grassrootseconomics/cic-docs
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: grassrootseconomics:web_wallet_authentication
Branches Tags
grassrootseconomics:master grassrootseconomics:web_wallet_authentication grassrootseconomics:lash/social-recovery grassrootseconomics:lash/deployment-changes grassrootseconomics:lash/token-registration grassrootseconomics:lash/extension-api-2 grassrootseconomics:lash/extension-apis grassrootseconomics:lash/reserve-proof grassrootseconomics:lash/review-selfservice-token grassrootseconomics:lash/review-depth-bump grassrootseconomics:lash/review-xdai-migration grassrootseconomics:lash/initial-review
..
compare: grassrootseconomics:lash/social-recovery
Branches Tags
grassrootseconomics:web_wallet_authentication grassrootseconomics:lash/social-recovery grassrootseconomics:master grassrootseconomics:lash/deployment-changes grassrootseconomics:lash/token-registration grassrootseconomics:lash/extension-api-2 grassrootseconomics:lash/extension-apis grassrootseconomics:lash/reserve-proof grassrootseconomics:lash/review-selfservice-token grassrootseconomics:lash/review-depth-bump grassrootseconomics:lash/review-xdai-migration grassrootseconomics:lash/initial-review

1 Commits
web_wallet ... lash/socia

Author SHA1 Message Date
nolash
8cfc3713b8 Add social recovery proposal spec 2021-10-23 17:24:08 +02:00
3 changed files with 168 additions and 529 deletions
Expand all files Collapse all files

323
images/webwallet_authentication.svg
View File

@@ -1,323 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><!-- Generated by graphviz version 2.40.1 (20161225.0304)
--><!-- Title: G Pages: 1 --><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="1035pt" height="1258pt" viewBox="0.00 0.00 1035.00 1258.20">
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 1254.2)">
<title>G</title>
<polygon fill="#ffffff" stroke="transparent" points="-4,4 -4,-1254.2 1031,-1254.2 1031,4 -4,4"/>
<g id="clust1" class="cluster">
<title>cluster_0</title>
<polygon fill="none" stroke="#000000" points="8,-8 8,-1242.2 490,-1242.2 490,-8 8,-8"/>
<text text-anchor="middle" x="249" y="-1225.6" font-family="Times,serif" font-size="14.00" fill="#000000">Create Account</text>
</g>
<g id="clust2" class="cluster">
<title>cluster_1</title>
<polygon fill="none" stroke="#000000" points="498,-689.8 498,-1242.2 820,-1242.2 820,-689.8 498,-689.8"/>
<text text-anchor="middle" x="659" y="-1225.6" font-family="Times,serif" font-size="14.00" fill="#000000">Sign In</text>
</g>
<g id="clust3" class="cluster">
<title>cluster_2</title>
<polygon fill="none" stroke="#000000" points="828,-689.8 828,-1242.2 1019,-1242.2 1019,-689.8 828,-689.8"/>
<text text-anchor="middle" x="923.5" y="-1225.6" font-family="Times,serif" font-size="14.00" fill="#000000">Endorse</text>
</g>
<!-- create -->
<g id="node1" class="node">
<title>create</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="281.959,-1209.4 178.041,-1209.4 178.041,-1173.4 281.959,-1173.4 281.959,-1209.4"/>
<text text-anchor="middle" x="230" y="-1187.2" font-family="Handlee" font-size="14.00" fill="#000000">Create Account</text>
</g>
<!-- trusted -->
<g id="node2" class="node">
<title>trusted</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="230,-1098.4 63.6829,-1080.4 230,-1062.4 396.3171,-1080.4 230,-1098.4"/>
<text text-anchor="middle" x="230" y="-1076.2" font-family="Handlee" font-size="14.00" fill="#000000">Are you on a trusted device</text>
</g>
<!-- create&#45;&gt;trusted -->
