You can have the cake and eat it!
Pay Bitcoin without exposing your private keys to the Internet.
Abstract
We propose an internet-free wallet for people with risk intolerance wishing to pay with their crypto assets.
Introduction
Blockchain is a decentralized accounting records that can be seen by everyone, everywhere and at any time. Key idea behind blockchain is that having many eyes looking after money transfer (transaction) we can guarantee transparency and trust between participants. Each of them has special key (private key) which acts like a personal signature to approve transaction. And every transaction consists of three steps:
- get transaction data from blockchain,
- sign transaction with a private key,
- broadcast signed a transaction to the blockchain
Easy, isn’t it? The only thing left to solve — find a secure way to manage our private key.
- Mobile crypto wallet;
- Website with client-side logic (like MyEthereumWallet);
- Cold storage;
- Paper wallet.
Mobile wallets are able to sign transactions using generated or manually added private key. However, this poses a great threat for assets if this key leak outside one way or another. Safety of our money is based on our trust in authors of the wallet, on those who uploaded them to App Store/Google Play.
One possible way is to leverage this danger is to prohibit internet usage for the application.
For example, cold storages, which are, basically, offline storages of private key, are perfect for risk-averse people, but its safety comes on a cost of usability. Hanging around with USB/HDD-disk that stores you private key won’t let you have frictionless experience with payments, is it? Moreover, usage of cold storages might be even worse than wallets. How many times did you have to remove viruses from your USB after using it at unknown PC?
Proposal
We propose a solution where out application don’t have an internet access, thus making it impossible to send our private key to Internet.
Our solutions relies on two technologies:
- QR-codes for data transfer between Wallet and payee;
- Apple Push Notification service.
In a nutshell, that’s what happens:
- app read generated by payee QR-code with invoice;
- app signs the contract and generates QR-code;
- payee broadcast new transaction in blockchain*.
* in case we are working with vending machine, we can broadcast transaction manually by opening generated by application link in mobile browser.
Apple Push Notifications are used to update wallets information of transactions: if they were approved or rejected, so application would be able to update balance. They are passed only in one direction: from our server to Apple service and from Apple service to wallet.
Basically, we are delegating communication with internet to payee, thus reducing our risks and lovering chance of accident and malicious leakage.
Conclusion
Our solution has strength of cold storages and flexibility of mobile wallets, thus making it a very promising alternative to existing solutions.
At this moment, our wallet works with Bitcoin testnet. In close feature we are planning to:
- Support the testnet Ethereum;
- Sign the first mainnet transaction;
- Use wallet to pay for something in real world :)
Links:
Flightwallet: https://flightwallet.org
GitHub: https://github.com/flightwallet