Grant Update Factom Identity on Ledger Nano S Grant Updates

Secured
#1
Grant Thread: https://factomize.com/forums/thread...entity-amended-to-fit-inside-grant-pool.1143/

Organizations Involved: The Factoid Authority, Bedrock Solutions

Sponsor: David Chapman

Total FCT Received: 4,490

Date Received: December 5th, 2018

Start Date: December 7th, 2018

Background

The Ledger Nano S has been identified as a secure, efficient means of signing identities for the Factom protocol. This means your private keys can be stored securely on the Ledger and used to prove your identity in a number of applications. The Factoid Authority will be developing the firmware and javascript upgrades led by Dennis Bunfield. Bedrock Solutions will handle the integration with MyFactomWallet led by David Kuiper.

We held a kickoff meeting on Friday, December 7th, 2018 and are using that as our start date.

Goals and Objectives

The objective for this project will be to bring identity signing onto the Ledger Nano S Factom app. In addition to the firmware upgrade, the client also must be updated to be able to interact with the ledger’s factom JavaScript drivers. The following features will be included in the ledger app upgrade:

● Ability to query your Factom Identity Public Key

● Sign a message using your identity

● Enable batch mode to enable signing multiple messages using the ledger that won’t require more than one user confirmation

● Allow identity signing using your Nano Ledger S from the MFW voting tool

Milestones

The following are the defined milestones:



Milestone 1 and 2 call for “Firmware Upgraded with ID support” and “ledger-factomjs updated”. The firmware is the code that runs on the actual Ledger hardware wallet and the ledger-factomjs is the software that will enable the Ledger to interact with the Factom Protocol. Dennis Bunfield will be developing these solutions concurrently.

Expected Delivery: January 11th, 2018. [COMPLETE - Delivered on schedule]

Milestone 3 calls for “Integration w/ MFW released to testnet”. In other words, at week eight, there will be a functional product ready for testing on MyFactomWallet with testnet.

Expected Delivery: January 25th, 2018.

Milestone 4 calls for “Release update to ledger for review”. At this point, a tested and refined (if necessary) product will be sent to Ledger to review the code.

Expected Delivery: February 1st, 2018.

Milestone 5 calls for "Integration w/ MFW released to mainnet”. This is when a working product is released and MyFactomWallet will be usable on mainnet.

Expected Delivery: February 22nd, 2018

Note that Ledger’s release schedule of for updates is on the 6th of every month. As such, March 6th is the date that is being targeted as the initial “go live” where anyone can utilize the new functionality.

In addition to the defined objectives in the grant, due to the recent price rise of FCT, the developers have decided to also add FCT and EC signing.

Biggest Unknown

The proposed development is reasonably straight forward. The biggest unknown is Ledger and their schedule. They are thorough in their code reviews and can be busy at times which may lead to delays beyond the control of the developers.

Sponsor Role

First and foremost, I am loyal to the Factom Protocol community, not the organizations involved in the development of this project. As sponsor I will:

A. Outline the milestones for the community is an easily digestible manner.
B. Follow the development progress and ask pertinent questions.
C. Report to the community on the progress at each milestone.
D. Sign off on the completed project
E. If they fail to complete the project, find a bus with a rusty undercarriage, throw the developers under it, and drive it back and forth.

Both Dennis and David are highly capable developers and I look forward to seeing this project come to fruition.

We welcome questions within this thread.
 
Last edited:
Secured
#3
Hi Guys,

Instead of annoying privately Dennis I post my questions here. :)

1/ How will the choice of the Public Key to be used for signing with your identity be realised : on the ledger app directly or on MFW?
2/ I understand we will be able to sign any message (lower than 854 bits if I am remember well due to Ledger limitations... French have always been playing small arms...). The output will be a signed message with your Secret Key corresponding to your chosen PK. Could the destination of this signed message be chosen by the signee? i.e. Could we choose the Factom chains where to record this signature?
3/ I understand it will interact with MFW but guess it could interect with any web interface or application able to communicate with Ledger.

Thanks for your answers and really happy to support this grant!
 
