Let's talk about crypto Walletum

Walletum сент. 10, 2021

If you work in a small team dealing with crypto, where main focus is on the development of infrastructure around the blockchain, then you have big issues with getting your coin anywhere. You might list the coin in some third-party wallet, but who knows what will happen tomorrow?

Using the Core version of the wallet is often difficult and not really handy for people. Therefore, for regular payments, more convenient wallets are used – as an application or a regular website. In this case, the user has to entrust his funds to someone unknown. New wallets appear, and some stop working, some get hacked, some disappear. Is there any solution for this?

Sure. Follow the idea of the standalone non-custodial wallet.

At the moment the UFO coin can be stored at:

1) Core version of the wallet, which is rather complicated for many people;
2) EDGE.app, which is relatively good but fails from time to time;
3) A fork of the Coinbin wallet at wallet.ufocoin.net, extremely limited in functions, but very simple and non-custodial.

The development of the UFO coin goes on - the latest innovations from Bitcoin are ported and the team is building the infrastructure around the UFO coin. As the part of the effort, the team made a decision to allocate some of the resources to create a non-custodial wallet with full UFO support. Such a wallet will provide an opportunity to fully utilize all of the blockchain potential: support for tokens, secure atomic swaps between users, multisignature, upcoming taproot support and any other future innovations in the UFO blockchain.

But who needs it just for the UFO coin? Who is using single blockchain wallets nowadays? After all, everyone should be given the opportunity to store as many cryptos as possible. Our wallet is expected to support many blockchains, be secure, non-custodial, convenient and functional. Not an easy task to accomplish.

Most wallets are centralized and dependent on the wallets operators. Even non-custodial wallets rely heavily on centralized services. Walletum's big goal is to become a non-custodial wallet under the exclusive control of the user. If the user decides to use an extremely isolated environment, running exclusively on his own trusted nodes and servers - Walletum must be able to work in such an environment.

Over the past ten years a lot of infrastructure has emerged around blockchains. Most of the services became completely commercial. Nothing personal – just business. But because of this it is now very difficult for a true open source project, supported by enthusiasts, to get into popular exchanges and wallets. Well, as they say, if you want to do something well, do it yourself.

Our goals:

In fact, despite the variety of wallets in the Apple and Google app stores, there are not so many wallets that have all-in-one - a convenient and concise interface, fast enough, are user-friendly and support many different blockchains.

All of them, more or less, solve the problem of receiving, storing and transferring crypto. But, since most of these projects are self-sufficient, the need to earn makes them add many redundant features that interfere with user experience, distract or simply are not needed.

The Walletum developers are solving the issue of integrating as much of useful functionality as possible, but at the same time preserving simplicity and convenience, avoiding advertising and unnecessary additional services in the wallet’s interface as much as possible.

The global goal of the UFO team is to design and develop the decentralized Calcium.Network, based on the decentralized communications and UFO blockchain.

The network targets to provide applications a single authorization mechanism, convenient tools to work with cryptocurrency, communication and distribution of content through decentralized channels.

Based on this, Walletum is supposed to be the first app integrated into Calcium.Network.  It will also be the first one to receive all the new opportunities that the network will provide.

UFO - full coin support

Technically speaking, UFO is a clone of bitcoin with extra features. But these two blockchains have a number of interesting features that are not easy to implement. Therefore, they are almost not represented in cryptowallets. In most cases, Bitcoin support in other wallets (even not speaking about UFO right now) is limited to simple receive and send funds features.

Walletum developers have a goal to make the following UFO blockchain features as simple and accessible as possible:

1) Creation and management of tokens

The UFO blockchain is extremely low-cost for small transactions. It is quite opposite to Etherium tokens. Therefore, creating and sending tokens on UFO blockchain is a natural use-case for small or frequent transfers.

At the moment  tokens are quite simple in their capabilities. However, the team is researching the possibility of adding extended smart contracts to allow complex solutions.

2) NFTs and analogues

At the moment, NFTs are better known as pictures that people buy and sell. However, the capabilities of NFTs and its analogues are not limited to this only - they make it available to register digital rights on the blockchain, distribute content and applications, etc.

3) Secure atomic swaps

The time for secure atomic swaps has not come yet. There is a number of issues related to the speed of swaps and liquidity of exchanges which are yet to be resolved with high-quality solutions. For this reason, people continue to use centralized exchanges and get into accessibility, security and blocking issues sometimes. As the technology of secure atomic swaps matures, direct exchange between users will become much more comfortable and safe. We want to give our users such opportunity.

4) Custom funds locking until the specified time (timelock)

Time-locked wallets give the ability to set a date when funds will be available for spending. A wallet with a lock date for the next 10-15 years can be created, and the blockchain will only allow the owner to spend these funds after the specified time.

