Bitcoin Forum
November 09, 2024, 03:56:22 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Open source, local 2 of 2 multisig client with independent electrum verification  (Read 2599 times)
tryexcept (OP)
Full Member
***
Offline Offline

Activity: 192
Merit: 100



View Profile
March 15, 2014, 11:03:27 AM
 #1

Hi all!

We just released and open sourced a local (no JS from server) 2 of 2 multisig wallet as a chrome app.

Original post: http://www.reddit.com/r/Bitcoin/comments/20g9ab/greenaddressit_trustless_2of2_open_source_wallet/

We at GreenAddress.it have just released and open sourced our local/packaged Chrome application for accessing GreenAddress.it's Multisig HD wallets.

If you are not familiar with GreenAddress.it, we encourage you to take a look at our website and FAQ, or you can even watch our infographics video, but roughly speaking it is a web wallet which aims to be much more secure than other ones in the market.

The idea behind a local (packaged) Chrome application is to make it more secure than using our web client off our servers by providing you with all the client JavaScript code to run locally, which should make the wallets immune to server-side hacks.

You can skip through to download the wallet app from chrome store, or read below for more technical details if you are interested.

The main feature behind making it more secure, which we have implemented specifically for the Chrome application, is transactions verification. Basically GreenAddress.it generates transactions for the client to sign, and the client's JavaScript, before signing, verifies that their amounts, destinations, fees, etc. are correct according to user's input. This prevents the server from sending tampered transactions which could be used to steal funds.

This verification requires a list of previous outputs to be available to the client, which also must be downloaded from an independent source to disallow tampering with transaction data. For this purpose we have used the public Electrum servers, so you are safe even if our server tried to send modified transaction outputs to make client think it is signing smaller amounts than it is in reality.

Here’s the open source project on GitHub. You can also find Gentle on GitHub, an open source tool we developed in case our service disappears such that you can free your funds from the 2 of 2 multisig.

Currently the GitHub repo contains merged JavaScript files, which is because of how our deployment process works, but we are going to improve it by providing the original directory structure soon. (EDIT: done!)

We are also looking to open source our Android Cordova app and give it the same treatment as the Chrome app (local files and Electrum verification)

Any feedback is welcome!

GreenAddress.it team

qbitx
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
March 16, 2014, 03:40:34 AM
 #2

Looks awesome so far, the only issue I had with the wallet so far was that it doesn't keep a list of my previously generated/used addresses somewhere where I can query it (but if I'm not mistaken, that's planned for the future)

A firefox add-on would be awesome too Cheesy

This looks like one of the best options for multisig wallets at the moment.  Keep up the good work.
tryexcept (OP)
Full Member
***
Offline Offline

Activity: 192
Merit: 100



View Profile
March 16, 2014, 03:55:07 AM
Last edit: March 16, 2014, 11:16:50 AM by tryexcept
 #3

Thanks!  Cheesy

We are adding "list of previous addresses" to settings soon, exactly Wink

We were/are busy with the payment protocol and working on improving the user experience (for example, the 6 confirms limit will be mandatory only on instant transaction, currently however it is for all).

Firefox add-on is certainly possible, in particular given that is would be similar to the chrome app, which of course is open source https://github.com/greenaddress/WalletCrx

Is on the list but at somewhat lower priority than the other features we are preparing given those are more unique than another kind of ext/app Sad

We welcome pull requests  Roll Eyes

genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1076


View Profile
March 17, 2014, 04:47:11 PM
 #4

Impressive work. Already better than most wallets out there. This space is going to heat up soon. You've fought about lots of nice features.

Do you want to use Obelisk as the backend? We have a JS library:

https://github.com/darkwallet/gateway/tree/master/client
tryexcept (OP)
Full Member
***
Offline Offline

Activity: 192
Merit: 100



View Profile
March 17, 2014, 08:51:26 PM
 #5

qbitx: In the "Receive Money" tab you can now see a button that shows you all the generated addresses with number of tx.
It's not too pretty yet but soon we are integrating some  pretty block explorer which will probably be used in various places Grin

genjix: Thank you! We never spoke but I've been lurking around and read plenty of your posts! We are honored!

We don't know too much about Obelisk but from a quick read it could be quite handy and we are going to investigate it: do you have some pointers to speed up the process?

qbitx
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
March 17, 2014, 11:24:17 PM
Last edit: March 18, 2014, 12:43:15 AM by qbitx
 #6

qbitx: In the "Receive Money" tab you can now see a button that shows you all the generated addresses with number of tx.
It's not too pretty yet but soon we are integrating some  pretty block explorer which will probably be used in various places Grin

Awesome Smiley looks good to me.
tryexcept (OP)
Full Member
***
Offline Offline

Activity: 192
Merit: 100



View Profile
March 18, 2014, 12:09:28 AM
 #7

cheers!

Let us know if you find anything you'd like improved.

Of course in the meantime is not like we are not doing anything, so here's a short list of things coming soon (not a complete list by any mean):

- Two factor via robot call, works on landline and I'd imagine makes it harder for malware to intercept the two factor code.
- Payment protocol with instant confirmation (for parties that trust GreenAddress, but they don't have to trust you)
- Nice block explorer
- More exchanges and indexes.
- Adding languages (French, Italian, Spanish to start with, then Russian, Greek, Chinese, etc and if you want to help let us know!!)
- Drive and dropbox for nlocktime (on top of email)
- And more  Roll Eyes



Dusty
Hero Member
*****
Offline Offline

Activity: 731
Merit: 503


Libertas a calumnia


View Profile WWW
March 18, 2014, 01:59:33 PM
 #8

Impressive feature list, and congratulations for being the first to find a good use of multig!

Looks awesome, I'll experiment a bit.

Articoli bitcoin: Il portico dipinto
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1076


View Profile
March 18, 2014, 04:20:16 PM
 #9

tryexcept, I'm on Freenode IRC as genjix in #darkwallet. Always happy to talk/help and show some of what we're doing. Maybe some of our work is useful for you, and vice versa. Choosing Electrum servers was a good choice, as that's a great community.

About Obelisk, there isn't too much info yet but the tools are there. We're still improving them though and documenting everything.
bitjoint
Sr. Member
****
Offline Offline

Activity: 333
Merit: 250


Commander of the Hodl Legions


View Profile
March 18, 2014, 05:08:35 PM
 #10

This looks A W E S O M E... Congrats
MatthewLM
Legendary
*
Offline Offline

Activity: 1190
Merit: 1004


View Profile
March 18, 2014, 05:26:00 PM
 #11

I'll have to take my hat off to you. I've not used it, but this implements a few ideas I've had for a long while, as I could see this as the ultimate compromise for bitcoin wallets providing the best security and instant payments. It's just a shame I didn't get around to doing this myself. I think this has the potential to be huge.
Eggy
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
June 26, 2014, 05:05:16 AM
 #12

Seems very nice!

Any ETA on the Firefox add-on?
tryexcept (OP)
Full Member
***
Offline Offline

Activity: 192
Merit: 100



View Profile
June 30, 2014, 02:06:36 PM
 #13

No ETA, sorry. It is in our list but not very urgent ATM.

It shouldn't be too hard given the code works fine as a Chromium app but we are focusing our energies on improving the stability on iOS and Android as well as improving and industrializing our server side service (including API documentation)

If someone wants to give it a go and do it I'd be happy to merge the Pull Request and tip for it (of course open source and ideally same repo as the Chromium one) if not we'll try to do it at the first occasion!

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!