Comments (5)
Hi folks,
Would need your help and advice on the following proposal to see if it is technically feasible, thanks.
We are trying to build a keyless crypto wallet which works as follows:
- The user does not need to manage private keys or seed phrase. The user just can access the wallet using his Web2 credentials (e.g. Google / Twitter accounts).
- The assets in the wallet are further protected by MFA, say someone steals the user's Web2 credentials and tried to drain the wallet, it would kick off MFA (e.g. a SMS verification process would kick in).
My assumptions:
a. In order to achieve 1., the ICP protocol would need some programmable access conditions set up for the wallet, so that once the user is proven to have the correct Web2 credentials, he would be granted access to the wallet, and is able to retrieve key shares and perform tx signing aggregation.
b. In order to achieve 2., the ICP protocol would need to have some hooks / integration points in the architecture, such as pre-signing hook, for third-parties to hook up their services into.
c. In order to retrieve and aggregate key shares, the user would need an EOA (private key) to be able to invoke the smart contracts, are there options (e.g. AA) to make keyless possible?
Thanks and regards,
Hi @johnnynanjiang,
Great questions.
For 1, I would point you to nfid and their developer documentation.
For 2.b, you should checkout http outcalls
Finally, for c, I'm not sure I completely understand the use case, but you might want to check-out canister signatures
from oisy-wallet.
Hi folks,
Would need your help and advice on the following proposal to see if it is technically feasible, thanks.
We are trying to build a keyless crypto wallet which works as follows:
- The user does not need to manage private keys or seed phrase. The user just can access the wallet using his Web2 credentials (e.g. Google / Twitter accounts).
- The assets in the wallet are further protected by MFA, say someone steals the user's Web2 credentials and tried to drain the wallet, it would kick off MFA (e.g. a SMS verification process would kick in).
My assumptions:
a. In order to achieve 1., the ICP protocol would need some programmable access conditions set up for the wallet, so that once the user is proven to have the correct Web2 credentials, he would be granted access to the wallet, and is able to retrieve key shares and perform tx signing aggregation.
b. In order to achieve 2., the ICP protocol would need to have some hooks / integration points in the architecture, such as pre-signing hook, for third-parties to hook up their services into.
c. In order to retrieve and aggregate key shares, the user would need an EOA (private key) to be able to invoke the smart contracts, are there options (e.g. AA) to make keyless possible?
Thanks and regards,Hi @johnnynanjiang,
Great questions.
For 1, I would point you to nfid and their developer documentation.
For 2.b, you should checkout http outcalls
Finally, for c, I'm not sure I completely understand the use case, but you might want to check-out canister signatures
Thanks @anedos-dfinity for your answers and advice, appreciate that.
I will definitely go check them out.
from oisy-wallet.
Hi @anedos-dfinity ,
I went through the references you advised, and they helped.
Just a couple of further questions that need your help.
- The link (https://internetcomputer.org/docs/current/samples/t-ecdsa-sample) is broken in the text at https://github.com/dfinity/oisy-wallet
Read more about chain-key cryptography or start building based on chain-key signature sample code.
- I had a look at the wallet at https://oisy.com/
2.1. It does not support BTC, is there a plan to support it in the near future?
2.2. It is Web based, is there a plan to have a mobile version of the wallet? I assume ICP SDK would need to go mobile first?
2.3. Is it technically feasible to implement MFA (such as SMS) to Oisy Wallet?
A use case is that any withdrawals / transfers great than a certain amount would trigger MFA (e.g. via SMS)
Hi @johnnynanjiang ,
- Noted, PR already open #726
2.1. yes, native BTC support is planned, but no hard timeline yet
2.2. Only as a PWA, no plans for a mobile app for Oisy and frankly the main USP for Oisy is that it doesn't require any downloads.
2.3. That is a nuanced question. It is technically feasible to build MFA at the application level with HTTPS outcalls, however not sure about the development cost to do so. There is also Orbit wallet, which supports multi-sig and might be closer to use cases that traditionally would require MFA.
from oisy-wallet.
Thanks @anedos-dfinity for your advice.
I'm going through the references you provided, and will let you know how I go, cheers.
from oisy-wallet.
Hi @anedos-dfinity ,
I went through the references you advised, and they helped.
Just a couple of further questions that need your help.
- The link (https://internetcomputer.org/docs/current/samples/t-ecdsa-sample) is broken in the text at https://github.com/dfinity/oisy-wallet
Read more about chain-key cryptography or start building based on chain-key signature sample code.
-
I had a look at the wallet at https://oisy.com/
2.1. It does not support BTC, is there a plan to support it in the near future?
2.2. It is Web based, is there a plan to have a mobile version of the wallet? I assume ICP SDK would need to go mobile first?
2.3. Is it technically feasible to implement MFA (such as SMS) to Oisy Wallet?
A use case is that any withdrawals / transfers great than a certain amount would trigger MFA (e.g. via SMS)
from oisy-wallet.
Related Issues (8)
- Cannot upgrade WalletConnect 1.11.1 HOT 1
- Buffer not polyfied for local development
- Local devevelopment issue with Wallet Connect HOT 4
- SvelteKit v2: $page not reevaluated after invalidateAll
- Some questions about Oisy Wallet and its distributed ECDSA signing HOT 4
- Activate ICP network support
- A question about `sign_with_ecdsa` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oisy-wallet.