New Hive Ledger application feature - hash signing (blind signing)

in HiveDevs3 years ago

As more and more people starts using the Ledger Wallet, it became important to support any type of operation possible to broadcast on the Hive network. People often use L2 solutions like dapps and games (f.e. Splinterlands) utilizing the custom_json operation. It was possible to sign transactions with custom_json from the very beginning but due to ledger devices hardware limits (RAM mostly), it was not possible to sign all transactions.

The main limiting factor is RAM size on the ledger device. Most transactions fit easily into the limited space of ledger memory, but some transactions just don't. An example transaction that could not be signed with a ledger device is this one:

As you can see, it contains quite a big json field that could not be parsed on the ledger and displayed to the user. It's just not possible.

Blind signing as a solution to sign anything

This is a known problem for other blockchain and ledger applications. The solution for this problem is quite easy: blind signing in which the user does not see parsed transaction but rather the digest of the transaction. The digest is a hex string representation of the serialized transaction. Example hash looks like this: B2BF27F105D0E0E12F8BC913C8E124B2138E711AFAEAA7E85F186C2D8387F446.

Blind signing is the ultimate solution to sign any type of operation and even multiple operations at once.

But if it's so good, why do we even bother to use any other approach? It's because blind signing poses a risk to the user. It is not possible to convert digest back into the transaction, hence it's not possible to tell what transaction/operation you're accepting on your device. It is a matter of trust that the wallet developers do not fake the digest sent to the device.

Blind signing as an attack vector

An example attack vector could be like this: scam wallets show a valid transaction to the user but the fake digest, pretends to be the digest of the valid operation. The digest could be created from the transfer transaction (i.e HIVE or HBD transfer from the victim to the attacker).

So the user, while thinking he's signing the game-related transaction, in fact, is signing the transfer operation which ends up losing the assets.

Blind signing disabled by default

To mitigate the risk, blind signing on your device is disabled by default. If any wallet tries to use the feature it will receive an error message and the user will see the warning on the screen. It's impossible to use the feature without the user's knowledge.

You have to manually visit application settings and enable it.

Users should take special care when signing hashes. It would be beneficial to create open-source, publicly accessible tool that could calculate the transaction digest. This could give the user another level of confidence that he's signing a proper transaction.

Wallet developers should consider hash signing as a fallback of the normal process and use it only in case of the transaction is too large to sign in a normal way.

Hive Ledger Wallet

It will be possible to sign any transaction on Hive Ledger Wallet pretty soon. This will be a significant improvement for people willing to protect their accounts with the Ledger device.

I'm waiting for the new feature to be merged and rolled out in Ledger Live for existing users. Meanwhile, I updated the javascript library that is used to communicate with ledger devices as well as the CLI.

The library got two new methods:

async signHash(digest: string, path: string): Promise<string>
 async getSettings(): Promise<Settings>
     
 interface Settings {
    /**
     * Determines if hash signing is enabled.
     *  */
    hashSignPolicy: boolean
}

The CLI got a new option to blindly sign supported operations. I will also add a new mechanism that could be used to sign any transaction from the file.


Stay safe, and enjoy using Ledger wallet with your Hive account!.

Don't forget to support me with your witness vote! Click on the image below:


banner_engrave 100.png

Sort:  

Great work!

Wow) cool! 😃
Success! 😊

Setting up mine today.

NVM just did it.. Eazy

Great to hear that. I tried to design the onboarding process to be understandable and easy for everyone!

The instructions where straight forward one thing though I had to try to connect to the desk top / https://hiveledger.io/ a handful of times wouldn't register my device, figured it was me, Never used the damn nano till this morning when I saw your post. I got a hang of the system and button mechanics.

All good now. Thank you much.

image.png

!PIZZA

Ledger Wallet is so awesome. Using it with your Hive account for secure transactions !

Blind signing seems like a great feature. The ledger device and application looks so solid and like a very smart/safe way to go..

Hey guys, great work, I've just bought a Nano S Plus, but can't seem to find the Hive app on the ledger download list, has this been taken off? or do you know if this is just for the Ledger Nano S and X models?
Anyhelp would be highly appreciated.

Thanks and keep up the fantastic work :-)

Hi, did you enable Developers mode in Ledger Live settings? If so, it might mean the application is not yet deployed for Nano S Plus (tbh I don't know because I don't have one). In two weeks, a new version should be deployed that is prepared for S+ so in worst case scenario you have to wait few weeks :)

Thanks for the reply, I realised that I turned the wrong thing on, but now I've sorted it, sorry about that, but thank you ever so much :-)
I've got the app on my device, although I can't use it as it says it's "Pending Ledger Review!", so will have to give it a couple of weeks as you say,

When you're on the Pending Ledger Review screen, press both keys simultaneously to accept it :)

Thanks, I've done that but can't seem to get hiveledger.io to recognise my device for now, so will have a little play around with it. Thanks again :-)

If you have Ledger Live open, it may cause problems. It's recommended to close it before using your device with any other software.

