Hardware-Secured Hot Wallets for Live Services (Dexes, Bridges, Side-Chains & Dapps)

[GENERAL] Name and surname of main applicant

Willie Marchetto

[GENERAL] Are you delivering this project as an individual or as an entity (whether formally incorporated or not)

Entity (Incorporated)

[GENERAL] Please specify how many months you expect your project to last (from 2-12 months)

12

[GENERAL] Please indicate if your proposal has been auto-translated into English from another language.

No

[GENERAL] Summarize your solution to the problem (200-character limit including spaces)

A secure-hardware "hot wallet" can prevent wallet keys from becoming compromised while enabling autonomous transaction signing capabilities required by live services.

[GENERAL] Does your project have any dependencies on other organizations, technical or otherwise?

Yes

[GENERAL] If YES, please describe what the dependency is and why you believe it is essential for your project’s delivery. If NO, please write “No dependencies.”

Milestone 3 of our project will entail partnering with a project within the community to demonstrate the capabilities of our developed prototype. Since our solution has wide applicability within the Cardano ecosystem, we expect the likelihood of a successful partnership to be high.

[GENERAL] Will your project’s output/s be fully open source?

Yes

[GENERAL] Please provide here more information on the open source status of your project outputs

This project will be fully open source under the MIT license.

[SOLUTION] Please describe your proposed solution.

Cryptocurrency projects often require the use of "hot wallets'' to sign wallet transactions necessary for live services, making them vulnerable to private key theft and fraudulent activities by attackers. Traditional hardware wallet devices cannot be used for these purposes, as they require a human-in-the-loop to manually approve and authenticate every transaction. To address this issue, we propose the development of a hardware-based hot wallet that ensures enhanced security and autonomy for cryptocurrency projects, such as cross-chain bridges, side-chains, dexes, and token mints.

For example, a service providing a cross-chain bridge from BTC to ADA maintains wallets on each blockchain. When users provide BTC, the bridge mints an equivalent amount of a "wrapped" BTC token on the Cardano blockchain. Likewise, when users send wrapped BTC to the bridge on the Cardano side, these tokens are "unwrapped", i.e. burned, and the original BTC locked on the Bitcoin chain is sent to the user. This bridge service must maintain "hot wallets" on both blockchains and the dapp's software will automatically sign transactions from these wallets as users utilize the bridge. If an adversary gains access to the server running this service, the wallet keys can be compromised, allowing adversaries to steal all of the BTC being held by the bridge. This isn't a hypothetical scenario; billions of dollars of cryptocurrency has been stolen through leaked hot wallet keys. Protecting the integrity of autonomous transactions is crucial for the success and trustworthiness of cryptocurrency services.

Our solution is to develop a field-programmable gate array (FPGA)-based hardware device that leverages physical unclonable function (PUF) technology and deliberate electrical interface restrictions to prevent attackers from extracting private keys from the device. The hardware hot wallet will differ from traditional hardware wallets by providing continuous and automatic transaction signing once the device owner unlocks it with an authentication code.

A PUF utilizes unique physical properties of a hardware device to generate a one-of-a-kind response to a challenge. In the context of our solution, the PUF is leveraged to securely store a wallet’s key within the device. The primary advantage of using a PUF is that it makes it virtually impossible for an attacker to retrieve the private key from the device, even through sophisticated attacks. By utilizing this unclonable and tamper-resistant mechanism, our solution would ensure a high level of security and protection for the private key, safeguarding it against unauthorized access and potential theft.

In addition to leveraging the PUF for securing the private key, our solution implements an additional layer of security by restricting access to the device itself. To ensure maximum protection, we will employ a restricted UART interface for communication between the hardware device and a host computer. This deliberate choice eliminates any potential vulnerabilities that could arise from complex and exploitable communication protocols, such as Ethernet. The device’s software will only accept a very limited communication protocol and will not allow shell access to the device. By utilizing this basic interface, we effectively minimize the attack surface and make it virtually impossible for an attacker to gain remote access to the hardware.

Key benefits:

• Enhanced security: The use of PUF technology guarantees protection against private key theft, ensuring the integrity of cryptocurrency transactions.
• Autonomous transaction signing: The hardware hot wallet will streamline operations by automatically signing incoming transactions (once authenticated), removing the need to manually sign wallet transactions in order to ensure the security of wallet keys.
• Versatile application space: The hardware-based wallet can be utilized (and customized) for various cryptocurrency services, including cross-chain bridges, side-chains, dexes, and NFT mints. Application-specific firmware can be developed to run within the secure environment of the embedded device.

