WingNews logo WingNews
top | item 20053654

(no title)

roneil | 6 years ago

Hey all - I'm Roneil, one of the cofounders of Audius. We built Hedgehog to solve a specific pain point we faced - how can we get non crypto-native / non-technical users to sign up for a decentralized app? Current onboarding flows using Metamask and other alternatives were too cumbersome, time-consuming, and restrictive for our needs. We needed a way to generate a wallet on behalf of a user without them even knowing crypto was operating behind the scenes.

Hedgehog lives in your front end Javascript code. A user enters a username (or email) and password, which is used to secure a set of encrypted auth artifacts that are generated client-side and stored in the browser’s localStorage / on your (the application developer's) server. In this way, the encrypted auth artifacts can be retrieved and consumed on secondary devices without centralizing custody and control of the private key.

If the centralized server hosting the keys goes down, users can continue to access their wallet on the devices they already have. If the centralized server is compromised or operated by bad actors, the resources required to decrypt a stored auth artifact would be immense. However - this is why we recommend using Hedgehog only in low-to-no financial value use cases.

This approach is not without tradeoffs - but for the right use-cases we believe this will provide a needed alternative.

Happy to answer any questions you all have!

discuss

order

thinkmassive|6 years ago

Very cool, glad to see people tackling Ethereum UX! Your project seems similar to the Burner Wallet by Austin Griffith: https://github.com/austintgriffith/burner-wallet

Assuming you've seen that project, how does Hedgehog compare?

Do you have recommendations on handling the initial funding of a wallet, especially for your target market of non-technical users? (after they have the wallet, how do they obtain ETH or other tokens to get started?)

roneil|6 years ago

We haven't seen that before, looks cool! The approach may be similar, but we packaged Hedgehog as a standalone / documented library to be consumed directly by developers. In looking briefly I wasn't able to ascertain how the private key is stored / propagated between devices in his model so it's hard to comment more precisely.

The approach we've taken at Audius on initial funding is to avoid funding the wallet entirely - we use EIP-712 signatures combined with a trustless transaction relay service that pays gas / submits EIP-712 signed transactions on-chain on behalf of users. In this way, the user wallet never holds any tokens but is still used to secure access to their account. We'll be open-sourcing our contracts and infrastructure code soon, but here's a good public example of this model in action: https://github.com/hellobloom/core/tree/master/contracts

That said, other folks may decide to use Hedgehog differently - perhaps you integrate with something like Wyre (https://www.sendwyre.com/) to help users fund their wallet client-side without knowing that crypto is there.

vinliao|6 years ago

Hey Roneil, I'm really new to crypto development and I'm having a hard time finding crypto communities for developers (the one who builds stuff). I've checked out eth's forum but it's not really developer focused, it's too general.

Where do you usually hang out? I would like to learn more about building crypto stuff and would like to participate in a community. Can you point me in the right direction?

Thank you!

PS: I have completely no idea what Audius is about, but it sounds cool. Good luck!

roneil|6 years ago

Hi there! Unfortunately I haven't found any high-quality online communities of crypto builders - most of my connections to other folks building are offline / irl. Would encourage you to attend local developer groups to get to know others in the space!

There are tons of helpful resources online though, as lots of folks write tutorials and other things. Googling most problems you face will yield good results.

solotronics|6 years ago

For lightning protocol devs there is a public slack they hang out in. You might want to look around for one for Eth.

tuesdayrain|6 years ago

r/ethdev is a good one. Much more developer focused than r/ethereum.

corbinpage|6 years ago

Awesome work, and it's great to see more tools in this important area.

How do you handle the "Forgot Password" problem?

Say, if a user clears out local storage and forgets their password. Is there a way to recover it from what's stored on the server?

roneil|6 years ago

Great question - see my response to "atomical" in this thread for more detail, but short answer is no. Thanks for checking out Hedgehog!

rladd|6 years ago

Hi Roneil

It looks very cool. Just skimming the documentation, there isn't anything on how to perform actual wallet functions, or whether encrypt/decrypt data using public/private keys is available (which is something I'd find super useful!). Am I missing it, or is it just a matter of looking through the code?

Thanks for making something as cool as this open source!

michaelsbradley|6 years ago

Has there been any thought as to how the REST API + database side of this could be replaced with ipfs/swarm? I'm not sure how it would work, and there would likely be additional trade-offs, but it would be nice if the "D" in DApps could be retained in full.

roneil|6 years ago

There has! This could be a great approach - eg. a network of folks committed to supporting users in this manner could operate IPFS nodes that re-pin the encrypted keys.

We are also thinking about offline ways to share the key such that the centralized side is not required - eg. a QR code displayed on one device and scanned by another to propagate the wallet. This creates a problem if a user loses all of their devices though.

aey|6 years ago

That is fantastic! Any way to integrate other chains?

roneil|6 years ago

Right now Hedgehog is specific to the Ethereum account model (eg. POA network and others use this too), but there's no reason the approach couldn't be extended to work with other chains.

Here's the key section of code that makes this Ethereum-specific: https://github.com/AudiusProject/hedgehog/blob/master/src/au...

You could replace the use of 'ethereumjs-wallet/hdkey' with any other chain wallet library if it is compatible with the BIP-39 style HDWallet structure. Bitcoin and many other blockchains have compatible libraries that could be substituted easily!

atomical|6 years ago

Is there any way to recover a login and password if the user forgets it?

roneil|6 years ago

Thanks for checking out Hedgehog!

There is not - this is the biggest deficiency of Hedgehog today. Without centralized custody of keys, it's not possible to have someone prove their ownership of a given key to a centralized party in order to unlock it. The key is encrypted, so the application provider nor anyone else can decrypt it without the user's username/password combination. This tradeoff is both a good thing and a bad thing in our view.

That said, there is a mechanism for changing your password if you are already signed in.

We are considering some mechanisms for fallbacks, eg using a threshold cryptosystem with multiple private keys and a 1 or 2 of n requirement, such that if a user forgets the way to generate one of the n keys they may still remember a way to generate the other(s). If you're curious, more on these schemes here: https://en.wikipedia.org/wiki/Threshold_cryptosystem

We feel these tradeoffs make sense to enable more mainstream adoption of cryptocurrencies, but they are tradeoffs; for certain types of applications the cost of losing control of an account is too high for this approach to make sense.