Last updated 2 months ago
Cardano software wallets provide no security assurances in desktop environments without trusting a black-box hardware wallet, while command line tools require a dedicated air-gap machine for security.
This is the total amount allocated to Frankenwallet: DIY boot drive for privacy, security & SPO. 0 out of 4 milestones are completed.
1/4
Build collaborative documentation web site sourced from GitHub
Cost: ₳ 44,685
Delivery: Month 2 - May 2024
2/4
Initial peer review and user testing, adding security and operational scenarios
Cost: ₳ 37,238
Delivery: Month 4 - Jul 2024
3/4
Integration with stake pool operator scripts, testing with SPOs
Cost: ₳ 37,237
Delivery: Month 6 - Sep 2024
4/4
Final improvements, product-calibre delivery, closure
Cost: ₳ 29,790
Delivery: Month 7 - Oct 2024
NB: Monthly reporting was deprecated from January 2024 and replaced fully by the Milestones Program framework. Learn more here
Document, test, improve, and launch a public repository for the Frankenwallet: a DIY bootable high security environment for privacy, light wallets, stake pool operations, and secure record keeping.
No dependencies.
The output web site will be almost entirely documentation (including perhaps a few human readable scripts), so it will be best covered by the CC BY-SA 4.0 (Attribution, ShareAlike) license. This differs from the default "Attribution" CC BY 4.0 in that derivative works must also be open sourced according to the same license.
The NonCommercial component for Creative Commons licensing doesn't seem well suited to the open source promotion of this material, because of drawbacks given here (Wikimedia: The Creative Commons licencing scheme: NC – NonCommercial) including restricted use in academic contexts and prohibition on Wikipedia itself. Therefore CC BY-SA 4.0 appears best to support growing communities around open source documentation.
As with all Creative Commons licenses, it also includes a well-known standard limitation of liability which makes it very clear — vitally for the persistence of this project — that users employing the Frankenwallet in the management of their secure assets will be doing so at their own risk.
As would any educational tool that promotes technological security and self-sufficiency, the Frankenwallet could be used in service of any of the SDG goals without supporting any goal(s) in particular. Likewise the success of this project would not be measurable by any of the KPIs that are suggested in that framework.
The Frankenwallet is a documentation project for building a do-it-yourself (DIY) platform for the privacy and security of cryptocurrency holdings and operations.
A bootable device built according to these instructions is likewise called a Frankenwallet. Note therefore the Frankenwallet is not a product or an installable piece of software: it is a tool a user or operator will build for themselves from open-source, peer-reviewed documentation.
Though the scope of features is quite different than the commercial "hardware" wallet, it is intended to offer a similar security assurance — mainly, isolating one's private keys from an insecure networked environment — but with appeal to users and operators who prefer to control their own private keys rather than trusting them to a "black box" of incompletely known design and behaviour.
This project has already been under development since first employed in the COSD stake pool launch in August 2020, and has been publicly documented since January 2021. So far this solution has seen private use, with interest from other developers and DIY enthusiasts, but has not yet achieved its potential as a part of Cardano's standard offerings for privacy and operational security.
The author and proposer Robert Phair believes that achieving this full potential is a matter of focused user / developer outreach, with repeated cycles of improvement based on user feedback, while executing a plan for specific improvements based on popular use cases and expectations of community support and open source documentation.
Since this project is planned and budgeted at 9 months, an expected March 2024 onboarding for Catalyst Fund 11 means Cardano community would have a working, community tested and validated procedure, with its own GitHub repository and web site, before the end of 2024.
Status of the Frankenwallet at this time:
At cosd.com/frankenwallet is a roughly 40-page web microsite with a draft set of installation guides, standards and templates enabling readers to install and use a removable Linux OS drive (the "Frankenwallet") as a highest-security, air-gapped transaction signing environment with the ability to manage and store encrypted files and archives.
When one's primary computer is booted from this removable drive, operators can do all these things while completely isolated from Internet access:
In addition to this "cold" or air-gapped configuration, providing maximum privacy and security, a second "cool" configuration was documented which allows functionally limited Internet access. This provides greater usability, but less security... yet much more privacy and security isolation than a user's regular desktop environment.
Users of this "cool" Frankenwallet have a dedicated Linux OS on which to keep their web-based browser wallets, interact with dApps and DEXes, and securely encrypt wallet secrets like passphrases for backup and storage in the outside world — without ever exposing their crypto portfolio and private data to the security risks of their regular desktop environment.
In either case, since it runs entirely from a removable drive, the Frankenwallet offers the option not to have a second machine or hardware wallet for secure Cardano operations.
It also offers to bridge the gap between the devoted Cardano community and long time enthusiasts of other cryptocurrencies. For instance Ethereum users extending or migrating to Cardano will have a common tool to generate addresses, keys and transactions offline: since the flexible Linux OS will allow Cardano and these other blockchain CLIs to be installed in the same environment.
