed solution address the challenge and what benefits will this bring to the Cardano ecosystem?

This proposal will enable HW wallet users to use core web3 functionality which is becoming more and more used on Cardano blockchain and we can expect many more dapps will be using message signing in the future.

[IMPACT] How do you intend to measure the success of your project?

HW wallet users will be able to use dApps that are using message signing.

[IMPACT] Please describe your plans to share the outputs and results of your project?

We will inform all popular dApps that use message signing about the possibility to enable message signing for HW users. This should be easy to enable for dApps as most of the work will be done by the integration libraries.

[CAPABILITY/ FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability?

Vacuumlabs has been developing both Ledger and Trezor Cardano integrations since 2018. Alongside this, we developed numerous other Ledger integrations.

[CAPABILITY/ FEASIBILITY] What are the main goals for the project and how will you validate if your approach is feasible?

Message signing released on Trezor and Ledger.

[CAPABILITY/ FEASIBILITY] Please provide a detailed breakdown of your project’s milestones and each of the main tasks or activities to reach the milestone plus the expected timeline for the delivery.

Milestone 1 - Trezor integration

Milestone 2 - Ledger integration

Milestone 3 - External security audit for Ledger

Milestone 4 - Cardano-hw-cli integration

Milestone 5 - Trezor release

Milestone 6 - Ledger release

[CAPABILITY/ FEASIBILITY] Please describe the deliverables, outputs and intended outcomes of each milestone.

Milestone 1 - Trezor integration

• Demonstration of integration of message signing (CIP8/30) in Trezor firmware
• Demonstration of integration of message signing in Trezor Connect (used for communication with the Trezor device)

Milestone 2 - Ledger integration

• Demonstration of integration of message signing (CIP8/30) in Ledger firmware
• Demonstration of integration of message signing in cardano-ledger-js library (used for communication with the Ledger device)

Milestone 3 - External security audit for Ledger

• Passed external audit and fixed findings

Milestone 4 - Cardano-hw-cli integration

• Demonstration of integration of message signing in cardano-hw-cli (used by 3rd party scripts and by power users)

Milestone 5 - Trezor release

• Message signing live on Trezor 

Milestone 6 - Ledger release

• Message signing live on Ledger

[RESOURCES & VALUE FOR MONEY] Please provide a detailed budget breakdown of the proposed work and resources.

Milestone 1 - Trezor integration - 78810.3

Milestone 2 - Ledger integration - 88082.1

Milestone 3 - External security audit for Ledger - 54545

Milestone 4 - Cardano-hw-cli integration - 21816

Milestone 5 - Trezor release - 13907.7

Milestone 6 - Ledger release - 15543.9

[RESOURCES & VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

Costs for HW wallet firmware development were calculated based on $1000 per man-day of work. This is mainly because very specific skills are required by the engineers delivering this work and it is on par with other companies providing HW wallet development services. The cost for external audit is set based on our past experience with these audits, as we already received quotes for several different codebases.

[IMPORTANT NOTE] The Applicant agreed to Fund10 rules and also that data in the Submission Form and other data provided by the project team during the course of the project will be publicly available.