<g id="edge1" class="edge">
<title>create-&gt;trusted</title>
<path fill="none" stroke="#000000" d="M230,-1173.0706C230,-1155.6373 230,-1129.1482 230,-1108.9489"/>
<polygon fill="#000000" stroke="#000000" points="233.5001,-1108.7566 230,-1098.7566 226.5001,-1108.7567 233.5001,-1108.7566"/>
</g>
<!-- password -->
<g id="node3" class="node">
<title>password</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="335.2795,-844.8 204.7205,-844.8 204.7205,-808.8 335.2795,-808.8 335.2795,-844.8"/>
<text text-anchor="middle" x="270" y="-822.6" font-family="Handlee" font-size="14.00" fill="#000000">Create new Account</text>
</g>
<!-- trusted&#45;&gt;password -->
<g id="edge2" class="edge">
<title>trusted-&gt;password</title>
<path fill="none" stroke="#000000" d="M155.9008,-1070.3951C100.397,-1060.7501 34,-1043.644 34,-1017 34,-1017 34,-1017 34,-890.2 34,-885.9731 125.5091,-862.427 194.5625,-845.2606"/>
<polygon fill="#000000" stroke="#000000" points="195.711,-848.5819 204.5742,-842.7773 194.0257,-841.7878 195.711,-848.5819"/>
<text text-anchor="middle" x="44.8829" y="-949.4" font-family="Handlee" font-size="14.00" fill="#000000">Yes</text>
</g>
<!-- are_you_sure -->
<g id="node4" class="node">
<title>are_you_sure</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="278,-971.6 73.5428,-953.6 278,-935.6 482.4572,-953.6 278,-971.6"/>
<text text-anchor="middle" x="278" y="-949.4" font-family="Handlee" font-size="14.00" fill="#000000">Are you sure you want to continue</text>
</g>
<!-- trusted&#45;&gt;are_you_sure -->
<g id="edge3" class="edge">
<title>trusted-&gt;are_you_sure</title>
<path fill="none" stroke="#000000" d="M236.5735,-1063.0349C244.6073,-1041.8125 258.2931,-1005.6591 267.7226,-980.7495"/>
<polygon fill="#000000" stroke="#000000" points="271.0847,-981.7538 271.3518,-971.1623 264.5381,-979.2755 271.0847,-981.7538"/>
<text text-anchor="middle" x="264.5533" y="-1012.8" font-family="Handlee" font-size="14.00" fill="#000000">No</text>
</g>
<!-- generate_key_pair -->
<g id="node5" class="node">
<title>generate_key_pair</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="321.0275,-733.8 158.9725,-733.8 158.9725,-697.8 321.0275,-697.8 321.0275,-733.8"/>
<text text-anchor="middle" x="240" y="-711.6" font-family="Handlee" font-size="14.00" fill="#000000">Generate Device Key Pair</text>
</g>
<!-- password&#45;&gt;generate_key_pair -->
<g id="edge5" class="edge">
<title>password-&gt;generate_key_pair</title>
<path fill="none" stroke="#000000" d="M265.0461,-808.4706C260.3127,-790.9569 253.1091,-764.3039 247.6406,-744.0701"/>
<polygon fill="#000000" stroke="#000000" points="250.9492,-742.8971 244.9612,-734.1566 244.1916,-744.7235 250.9492,-742.8971"/>
</g>
<!-- are_you_sure&#45;&gt;password -->
<g id="edge4" class="edge">
<title>are_you_sure-&gt;password</title>
<path fill="none" stroke="#000000" d="M276.8538,-935.4327C275.529,-914.4352 273.3329,-879.6261 271.7842,-855.079"/>
<polygon fill="#000000" stroke="#000000" points="275.2669,-854.6934 271.1441,-844.9336 268.2808,-855.1342 275.2669,-854.6934"/>
<text text-anchor="middle" x="284.8829" y="-886" font-family="Handlee" font-size="14.00" fill="#000000">Yes</text>
</g>
<!-- verify_key_copied -->
<g id="node7" class="node">
<title>verify_key_copied</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="303.6867,-622.8 176.3133,-622.8 176.3133,-586.8 303.6867,-586.8 303.6867,-622.8"/>
<text text-anchor="middle" x="240" y="-600.6" font-family="Handlee" font-size="14.00" fill="#000000">Verify Seed Copied</text>