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

Our solution is applicable to a variety of services throughout the Cardano ecosystem. By providing a hardware wallet solution for live services, our solution could greatly enhance the security of projects running on Cardano, strengthening the overall trust and reliability of the Cardano ecosystem, and attracting more developers and users to build and engage with the blockchain.

The hardware hot wallet automates transaction signing without compromising the security of private keys, streamlining and simplifying live wallet operation for service developers building on Cardano. This enhancement in security enables developers to focus on building and scaling their applications, making it easier and more efficient to develop on Cardano.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The Viper Science team has been an active contributor to the Cardano community for over four years. In addition to operating stake pools since the Incentivized Testnet, we have developed several open source tools for Cardano developers and SPOs. Five of these projects have been successfully funded through Catalyst in the past:

• Ogmios Clients in Python & C++ (https://projectcatalyst.io/funds/10/f10-osde-open-source-dev-ecosystem/ogmios-clients-in-python-and-c)
• Expanding the Cardano C++ SDK: libcardano (https://projectcatalyst.io/funds/10/f10-osde-open-source-dev-ecosystem/expanding-the-cardano-c-sdk-libcardano)
• Cardano-Tools Python Library (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-tools-python-library) 
• Cardano development library in C++ (https://projectcatalyst.io/funds/8/f8-open-source-development-ecosystem/cardano-development-library-in-c)
• API for Multi-Delegation Portfolios (https://projectcatalyst.io/funds/6/f6-dapps-and-integrations/api-for-multi-delegation-portfolios) 

A complete list of our contributions can be found at https://viperscience.com. Additionally, our team has specific domain expertise to develop the FPGA-based hardware and accompanying firmware required to make this project successful. Details about the team members’ technical backgrounds are included below.

Success will be measured through several key metrics, primarily focusing on the adoption and integration of our solution into services running on the Cardano blockchain. By the end of our 12-month project, we aim to achieve the following milestones:

1. Community partnerships: Our primary goals is to establish a partnership with at least one Cardano project, where our hardware hot wallet will be integrated and utilized in their live service. This collaboration will serve as a tangible demonstration of our capabilities and validate the practical implementation of our solution.
2. Adoption and integration: Going forward, we will track the number of services and projects that successfully adopt and integrate our hardware hot wallet into their infrastructure.
3. User engagement and feedback: We will actively collect feedback from project teams who have utilized our hardware wallet. Their input will provide valuable insights into the usability, security, and overall satisfaction with our solution.
4. Developer interest: We will gauge the level of developer interest and engagement in our solution by tracking metrics such as the number of developers accessing our documentation and contributing to the open-source community around our hardware hot wallet. Developer interest will indicate the relevance and potential impact of our solution on the Cardano developer ecosystem.

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

Milestone 1 - Prevent remote attacks on the hardware hot wallet keys [20 weeks, 24,892 ada]

Sign transactions on the hardware device. The wallet’s private key will be generated offline and stored encrypted on the device. The electrical interface between the PC running the live Cardano node and the hardware device will be intentionally limited to a heavily restricted UART interface that only accepts binary transaction packets. This will prevent remote attackers from exploiting software vulnerabilities to access the private key, e.g. by gaining remote network/shell access to the hardware device from the host PC.

1. Purchase two system-on-a-chip (SoC) development boards for the prototype units (the SoC devices will contain 64-bit ARM CPU cores and an FPGA) [2 weeks]
2. Develop & implement a command and control protocol for coordinating transaction signing between the PC and the hardware device [6 weeks]
3. Implement Ed25519 signing algorithm on the SoC’s CPU [6 weeks]
4. Demonstrate the ability for the host PC to pass binary transaction packets to the hardware device and receive valid signed transactions back [6 weeks]

Deliverables: Demonstration video showing the hardware device successfully signing Cardano testnet transactions.

Acceptance Criteria: Prototype hardware specifications, software repository, and documentation published.

Intended outcomes: At this stage, a functional prototype will be able to make it impossible for a remote attacker to gain access to the hardware hot wallet’s private keys due to physical restrictions on the device’s electrical interface.

Milestone 2 - Harden the hardware hot wallet to local side-channel attacks [22 weeks, 26,237 ada]

Implement a PUF on the SoC’s FPGA to encrypt/decrypt a private key generated on the device. This makes the device resilient to physical side-channel attacks.