For an an abridged version of the Frankenwallet setup procedure, see the official Cardano Foundation page on the Developer Portal (SPO Tools: Get Started with the Frankenwallet).
Improvements to the Frankenwallet in the course of this proposal:
The following steps — to convert the existing proof of concept into a well known, validated community tool — are the basis for this project's milestones and budget. These are tagged to correspond to the MILESTONES section below, and each represent about 1 month of work over a 9-month period to delivery:
(1a) Convert all pages in draft e-book into GitHub Markdown or HTML pages - As well as standardising this material, this will enable community contributors and reviewers to submit changes and improvements as more people begin using the platform.
(1b) Configure Jekyll or equivalent to build front end site from GitHub material - Installing a process to build a public web site, in e-book form, from the GitHub material: which can simply be followed by users and operators as any other reference, documentation or tutorial.
(1c) New content creation (1 of 2): Use cases - As well as filling in any omissions in the existing material, adding documentation and tutorials for the newer "cool" configuration supporting user wallets.
(2a) Community invitation to review web site design and content - Announcing to Cardano users and developers that this material is available for open testing and public comment, beginning 6 months of response to issues and discussions raised on the new GitHub repository.
(2b) New content creation (2 of 2): Special cases in privacy, security, and operations - Researching and documenting: tutorials for privacy use cases (e.g. developer key sharing, "will and testament"); security workflow; installing Frankenwallet on an encrypted part of a main disk.
(3a) Install SPO Scripts and test in Frankenwallet, then add documentation - Proving Frankenwallet can be used as a functional replacement for the "Air Gap" second machine long recommended to Cardano stake pool operators, even if using the operator scripts in addition to the bare Cardano command line interface.
(3b) Publication, testing, and evaluation with SPO scripts - Soliciting and incorporating responses from the SPO community about using the Frankenwallet and the SPO scripts together; beginning 3 months of final test, with a demanding user base, for all uses of the Frankenwallet.
(4a) Improvement based on SPO feedback, addressing tech issues - Roughly a one-month period to address any major design or documentation issues identified by the SPO community, and to improve the general quality of online documentation for the general user community.
(4b) Resolving GitHub issues / discussions, video tutorials, final reporting - Video demonstrations will be expected for the 3 major use categories (command line, SPO scripts, and user wallets), with a review and report of the full 9 months of GitHub linked + verified progress, and the usual Catalyst demonstration close-out video.
NOTES about the name "Frankenwallet"
Technical readers should please observe the name is unrelated to the Franken address — an informal reference to the more standard term mangled address for a Cardano address of mixed origin.
Also, the term "wallet" — intended to relate applications and target audience to the proprietary "hardware wallet" — is also used differently than for wallet apps, because the Frankenwallet does not actually manage funds. Yet the term is now officially applicable according to recent definition of a "zero-data" wallet which relies upon the user to store addresses, assemble transactions and manage keys: all done manually in the Frankenwallet by deliberate record-keeping, prepared procedures and operator scripts.
See this page on the draft web site (Why "Frankenwallet") for the full story of its name and origin.
Target audience: general use cases
(condensed and updated from the Frankenwallet documentation at the e-book introduction page) The Frankenwallet will be useful to anyone who:
Target audience: vs. the hardware wallet
Vocal members of the Cardano community have long insisted that funds are only "safe" when they are on a hardware wallet, in spite of the facts that:
It is beyond the scope of both this proposal and the Frankenwallet documentation to convince the reader that there are security or privacy problems with hardware wallets. The impact of this proposal is simply that users will now have a choice to take privacy and security into their own hands with a device of open source origin to use instead.
For more points to consider about this part of the community impact, see:
Means of engagement and success measurement:
Web site - first order of engagement (for users)
All software and crypto communities are contacted most often by users looking for documentation and tutorials. The Frankenwallet development plan will ensure the new site frankenwallet.com is a commonly known resource in the Cardano community for building an "air gap" / SPO environment or more securely hosting their web-based wallets. Measurements of success would be:
GitHub material - Deep-level engagement (for reviewers, experts and community leaders)
Here the source material for the web site will be accessible along with its own development history and any user-requested dialogue and interaction. Anyone with a GitHub account, even outside of the Cardano community, will be able to post comments and suggestions through these standard features which can also be counted as KPIs to measure progress:
Note that Issues, Discussions and PRs will all be visible on the top bar of the GitHub repository itself, so anyone looking at the repository will be able to get a good view of its growth and community engagement at any point during the project.
GitHub also has the distinct advantage over social platforms like Telegram and Discord in that
Users, contributors or auditors interested in following the Frankenwallet project will only have to select the Watch button on the top bar in GitHub to subscribe by email to any or all of the key events above.
