If you’re thinking “WTF!?”, we forgive you. Here’s some context.
As we build Argent, we’re developing client apps that primarily interact with the Blockchain via HTTP proxy nodes. These are the interaction point for your wallet (until light client nodes become viable). However, this isn’t always enough to create an outstanding user experience that’s familiar to users.
We knew we could improve usability and communication by building several auxiliary cloud services. But we had to do so without compromising the security or trust inherited from a decentralized blockchain. How?
We followed our team’s first rule: “don’t trust the backend” (meaning, “don’t trust ourselves”). The services exist only to provide an enhanced user experience that any mobile customer would expect (e.g. push notifications, user-to-user communication). The end-user interface, the mobile app, can validate the data it receives against multiple sources to establish trust with the decentralized wallet.
An example of this is our smart wallet’s use of actions that require multiple users’ digital signatures (signed by their private key). Here’s a clear example based on our model of account recovery, which uses Guardians:
Alice has bought a new iPhone and wants to recover her wallet on the new device. To do this, her Guardian, Bob, needs to approve the recovery request.
Or, more technically:
Bob needs to provide his digital signature to authorize the transfer of the wallet’s ownership to Alice’s new public address for her new device.
Now comes the issue of trust. How does the Guardian, Bob, know that he’s approving the right recovery request to Alice’s new iPhone? How can we prevent the interaction between Bob and Alice from being compromised? We have to ensure there’s never a Man-In-The-Middle attack whilst they communicate over Argent’s network. And we have to go beyond taking all possible precautions to secure our cloud infrastructure.
The solution? Emojis. With a little help from cryptography.
First, we show Bob (the Guardian) a series of emojis. These represent a hash of the new account address (the public key on the new iPhone). Meanwhile, we show Alice (the owner of the new phone) the same series of emojis, hashed from data received over Argent’s network. Both hashes are calculated client-side to help validate the authenticity of the new account address.
Next, Alice & Bob talk via a different medium, i.e. a phone call. They do this to: a) verify the recovery request is genuine; b) check no one has tampered with the new public key on its journey across our Argent network - by confirming they see the same emojis.
That’s it!
This may seem deceptively simple, and it’s meant to be. We use familiar mobile interactions to dramatically enhance security in a simple and friendly way. And we do this without increasing complexity.
So please, emoji hash away! Here’s our emoji hash code in Swift if you wish to use it in your own project.