It might be handy when the one wants to create a long time "crypto deposit" for kids while they are still young. They might not know yet how to manage their coin in a reasonable manner. But with a timelock, there is no need to worry that the coins will be spent ahead of time. The blockchain will take care of this.

5) Multi-signatures

Multi-signatures allow a specified number of people to confirm spending. This feature is useful for managing group finances, such as some project’s funds.

6) Standalone desktop version

In its current implementation, Walletum is being developed as an online application. However, it can be installed it on a mobile device (Android or iOS) as a lightweight application with an icon on home screen.

The target implementation of Walletum is a desktop version of the wallet that can work both in an isolated user environment and using the secure infrastructure of the Calcium.Network.

Planned platforms

1) Website: walletum.io
2) iOS and Android lightweight mobile apps available at walletum.io. An application from Google Play, Apple Store is on to do list.
3) Windows and Linux platforms are expected to have desktop versions with the ability to run in enhanced security mode.

Security concerns

In any software, there are usually some attack vectors that can lead to potential security flaws. In case with Walletum, three potential attack vectors are identified:

1) Security of user’s keys;
2) Security of account data;
3) Server side security.
Let's talk about each of these issues in details.

Security of user’s keys

Since Walletum is non-custodial, keys are generated and stored, or simply generated on the user's side, depending on how the user prefers to work with them. Walletum uses and open-source cryptography which is tested by real-world applications and used in a variety of services. The client-side code creates keys solely on user’s device. In current implementation it runs in the browser, and it is as safe as the browser safe itself, also including the operating system. Many people install all sorts of extensions on their browsers, some people have viruses on their PCs. Walletum user should be careful and watch out for this. If the environment is compromised - nothing will protect from a possible attack.

Security of account data

At the moment, Walletum offers two options for creating an account:

1) Brain Wallet. User is responsible for creating and providing strong unique data: login, password, pin.

The brute-force resistance of the brainwallet (account) depends entirely on how unique and strong user provided data is. Walletum’s algorithm for generating secret keys from such data is specifically designed to be brute-force resistant. The more complicated set of user data is used for generating a wallet, the more time-consuming it is to brute-force the account’s seed and keys.

2) Seed wallet. Seed is a randomly generated phrase in accordance with the industry’s security standards.

The brute-forcing of seed-phrase requires an enormous amount of computing power and is almost impossible.

Server-side security

There are two attack subvectors on the server side: front-end and back-end.

The wallet itself is lightweight and does not have a copy of the blockchain. Because of this, the back-end servers send blockchain data to the wallet. The back-end is not used to store account data, there is no linking  to the user's IP address, the blockchain data is transmitted mostly from back-end servers to user’s wallet. If we assume that the back-end is hacked, and intruder replaces the source code and starts giving inaccurate or malicious data –  these incorrect data will lead to the temporary inoperable account, but it will not affect user’s funds in any way.

The possible scenario in this case is that user’s Walletum will display incorrect balances, incorrect transaction history, and it might be unable to spend invalid funds. Assuming that user’s client-side wallet is fine and secure - user’s funds will remain safe until back-end gets back to normal.

The second subvector of attack on the server is the front-end – the part which feeds client-side code to the user’s browser. Things are a bit more complicated here. The security of the source code heavily depends on the security of the Walletum application servers. Just like with any other service, if front-end is hacked - the intruder might provide a malicious version of client-side code. To prevent this, the team is putting a major effort into protecting front-end servers from any kind of third-party access or eventual client-side source code modification.

Two more protection mechanisms against such an attack are on the to do list:

1) Validation of the Walletum’s client-side code checksum in user’s browser;
2) Distribution of signed software through the blockchain.

Upcoming features

At the moment, the UFO team is already using Walletum internal builds for its own needs. The software is proved to successfully store, transfer and receive BTC and UFO. More cryptos support is in active development right now.

Walletum application will go live BETA by the end of 2021.

And here are the plans for the near future:

- support for uniasset / omni tokens
- beta version
- release version
- support for nft uniasset
- adding more coins
- adding eth

Afterword from the team

We do not want just another wallet with a bunch of ads or useless features. We want a wallet for ourselves, the one we will completely trust and use it as well  - conveniently and comfortably. Since we are still an open source project, which usually means at least some openness, we are happy to show you what is going on in our project in Figma.

At the moment, the improved interface design is almost complete, up to 90% by today. Of course, it’ll require some work to get it into the Walletum, but we are putting our best effort to publish beta version with the upgraded user interface as soon as we can.

This is a very long road to go. Walletum is much closer to production now than it was a year ago, but for Calcium.Network this is just a beginning. Stay tuned, follow the news.