Trezor Hardware Wallet Support

Question

Trezor Hardware Wallet Support

Closed this issue 10 years ago · 22 comments

This is a tracking ticket for Trezor support for Namecoin (not necessarily in Namecoin-Qt). See the following links:

https://forum.namecoin.info/viewtopic.php?p=12340#p12340
https://bitcointalk.org/index.php?topic=122438.msg6926871#msg6926871
https://bitcointalk.org/index.php?topic=644755.0

There are a number of ways that this could be implemented.

The method that the Trezor people mention basically involves setting up a blockchain explorer API that can provide the Trezor web wallet with enough data for the web wallet to interact with the user's Trezor.

That method, as I understand it (anyone want to confirm?), has some security issues. Specifically, while it is not possible for the web wallet operator to steal your NMC (since the keys stay in your Trezor), they are able to falsely claim that you have received NMC (which might let someone commit fraud against you), as well as make your legitimately owned NMC unspendable (which might let someone punish users monetarily, or even steal names by forcing a name to expire). In my opinion, this is not adequate security.

The other method, which the Trezor people didn't mention, is to directly implement the Trezor hardware library into a Namecoin client which validates the blockchain as normal (this could be a full client, or a libcoin-style light client, or an SPV+UTXO ultra-light client). This gives the same security guarantees as the standard Namecoin client, with the additional benefit that your wallet is effectively in cold storage. I'm pretty sure that the Armory guys are planning on doing this; I'm not sure about other clients since I don't follow them as much. In my opinion, this is a better route to take.

NOTE TO DONORS: Please do not place bounties on this issue; place them on specific implementations as described above. That way this issue can remain open as a tracking issue.

Answer 1 · 2014-09-18T15:04:32.000Z

Any plans to implement any of these 2 solutions?

Answer 2 · 2014-09-19T02:18:47.000Z

Hi @bat100,

Last I heard Armory is planning on adding Trezor support. If they add Namecoin support too ( see etotheipi/BitcoinArmory#230 ) then that would solve this issue. I've had difficulty getting a clear answer from the Armory devs on this... feel free to post in the issue I linked and ask them if they would merge Namecoin support. If the Armory devs are willing to merge, and funding is available (BountySource), I'm willing to put some dev effort into it.

Answer 3 · 2014-09-19T04:09:48.000Z

How much bounty would it take for you to develop option 1 and/or option 2 independently of armory?

Answer 4 · 2014-09-19T05:13:42.000Z

@bat100 If I personally were to try to develop this, it would be in the form of Armory support for Namecoin. The Armory team would still have to implement Trezor support on their end (which I believe they are planning to do, but I don't know a specific timeline). Armory Namecoin support would be a potentially major task, and would probably be best if split into smaller sub-bounties. If I had to guess without much information, I'd say Armory would be around 5-6 sub-bounties, each valued at about $100. However, please realize that that estimate isn't with much information, and it could be more or less than that.

I can tell you that I'm counting my time at $20/hr (relatively low for a comp sci major), and if I require less time than initially estimated, the remainder of the bounty can be repurposed toward any other Namecoin bounty of your choice. So, if I overestimate the time involved, I won't just take your money. :-)

If that's acceptable to you, let me know, and I'll do a bit more preliminary work (including tracking down the Armory guys to see if my plans have overlooked any important details) and then I'll open up some tickets where you can place BountySource bounties.

I'm personally unable to work on non-Armory solutions to this. But, if someone else is interested in implementing this and has a different plan, they're totally welcome to post their estimate here too. For what it's worth, Armory Namecoin support would be useful for a lot of use cases other than Trezor usage... so all those benefits come in the package.

Cheers.

Answer 5 · 2014-09-19T05:17:27.000Z

what about an API for mytrezor.com support?

Answer 6 · 2014-09-19T05:21:54.000Z

@bat100 That's a good question. I don't have the ability to work on a MyTrezor API server, but if someone else is interested in working on that, I'd encourage them to chime in here. (Just be aware that an API server could potentially steal names by forcing them to expire, while Armory doesn't have that vulnerability.)