Catalyst monthly reports
Impact can also be measured through reports of site development and feedback, broken down by the type of interaction and particular issue. For examples of how these reports will look, see the latest reports in this repository for the proposer's concurrent Catalyst funded project (github.com/rphair/cip-editing).
How this approach can be confirmed feasible now
Considering that the Frankenwallet is documentation rather than a developed product, it been feasible from the first time it was documented (in mid-2020) for private use in building a real stake pool and protecting its pledge. All working models used in the author's stake pool operations since then have also been following this documentation.
The Cardano Foundation's Developer Portal has also provided an endorsement of the Frankenwallet, effectively confirming its feasibility by expert reviewers, by including it with the officially listed Operator Tools.
How it can be confirmed feasible at future iterations
After Milestone 1 of this project (see next section), all subsequent milestones will solicit community feedback in which any problems can be pointed out by any GitHub user by filing an "issue" (as directed on the new web site). Therefore every substantial change will be followed by a round of review in which problems affecting feasibility will be documented and corrected.
Managing of funds
Not relevant in this case because the material expenses are minimal and will be abundantly covered by the initial project payment:
Build collaborative documentation web site sourced from GitHub
Months 1 through 3
Starting with prior material for the Frankenwallet (at cosd.com/frankenwallet), migrate all pages to GitHub files at repository github.com/rphair/frankenwallet and use automated site building tools and front-end design methods to produce a finished, public-ready web site from this material: editing the previously drafted material in the process.
The development process will be similar to these standard instructions (GitHub Actions: building a Jekyll site with GitHub Pages) and include CSS + HTML theming and integration features for "headless" static web design: similar to the process to build the Cardano Developer Portal from these source files (github.com/cardano-foundation/developer-portal).
Milestone outputs (from SOLUTION section)
Acceptance criteria
Initial peer review and user testing, adding security and operational scenarios
Months 4 and 5
The project will be opened up to public review, primarily based on two documented use cases so far: the "cold" (air gapped) configuration for secure use of Cardano keys via the CLI, and the "cool" (restricted Internet) configuration for more security; private use of light wallets and dApps; and encrypted record-keeping.
As this progresses, some complex issues not present in the original Frankenwallet documentation will be addressed:
Milestone outputs (from SOLUTION section)
Acceptance Criteria
Integration with stake pool operator scripts, testing with SPOs
Months 6 and 7
The Cardano StakePool Operator Scripts have been used since 2020 and have a huge body of users who are expected to maintain pool keys and secure their pledge on dedicated "air gap" machines, but without any standard instructions being provided to build these machines. Procedures for setting up their secure environment have mainly been circulated by the Telegram "SPO Best Practices" workgroup and in isolated postings on the Cardano Forum.
This period will focus on Cardano SPOs and begin a 3-month validation period to ensure stake pool operators feel comfortable using the Frankenwallet in their workflow, with all relevant information about setting up this environment documented on the web site, with all pending improvements documented on GitHub as they emerge from this point onward.
Exposure of SPOs to the Frankenwallet, followed by any refinements to the procedure and documentation based on this interaction, is likely to produce the best improvments to the Frankenwallet due to their high expectations of security, for convenient workflow, and for complete, high quality documentation.
Milestone outputs (from SOLUTION section)
Acceptance Criteria
Final improvements, product-calibre delivery, closure
Months 8 and 9
This period is used to further elaborate any operational or security scenarios identified by the SPO community as needing improvement. SPOs will also be interested in the "cool" configuration of web-based wallet isolation and are likely also to submit feedback about it. This period will draw all pending test cases together and post any required new material on the web site.
The user community, and likely milestone reviewers, would also expect a video based on each of the major use scenarios in addition to the Catalyst close-out video based on the project as a whole, so the final month will produce video illustrations of the 3 proven configurations ("cold" with CLI, "cold" with SPO scripts, and "cool" with browser wallets + dApps).
Milestone outputs (from SOLUTION section)
Acceptance Criteria
The entire project will be executed by Frankenwallet inventor / documentation author Robert Phair, in the following roles:
General credentials, contacts and media channels:
GitHub: rphair
Twitter (X) business handle: @COSDpool
Cardano Forum: @COSDpool
Qualifications for Cardano standards and documentation:
An official editor of the Cardano Foundation CIP repository, its #1 most counted contributor and GitHub repository co-maintainer.
Cardano Developer Portal: the #1 most counted contributor outside Cardano Foundation and GitHub repository collaborator.
Author of Security section on Developer Portal, including standards for Air Gap Environment and Secure Transaction Workflow.
Provided first public documentation of whole CIP Process at Medium article series beginning here (Cardano Improvement Proposals (CIPs) — Introduction from an Insider).
