Add Offline Signing Library for XmrSigner Production

This commit is contained in:
Thorsten Kaiser 2024-08-31 14:06:27 +00:00
parent 82bf64c2e3
commit d6f2b9e159

View File

@ -0,0 +1,103 @@
---
layout: fr
title: Offline Signing Library for XmrSigner to Production
author: Thor a.k.a. vThor a.k.a DiosDelRayo
amount: 97
milestones:
- name: Material
funds: 1 XMR
done:
status: unfinished
- name: First month
funds: 48 XMR
done:
status: unfinished
- name: Second month
funds: 48 XMR
done:
status: unfinished
payouts:
- date:
amount:
- date:
amount:
- date:
amount:
---
# Offline Signing Library for XmrSigner Production
## About
This proposal aims to create a minimal library for offline signing on
air-gapped devices, focusing on essential features:
- Seed phrase generation (including polyseed)
- Address and key generation
- Account and sub-address management
- Address verification
- Output importing and Key Image exporting (raw and encrypted)*
- Unsigned transaction handling (description, sanity checks, signing)
- Block height and date estimation
The library will be implemented in C++ with a C ABI, allowing use in
multiple languages. It will be based on the current Monero source but
without relying on wallet2, aiming for minimal external dependencies,
not inventing the wheel again, nor rolling own crypto.
Key objectives:
- Comprehensive documentation
- Quick start guide for offline and hardware wallet developers
- Documentation of challenges in stripping down and cross-compiling
- Buildroot package for easy target system integration
- Python module for library usage
- Test code
- Modification of XmrSigner to use this new library
## Who
Thor (vThor/DiosDelRayo), currently completing the [XmrSigner (MoneroSigner Resurrection) proposal](https://ccs.getmonero.org/proposals/%20MoneroSignerResurrection.html).
## Why
[XmrSigner](https://github.com/XmrSigner/xmrsigner), while functional, is currently more of a proof of concept than a
production-ready tool. This library addresses several key issues:
1. Performance: The current implementation using wallet RPC is slow,
especially on resource-constrained devices.
2. Security: Minimizing dependencies and code base improves auditability
and reduces attack surface.
3. Flexibility: A dedicated library allows for easier integration into
various offline signing solutions.
4. Resource efficiency: Stripping down to essential features enables use on
lower-power devices.
By creating this library, we can:
- Bring XmrSigner to production readiness
- Provide a foundation for future hardware wallet development
- Explore the viability of using even more resource-constrained devices
(e.g., MCUs) for offline signing
A proof of concept has been developed to validate this approach:
[c_abi_for_cpp_code_PoC](https://github.com/DiosDelRayo/c_abi_for_cpp_code_PoC)
This library will significantly improve XmrSigner's performance, security,
and usability while opening doors for more diverse Monero hardware wallet
solutions in the future.
## Milestones and Timeline
Given the significant time investment and potential challenges ahead, I
propose a shift from my usual value-based pricing to an hourly rate for
this project.
Proposed terms:
- 120 hours per month for two months (240 hours total)
- Compensation: 48 XMR per month (96 XMR total)
- Additional 1 XMR for printed literature (requested at project start)
- Total compensation: 97 XMR
Hours worked beyond 120 in the first month will roll over to the second. If
the project completes before 240 hours, unused funds can be allocated to
future proposals or returned to the general fund. Should more time be
needed, I'll submit a new proposal.