Secured
#4
1) The key selection will take place on the client side (i.e. MFW). Part of the input for the requested key via the API is the HD derivation path which follows the bip44 spec. For example m/44'/143165576'/0'/0/0 for the base address, m/44'/143165576'/0'/0/1 for the second address, etc.

2) The payload (i.e. message) of what needs to be signed is determined by the user. The data that is returned from the ledger is the signature against that payload. You can publish that signature with the payload anywhere or any way you wish, including within Factom chains.

3) Yes that is the case if the client communicates via the same U2F protocol version Nano S uses (e.g. the Chrome browser). The MFW integration is simply one way to use it and you are free to look at the code as a reference on how to integrate it into a web page. Currently the ledger only works in the Chrome browser. The U2F is implemented in Edge and Firefox browsers, however, the API is currently incompatible with the Ledger. There are also some established tools to use the ledger on the command line via python or nodejs. As part of this effort we will be putting together developer documentation so that others can implement their own clients to interact with the ledger. MFW is just one example of how to interact with the ledger.
 
Last edited:
Secured
#5
A quick update:

Milestone 1 and 2 are currently on schedule. I'm pleased to share that a majority of the main tasks for the firmware upgrade are complete. These features include:
  1. Identity address generation
  2. Identity key signing of raw data
  3. Automatic hashing of streamed data to the device for sha256 or sha512 (user specified) with signing of the hash against the identity key.
The message hash signing feature supports signing against the EC and FCT addresses. Dennis Bunfield decided to not support EC and FCT signing of a raw message since it could open an attack vector for signing real FCT and EC commit and entry transactions.

To Do:

Dennis still needs to work on some javascript code and the usual general cleanup and should have those completed by this weekend. He will then push his npm package and make an updated docker sideloader for the firmware.

All in all, I am very pleased with the progress but have located a bus just in case.
 
Last edited:
Secured
#6
Milestone 1 and 2 are Complete

I am pleased to announce the successful delivery of milestone 1 and milestone 2. They were delivered on time. To rehash what the milestones called for:
Milestone 1 and 2 call for “Firmware Upgraded with ID support” and “ledger-factomjs updated”. The firmware is the code that runs on the actual Ledger hardware wallet and the ledger-factomjs is the software that will enable the Ledger to interact with the Factom Protocol. Dennis Bunfield will be developing these solutions concurrently.
Dennis Bunfield has released the first release candidate for the identity firmware. If you want to test it, it can be side-loaded on your ledger by executing:
Code:
sudo docker pull bunfield/factomize-ledger
Code:
sudo docker run --rm -it --privileged -v /dev/bus/usb:/dev/bus/usb bunfield/factomize-ledger
The new firmware supports hash and raw message signing with identity keys. FCT and EC hash message signing is available as well. For security reasons, please note that FCT and EC message signing prepends the typical signing magic "FCT Signed Message:" or "EC Signed Message:" similar to other coin ledger apps such as the BTC and ETH apps. This signing magic is to prevent man-in-the-middle attacks for any tokens derived that directly use FCT addresses.

Dennis tells me that support for Factom Asset Tokens will be added in a future Ledger app release that does proper transaction parsing for hash signing. Also note, Signing against the identity keys does not add any signing magic. Ledger is preparing for the release of firmware version 1.5.x. Dennis and David have been coordinating with Ledger to prepare the Factom app for this new firmware upgrade.

They will be testing the updated Factom App with the identity signing. The javascript code has been updated to version 0.4.7. The package is @factoid.org/hw-app-fct and is available at https://www.npmjs.com/package/@factoid.org/hw-app-fct. Finally, batch singing mode for the identity key signing has been added. There is a new menu option in the ledger app to enable the batch mode. If you wish to use this option, it will need to be manually enabled every time you start the Ledger Factom app. It will only work with the identity keys.

I'm very pleased with the progress of the team. The next milestone is milestone 3:
Milestone 3 calls for “Integration w/ MFW released to testnet”. In other words, at week eight, there will be a functional product ready for testing on MyFactomWallet with testnet.

Expected Delivery: January 25th, 2018.