</g>
<!-- generate_key_pair&#45;&gt;verify_key_copied -->
<g id="edge7" class="edge">
<title>generate_key_pair-&gt;verify_key_copied</title>
<path fill="none" stroke="#000000" d="M240,-697.4706C240,-680.0373 240,-653.5482 240,-633.3489"/>
<polygon fill="#000000" stroke="#000000" points="243.5001,-633.1566 240,-623.1566 236.5001,-633.1567 243.5001,-633.1566"/>
</g>
<!-- seed -->
<g id="node6" class="node">
<title>seed</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="187,-844.8 133,-844.8 133,-808.8 187,-808.8 187,-844.8"/>
<text text-anchor="middle" x="160" y="-822.6" font-family="Handlee" font-size="14.00" fill="#000000">Seed</text>
</g>
<!-- seed&#45;&gt;generate_key_pair -->
<g id="edge6" class="edge">
<title>seed-&gt;generate_key_pair</title>
<path fill="none" stroke="#000000" d="M173.2104,-808.4706C186.1802,-790.4749 206.1047,-762.8298 220.8185,-742.4143"/>
<polygon fill="#000000" stroke="#000000" points="223.7625,-744.3156 226.77,-734.1566 218.0837,-740.2228 223.7625,-744.3156"/>
</g>
<!-- store_key_pair -->
<g id="node8" class="node">
<title>store_key_pair</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="341.0924,-511.8 138.9076,-511.8 138.9076,-475.8 341.0924,-475.8 341.0924,-511.8"/>
<text text-anchor="middle" x="240" y="-489.6" font-family="Handlee" font-size="14.00" fill="#000000">Store Encrypted Device Key Pair</text>
</g>
<!-- verify_key_copied&#45;&gt;store_key_pair -->
<g id="edge8" class="edge">
<title>verify_key_copied-&gt;store_key_pair</title>
<path fill="none" stroke="#000000" d="M240,-586.4706C240,-569.0373 240,-542.5482 240,-522.3489"/>
<polygon fill="#000000" stroke="#000000" points="243.5001,-522.1566 240,-512.1566 236.5001,-522.1567 243.5001,-522.1566"/>
</g>
<!-- export_key -->
<g id="node9" class="node">
<title>export_key</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="240,-400.8 31.9329,-382.8 240,-364.8 448.0671,-382.8 240,-400.8"/>
<text text-anchor="middle" x="240" y="-378.6" font-family="Handlee" font-size="14.00" fill="#000000">Do you want to save to USB/local?</text>
</g>
<!-- store_key_pair&#45;&gt;export_key -->
<g id="edge9" class="edge">
<title>store_key_pair-&gt;export_key</title>
<path fill="none" stroke="#000000" d="M240,-475.4706C240,-458.0373 240,-431.5482 240,-411.3489"/>
<polygon fill="#000000" stroke="#000000" points="243.5001,-411.1566 240,-401.1566 236.5001,-411.1567 243.5001,-411.1566"/>
</g>
<!-- select_export_location -->
<g id="node10" class="node">
<title>select_export_location</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="218.5744,-274 73.4256,-274 73.4256,-238 218.5744,-238 218.5744,-274"/>
<text text-anchor="middle" x="146" y="-251.8" font-family="Handlee" font-size="14.00" fill="#000000">Select Export Location</text>
</g>
<!-- export_key&#45;&gt;select_export_location -->
<g id="edge10" class="edge">
<title>export_key-&gt;select_export_location</title>
<path fill="none" stroke="#000000" d="M227.3227,-365.6992C211.4537,-344.2928 184.1063,-307.403 165.5493,-282.3707"/>
<polygon fill="#000000" stroke="#000000" points="168.1522,-280.0048 159.3852,-274.0558 162.5289,-284.1735 168.1522,-280.0048"/>
<text text-anchor="middle" x="207.8829" y="-315.2" font-family="Handlee" font-size="14.00" fill="#000000">Yes</text>
</g>
<!-- create_account -->
<g id="node11" class="node">
<title>create_account</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="338.2121,-163 43.7879,-163 43.7879,-127 338.2121,-127 338.2121,-163"/>