1. Develop FPGA firmware to implement a suitable PUF [10 weeks]
2. Implement encryption/decryption scheme to keep the private key securely stored in local memory on the device [6 weeks]
3. Demonstrate the ability for the host PC to pass binary transaction packets to the hardware device and receive signed transactions back with the PUF in the loop [6 weeks]

Deliverables: Demonstration video showing the hardware device successfully signing Cardano testnet transactions.

Acceptance Criteria: Prototype hardware specifications, software repository, and documentation published.

Intended outcomes: At this stage, the wallet key will be protected from local side channel attacks on the hardware

Milestone 3 - Demonstrate capabilities with a live Cardano project [10 weeks, 22,200 ada]

Partner with a member of the Cardano community to utilize our prototype to protect their service’s hot wallet keys (this will likely be done on the testnet)

1. Reach out to the community to find interested parties and select a suitable project for the demonstration [4 weeks]
2. Work with the chosen project to integrate our prototype hardware into their service [4 weeks]
3. Demonstrate the service running on the Cardano testnet using our prototype [2 weeks]

Deliverables: Demonstration video showing the hardware device successfully running within a live service on the Cardano testnet.

Acceptance Criteria: Feedback from the partner service on the effectiveness and ease of use for our prototype received.

Intended outcomes: At this final stage, we will have demonstrated the capability to protect a live service’s wallet keys and gained valuable feedback that could be used to further develop this concept for widespread use.

[RESOURCES] Who is in the project team and what are their roles?

The Viper Science team members are:

Dylan Crocker, PhD: Engineer & developer (https://www.linkedin.com/in/dylan-andrew-crocker/)

Dylan is an Electrical Engineer with experience in antenna and radar system design as well as software development. He earned a PhD in Electrical Engineering, with a minor in Computer Science, from Georgia Tech. His PhD research focused on ultra-wideband antenna design. Dylan got started building in the Cardano ecosystem when running a stake pool during the Incentivized Testnet in 2019. His most recent work includes an open source implementation of Cardano primitives written in modern C++.

Willie Marchetto: Engineer & developer (https://www.linkedin.com/in/willie-marchetto-2268aa266/)

Willie is a computer & astronautical engineer experienced in designing, developing, integrating, & deploying electronics and software for satellites, embedded devices, and traditional compute systems. His technical contributions span the areas of high-performance computing, web application development, DevOps system administration, satellite electronics design, embedded systems software/firmware, and machine learning algorithm development. Willie has been an active Cardano developer and stake pool operator since 2019 and is currently the chief engineer for research & development at an aerospace engineering contracting company.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

The project team consists of engineers with advanced degrees, each with over ten years of professional experience developing and building complex systems in research & development environments. As a baseline labor rate, we are using a relatively conservative rate of $63.91, which is the mean hourly wage for software developers in the US according to the US Bureau of Labor Statistics. 

Budget breakdown:

• Labor ($27,865):
• Milestone 1: 148 hours
• Milestone 2: 156 hours
• Milestone 3: 132 hours
• Materials ($3500): 
• FPGA SoC development board (x2): $3500

Assumed ada exchange rate: $0.38/ada

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

The cost of the project represents excellent value for money for the Cardano ecosystem for four key reasons: 

• By investing in the development of a hardware-based hot wallet, the ecosystem gains a robust and secure solution to address the vulnerabilities associated with hot wallets required by many live blockchain services. This increased security translates to a lower risk of funds being stolen or fraudulent activities occurring, which ultimately preserves the value and integrity of the Cardano ecosystem.
• The proposed solution offers an autonomous transaction signing capability, streamlining operations for developers and reducing the need for manual intervention. This efficiency not only saves time and resources but also enhances the scalability and growth potential of projects built on Cardano. The long-term benefits of improved developer productivity and streamlined operations justify the investment in the project.
• The hardware hot wallet concept can be employed across a wide range of services running on Cardano, including cross-chain bridges, side-chains, dexes, and NFT mints. This versatility maximizes the value derived from the project, as the solution can benefit multiple sectors within the ecosystem.
• The project's emphasis on partnership with the community to demonstrate the capabilities of the hardware-based hot wallet in a live service further reinforces the value for money. This tangible demonstration serves as a proof-of-concept and showcases the practical implementation of the solution within the Cardano ecosystem.

[IMPORTANT NOTE] The Applicant agrees to Fund Rules and also that data in the submission form and other data provided by the project team during the course of the project will be publicly available.

I Accept