Wow this is really nice and keep up the good work.

PIZZA!

PIZZA Holders sent $PIZZA tips in this post's comments:
@chronocrypto(1/20) tipped @engrave (x1)

You can now send $PIZZA tips in Discord via tip.cc!

i want one of those where can i get one??

You can buy one with this affiliate link.

You can get one from Ledger direct, buy from their official website and not from eBay as people sell devices that can be hacked. Only buy genuine from the suppler direct. 😉👍

Congratulations @engrave! Your post has been a top performer on the Hive blockchain and you have been rewarded with the following badge:

Post with the highest payout of the day.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

I've been following your progress and am looking forward to the day when Hive on Ledger is easy peasy.

It's already easy peasy :P Only the installation requires additional steps but it will be easier when we pass the audit which should happen soon.

Excelente, mas Ram, mas poder

Great work

Damn thats so cool!

Nice ! Come to my profil !

Congratulations @engrave! You received a personal badge!

You powered-up at least 10 HIVE on Hive Power Up Day!
Wait until the end of Power Up Day to find out the size of your Power-Bee.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out the last post from @hivebuzz:

Be ready for the 6th edition of the Hive Power Up Month!
Hive Power Up Day - June 1st 2022

Congratulations @engrave! You received a personal badge!

You powered-up at least 1000 HP on Hive Power Up Day and got the biggest Power-Bee!
See you at the next Power Up day to see if you will repeat this feat.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out the last post from @hivebuzz:

Be ready for the 6th edition of the Hive Power Up Month!
Hive Power Up Day - June 1st 2022

Congratulations @engrave! You received a personal badge!

Happy Hive Birthday! You are on the Hive blockchain for 4 years!

You can view your badges on your board and compare yourself to others in the Ranking

Check out the last post from @hivebuzz:

Hive Power Up Month Challenge 2022-05 - Winners List
Feedback from the June 1st Hive Power Up Day
Be ready for the 6th edition of the Hive Power Up Month!

Hello @engrave! I don't know how to reach you on discord so I'm asking here -- I have created a cold hive wallet which I top up with Hive every month. The idea is to power this up and delegate to this active account. However, for some reason, I am not able to do that. Here you will see that I have 100.041 HP that I can delegate. I tried to delegate that amount to this account.

image.png

Instead of having the total of 200.333 HP delegated (100 last month + 100 now) it seems that it is just updating 100 delegation:

image.png

I thought I must put the full HP of 200.333 but it will not allow coz available HP is only 100.041.

Hope to hear from you.

Hi, that's how the delegation works on a blockchain level - the new delegation overrides the old one. But it's an interesting case 🤔 It Looks like we need to determine available value based on a receiver because it is true that you have only 100 HP available to delegate to anyone else but it is 100 + old delegation for your account specifically. Will try to make it possible soon, thanks for using the wallet!

For now, you will need to remove the old delegation and delegate a new one after 5 days when the delegation comes back to your main account.

Thanks! I will remove the delegation now and will just update once the full amount is available. I will also watch out for your update.

As with other frontends, maybe Hive Ledger should just have "update delegation" option? Just a thought...

Hi, we just pushed a new version of hiveledger wallet and you should be interested in one particular change - delegate stake form respects current delegations from now on, so it's possible to update the delegation with higher value (it's a fix for your particular case)

Available amount will sum your current delegation and the unused stake you have, so it fixes your problem :)

Hello, @engrave ! Just want to let you know that I am trying this new feature ATM but the transaction is failing. :(

image.png

Edit: Thanks! Delegation has gone through! :)

I'm preparing one more fix regarding the HP->VESTS conversion (currently, it's possible that the transaction fails when you try to delegate the absolute max of your stake).

I'm also going to push an update with much better error handling so you should see (if any) descriptive error message, rather than "Transaction failed to broadcast" :)

Oh! Super nice! I was really hoping for this. I was about to un-delegate the other day to add more to the HP and this time I won't have to. It's really appreciated. Super useful! I know this will benefit a lot of other Hivers.

I am still hoping to see functionality added for Hive Engine tokens! I would love to be able to manage the whole wallet via ledger for active key transactions rather than just hive and HBD.

I use mine not as a cold wallet but as a way to secure the higher security keys to allow posting still.

The latest version is waiting for ledger review and when it passes it - keychain team will start implementing the support so in the end you will be able to use your ledger device with any frontend and app that supports Hive Keychain :) It just takes time.

This is awesome news!