Answer 7 · 2014-09-19T05:30:54.000Z

I thought what you mentioned as option 1 was an API for the block chain that would then allow the web wallet to get the information. At this stage I think we should worry first about the coins aspect rather than the domain registration aspect (which could be done with a small hot wallet). Would you be able to do that for a small bounty? Thanks

Answer 8 · 2014-09-19T08:11:08.000Z

@bat100 That's correct, if someone is able to set up an API server for the blockchain which MyTrezor could access, then I think that will allow transactions to be signed on the Trezor. I know there are some people working on API servers (John Kenney and jonasbits were both doing relevant work); maybe they can chime in here. (I don't recall their GitHub usernames, anyone want to tag them?)

This probably depends on individual use cases, but for me, I'd be much more worried about names than currency, because names aren't replaceable (for any price) if stolen. I believe that Option 1 would only work for currency unless the MyTrezor devs add support for interpreting name scripts to their code. Similarly, Armory would only support currency until name script support is added. I'd certainly be willing to work on name scripts for Armory (that was factored into my bounty estimate), but I don't know if anyone at MyTrezor is interested in doing the same. Since MyTrezor isn't open-source, if they don't want to work on it, then it won't happen.

Answer 9 · 2014-09-19T08:14:17.000Z

@jonasbits, want to chime in here?

Answer 10 · 2014-09-19T08:15:07.000Z

I'm not currently working on any api server, busy with a website. I'd prefer 'option 2' to be implemented anyway.

Answer 11 · 2014-09-19T08:16:47.000Z

Thanks for the quick reply @John-Kenney, sorry I forgot your GitHub username :-)

Answer 12 · 2014-09-19T08:18:42.000Z

Also, IMO, option 2 should be done with libcoin, I'm not sure we should be adding features to namecoin.

Answer 13 · 2014-09-19T08:31:50.000Z

@John-Kenney I agree on that. The only difference between namecoind and libcoind as far as Armory cares is the database format. Someone should ask the Armory devs when they're planning to implement the P2P-protocol replacement for database parsing; if that's coming soon then the exact same Armory code will work on namecoind and libcoind.

If you're talking about supporting Trezor directly as a libcoind wallet, that's probably doable, but it means replacing the wallet format with something that handles the HD wallet scheme. (Of course, that needs to be done at some point anyway.) I don't have enough experience with the libcoin codebase to do that, but it would certainly be a useful endeavor if someone is willing to tackle it.

Answer 14 · 2014-09-19T08:40:01.000Z

I don't have the experience to do it either, but I'd like to see some generic interface for Trezor & any other similar simple hardware wallets that come in future.

Answer 15 · 2014-09-19T08:44:05.000Z

I don't have any money to buy a Trezor for testing or anything either, they're still expensive for my tastes, but I like the idea & hope similar cheaper devices will come along.

Answer 16 · 2014-09-19T08:44:17.000Z

For what it's worth, if Bitcoin Core is planning to switch to an HD wallet (which I vaguely remember they are, but I might remember wrong), it might be wise to wait for that and merge it into libcoin rather than add HD wallets to libcoin ourselves and have it be obsoleted later.

Answer 17 · 2014-09-19T08:47:05.000Z

Yeah, I agree, libcoin isn't just Namecoin & it's not just a Namecoin feature. Are there any software Bitcoin wallets that support Trezor now, or just their web service?

Answer 18 · 2014-09-19T08:48:41.000Z

Last I heard (which was a while ago and could be outdated), both Armory and Electrum were planning to add Trezor support, but the web service was the only client supporting it currently.

Answer 19 · 2014-09-19T08:54:29.000Z

I was thinking of creating or modding a block explorer based on reading libcoin's database, I could possibly add some web api to that, but it's a long way off getting started even, I have a lot of other things to work on too.

Answer 20 · 2014-09-28T17:48:34.000Z

Anyone would be willing to implement the option with the block chain API? I understand there is a potential risk of fraud in case someone hacks the block chain server, however for people interested in cold storage that could initiate the transaction themselves it would not be a problem. Also people could receive the payments on their computer to be sure they are real and then transfer them from there. It's not perfect but it still a nice improvement I think.

Answer 21 · 2014-09-29T07:14:04.000Z

@bat100 I'm probably not able to implement the option with the blockchain API, but maybe someone else is able to. I'm not sure whom to ask.

Answer 22 · 2014-09-29T07:19:06.000Z

Please continue this discussion at namecoin/meta#1 , since this isn't related directly to namecoind/Namecoin-Qt. Thanks.