Cardano standards (CIPs): CIP-0013 co-author and current maintainer.
Cardano Summit, September 2021: Standards panellist on Governance track
Qualifications for interaction with community (users, developers, SPOs):
Discord > CIP Editors Meetings official server (invite): Editor role, CIP helping hand on #general channel.
Group moderator of CIP Room, Cardano Professional Society (independent members-based organisation).
Stake pool operator since beginning of Shelley era (COSD: low-fee single pool) since Q3 2020; seven-time winner and current holder of Cardano Foundation community delegation.
Operations, project management and web design experience:
UNIX/Linux systems integrator, project manager, CMS web designer, and software standards architect since late 1980's (C.V. / Resume).
Computer industry consultant with thirty years of professional experience in systems integration, networking, programming / design, technical writing, and project management.
Business advisor for cloud computing, online marketing + commerce, data security, technical training and emerging technologies.
See MILESTONES for a full description of these tasks, and VALUE FOR MONEY for an explanation of these two bill rates:
Each of these 9 project tasks documented in MILESTONES is planned for 1 project month (9 months total) and budgeted for 4 weeks (36 weeks) containing 70 hours each 4-week period (average 17.5 hours per week).
Each milestone will also have an additional allocation of 10% of the total hours for public documentation including Catalyst written reporting (see VALUE FOR MONEY for justification). These additional 4 weeks of work (36 + 4 = 40 weeks total) will be distributed evenly across each milestone.
Milestone 1 (Months 1-3) = Building collaborative documentation web site
1a) 60 content + 10 dev = Convert old material to GitHub (2 hours * 30 key pages + tech review)
1b) 20 content + 50 dev = Integrate GitHub material into new site (mainly devops + some content)
1c) 40 content + 30 dev = Existing page improvement, additional topics + research
Total hours = 210 hours = 21 hours reporting
Content budget = (120 + 21) * 150 = 21150 ada
Dev budget = 90 * 300 = 27000 ada
TOTAL = 48150 ada
Milestone 2 (Months 4-5) = Improving and documenting robust privacy + security procedures
2a) 40 content + 30 dev = Community review, technical responses
2b) 20 content + 50 dev = Continued review, advanced topics + security scenarios
Total hours = 140 hours = 14 hours reporting
Content budget = (60 + 14) * 150 = 11100 ada
Dev budget = 80 * 300 = 24000 ada
TOTAL = 35100 ada
Milestone 3 (Months 6-7) = Integration with Stake Pool Operator scripts
3a) 70 dev = Integration with SPO scripts
3b) 40 content + 30 dev = Community review with SPOs + fine-tuning procedures
Total hours = 140 hours = 14 hours reporting
Content budget = (40 + 14) * 150 = 8100 ada
Dev budget = 100 * 300 = 30000 ada
TOTAL = 38100 ada
Milestone 4 (Months 8-9) = Validation, video documentation and reporting
4a) 40 content + 30 dev = Improvement based on SPO feedback, addressing tech issues
4b) 70 content = Resolving GitHub issues / discussions, video tutorials, final reporting
Total hours = 140 hours = 14 hours reporting
Content budget = (110 + 14) * 150 = 18600 ada
Dev budget = 30 * 300 = 9000 ada
TOTAL = 27600 ada
GRAND TOTAL = 48150 + 35100 + 38100 + 27600 = 148950 ada
Establishment of project bill rates:
ADA/USD rate at project submission (2 hours before deadline): 9AM UTC 30 Dec (4AM UTC 30 Dec) = $0.373206
Therefore hours in BUDGET + COSTS are billed at:
Content hours = 150 ada per hour (equivalent 0.373206 * 150 = $56 / hour), corresponding to reasonable rates for commodity web design and technical writing, for these project tasks:
Development hours = 300 ada per hour (equivalent 0.373206 * 300 = $112 / hour), corresponding to a reasonable rate for full stack web development and operational consulting (standard = $150 per hour), for these tasks:
Catalyst reporting NOTE - "Project Management", "Overhead" and "Reporting" for Catalyst projects are generally around 15% of the project bid, especially for agency-delivered projects. Therefore the addition of 10% the total number of hours for Catalyst routine documentation (also content in the project repository) is both reasonable and realistic.
Q: What if the hours allocated for community feedback and response aren't used?
Firstly, the allocated time will be spent on improving the final product in any case. I (the author and proposer) can personally guarantee a public-facing web site based on these materials will keep getting critiqued and refined based even on informal feedback and suggestion, in anticipation of whatever questions and difficulties users and developers might have in the future.
Secondly, this material has already been in development for 3 years (since mid-2020) without any payment. This has already taken well over 100 hours of writing and at least as many hours testing and refining that documentation. Therefore any perceived excess in budgeted costs would be offset by the huge amount of time I have already volunteered to this project. :)