<text text-anchor="middle" x="191" y="-140.8" font-family="Handlee" font-size="14.00" fill="#000000">Create account and associate with device key pair</text>
</g>
<!-- export_key&#45;&gt;create_account -->
<g id="edge11" class="edge">
<title>export_key-&gt;create_account</title>
<path fill="none" stroke="#000000" d="M246.4484,-365.2987C250.5139,-352.7118 255,-335.2351 255,-319.4 255,-319.4 255,-319.4 255,-200.5 255,-187.8508 247.776,-177.4365 238.1821,-169.1832"/>
<polygon fill="#000000" stroke="#000000" points="240.1537,-166.2855 230.0727,-163.026 235.9207,-171.8607 240.1537,-166.2855"/>
<text text-anchor="middle" x="263.5533" y="-251.8" font-family="Handlee" font-size="14.00" fill="#000000">No</text>
</g>
<!-- select_export_location&#45;&gt;create_account -->
<g id="edge12" class="edge">
<title>select_export_location-&gt;create_account</title>
<path fill="none" stroke="#000000" d="M153.4308,-237.6706C160.5961,-219.9963 171.5349,-193.014 179.7643,-172.7148"/>
<polygon fill="#000000" stroke="#000000" points="183.0446,-173.939 183.5581,-163.3566 176.5574,-171.309 183.0446,-173.939"/>
</g>
<!-- share_endorsement_url -->
<g id="node12" class="node">
<title>share_endorsement_url</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="313.1021,-52 68.8979,-52 68.8979,-16 313.1021,-16 313.1021,-52"/>
<text text-anchor="middle" x="191" y="-29.8" font-family="Handlee" font-size="14.00" fill="#000000">Share Endorsement URL with Endorsers</text>
</g>
<!-- create_account&#45;&gt;share_endorsement_url -->
<g id="edge13" class="edge">
<title>create_account-&gt;share_endorsement_url</title>
<path fill="none" stroke="#000000" d="M191,-126.6706C191,-109.2373 191,-82.7482 191,-62.5489"/>
<polygon fill="#000000" stroke="#000000" points="194.5001,-62.3566 191,-52.3566 187.5001,-62.3567 194.5001,-62.3566"/>
</g>
<!-- select_profile -->
<g id="node13" class="node">
<title>select_profile</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="811.8074,-1209.4 720.1926,-1209.4 720.1926,-1173.4 811.8074,-1173.4 811.8074,-1209.4"/>
<text text-anchor="middle" x="766" y="-1187.2" font-family="Handlee" font-size="14.00" fill="#000000">Select Profile</text>
</g>
<!-- enter_password -->
<g id="node15" class="node">
<title>enter_password</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="786.9731,-1098.4 683.0269,-1098.4 683.0269,-1062.4 786.9731,-1062.4 786.9731,-1098.4"/>
<text text-anchor="middle" x="735" y="-1076.2" font-family="Handlee" font-size="14.00" fill="#000000">Enter Password</text>
</g>
<!-- select_profile&#45;&gt;enter_password -->
<g id="edge14" class="edge">
<title>select_profile-&gt;enter_password</title>
<path fill="none" stroke="#000000" d="M760.881,-1173.0706C755.9673,-1155.4766 748.4778,-1128.6591 742.8176,-1108.392"/>
<polygon fill="#000000" stroke="#000000" points="746.1876,-1107.4466 740.1266,-1098.7566 739.4456,-1109.3295 746.1876,-1107.4466"/>
</g>
<!-- upload_key -->
<g id="node14" class="node">
<title>upload_key</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="702.033,-1209.4 617.967,-1209.4 617.967,-1173.4 702.033,-1173.4 702.033,-1209.4"/>
<text text-anchor="middle" x="660" y="-1187.2" font-family="Handlee" font-size="14.00" fill="#000000">Upload Key</text>
</g>
<!-- upload_key&#45;&gt;enter_password -->
<g id="edge15" class="edge">
<title>upload_key-&gt;enter_password</title>
<path fill="none" stroke="#000000" d="M672.3847,-1173.0706C684.4897,-1155.1552 703.0565,-1127.6764 716.8323,-1107.2881"/>
<polygon fill="#000000" stroke="#000000" points="719.8983,-1109.002 722.5969,-1098.7566 714.0982,-1105.083 719.8983,-1109.002"/>
</g>
<!-- link_account -->
<g id="node16" class="node">
<title>link_account</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="599.8703,-1209.4 506.1297,-1209.4 506.1297,-1173.4 599.8703,-1173.4 599.8703,-1209.4"/>
<text text-anchor="middle" x="553" y="-1187.2" font-family="Handlee" font-size="14.00" fill="#000000">Link Account</text>
</g>
<!-- enter_phone_number -->
<g id="node17" class="node">
<title>enter_phone_number</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="640.1881,-1098.4 505.8119,-1098.4 505.8119,-1062.4 640.1881,-1062.4 640.1881,-1098.4"/>
<text text-anchor="middle" x="573" y="-1076.2" font-family="Handlee" font-size="14.00" fill="#000000">Enter Phone Number</text>
</g>
<!-- link_account&#45;&gt;enter_phone_number -->
<g id="edge16" class="edge">
<title>link_account-&gt;enter_phone_number</title>
<path fill="none" stroke="#000000" d="M556.3026,-1173.0706C559.4582,-1155.5569 564.2606,-1128.9039 567.9063,-1108.6701"/>
<polygon fill="#000000" stroke="#000000" points="571.3637,-1109.2188 569.6925,-1098.7566 564.4746,-1107.9775 571.3637,-1109.2188"/>
</g>
<!-- send_otp -->
<g id="node18" class="node">
<title>send_otp</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="609.939,-971.6 536.061,-971.6 536.061,-935.6 609.939,-935.6 609.939,-971.6"/>
<text text-anchor="middle" x="573" y="-949.4" font-family="Handlee" font-size="14.00" fill="#000000">Send OTP</text>
</g>
<!-- enter_phone_number&#45;&gt;send_otp -->
<g id="edge17" class="edge">
<title>enter_phone_number-&gt;send_otp</title>
<path fill="none" stroke="#000000" d="M573,-1062.2327C573,-1041.2352 573,-1006.4261 573,-981.879"/>
<polygon fill="#000000" stroke="#000000" points="576.5001,-981.7336 573,-971.7336 569.5001,-981.7337 576.5001,-981.7336"/>
</g>
<!-- enter_pin -->
<g id="node19" class="node">
<title>enter_pin</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="607.4934,-844.8 538.5066,-844.8 538.5066,-808.8 607.4934,-808.8 607.4934,-844.8"/>
<text text-anchor="middle" x="573" y="-822.6" font-family="Handlee" font-size="14.00" fill="#000000">Enter Pin</text>
</g>
<!-- send_otp&#45;&gt;enter_pin -->
<g id="edge18" class="edge">
<title>send_otp-&gt;enter_pin</title>
<path fill="none" stroke="#000000" d="M573,-935.4327C573,-914.4352 573,-879.6261 573,-855.079"/>
<polygon fill="#000000" stroke="#000000" points="576.5001,-854.9336 573,-844.9336 569.5001,-854.9337 576.5001,-854.9336"/>
</g>
<!-- create_account_flow -->
<g id="node20" class="node">
<title>create_account_flow</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="641.7381,-733.8 506.2619,-733.8 506.2619,-697.8 641.7381,-697.8 641.7381,-733.8"/>
<text text-anchor="middle" x="574" y="-711.6" font-family="Handlee" font-size="14.00" fill="#000000">Create Account Flow</text>
</g>
<!-- enter_pin&#45;&gt;create_account_flow -->
<g id="edge19" class="edge">
<title>enter_pin-&gt;create_account_flow</title>
<path fill="none" stroke="#000000" d="M573.1651,-808.4706C573.3222,-791.0373 573.5608,-764.5482 573.7428,-744.3489"/>
<polygon fill="#000000" stroke="#000000" points="577.2443,-744.1878 573.8346,-734.1566 570.2446,-744.1247 577.2443,-744.1878"/>
</g>
<!-- open_link -->
<g id="node21" class="node">
<title>open_link</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="961.2649,-1209.4 884.7351,-1209.4 884.7351,-1173.4 961.2649,-1173.4 961.2649,-1209.4"/>
<text text-anchor="middle" x="923" y="-1187.2" font-family="Handlee" font-size="14.00" fill="#000000">Open Link</text>
</g>
<!-- sign_in -->
<g id="node22" class="node">
<title>sign_in</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="951.334,-1098.4 894.666,-1098.4 894.666,-1062.4 951.334,-1062.4 951.334,-1098.4"/>
<text text-anchor="middle" x="923" y="-1076.2" font-family="Handlee" font-size="14.00" fill="#000000">Sign In</text>
</g>
<!-- open_link&#45;&gt;sign_in -->
<g id="edge20" class="edge">
<title>open_link-&gt;sign_in</title>
<path fill="none" stroke="#000000" d="M923,-1173.0706C923,-1155.6373 923,-1129.1482 923,-1108.9489"/>
<polygon fill="#000000" stroke="#000000" points="926.5001,-1108.7566 923,-1098.7566 919.5001,-1108.7567 926.5001,-1108.7566"/>
</g>
<!-- custodial -->
<g id="node23" class="node">
<title>custodial</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="923,-971.6 855.0787,-953.6 923,-935.6 990.9213,-953.6 923,-971.6"/>
<text text-anchor="middle" x="923" y="-949.4" font-family="Handlee" font-size="14.00" fill="#000000">Custodial</text>
</g>
<!-- sign_in&#45;&gt;custodial -->
<g id="edge21" class="edge">
<title>sign_in-&gt;custodial</title>
<path fill="none" stroke="#000000" d="M923,-1062.2327C923,-1041.2352 923,-1006.4261 923,-981.879"/>
<polygon fill="#000000" stroke="#000000" points="926.5001,-981.7336 923,-971.7336 919.5001,-981.7337 926.5001,-981.7336"/>
</g>
<!-- ask_server -->
<g id="node24" class="node">
<title>ask_server</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="958.1481,-844.8 835.8519,-844.8 835.8519,-808.8 958.1481,-808.8 958.1481,-844.8"/>
<text text-anchor="middle" x="897" y="-822.6" font-family="Handlee" font-size="14.00" fill="#000000">Ask Server to Sign</text>
</g>
<!-- custodial&#45;&gt;ask_server -->
<g id="edge22" class="edge">
<title>custodial-&gt;ask_server</title>
<path fill="none" stroke="#000000" d="M919.4935,-936.4992C915.2,-915.5602 907.8688,-879.8065 902.7469,-854.8271"/>
<polygon fill="#000000" stroke="#000000" points="906.1397,-853.9489 900.7023,-844.8558 899.2824,-855.3551 906.1397,-853.9489"/>
<text text-anchor="middle" x="921.8829" y="-886" font-family="Handlee" font-size="14.00" fill="#000000">Yes</text>
</g>
<!-- okota_tx -->
<g id="node25" class="node">
<title>okota_tx</title>
<polygon fill="#d3d3d3" stroke="#d3d3d3" points="968.334,-733.8 911.666,-733.8 911.666,-697.8 968.334,-697.8 968.334,-733.8"/>
<text text-anchor="middle" x="940" y="-711.6" font-family="Handlee" font-size="14.00" fill="#000000">Sign In</text>
</g>
<!-- custodial&#45;&gt;okota_tx -->
<g id="edge23" class="edge">
<title>custodial-&gt;okota_tx</title>
<path fill="none" stroke="#000000" d="M949.8421,-942.5359C969.948,-932.2607 994,-914.823 994,-890.2 994,-890.2 994,-890.2 994,-771.3 994,-758.2523 986.2385,-747.1208 976.6005,-738.3279"/>
<polygon fill="#000000" stroke="#000000" points="978.5423,-735.395 968.5812,-731.7856 974.1173,-740.819 978.5423,-735.395"/>
<text text-anchor="middle" x="1002.5533" y="-822.6" font-family="Handlee" font-size="14.00" fill="#000000">No</text>
</g>
<!-- ask_server&#45;&gt;okota_tx -->
<g id="edge24" class="edge">
<title>ask_server-&gt;okota_tx</title>
<path fill="none" stroke="#000000" d="M904.1006,-808.4706C910.9474,-790.7963 921.4,-763.814 929.2636,-743.5148"/>
<polygon fill="#000000" stroke="#000000" points="932.5402,-744.7457 932.8889,-734.1566 926.0128,-742.2171 932.5402,-744.7457"/>
</g>
</g>
</svg>
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

168
spec/025_social_recovery.md Normal file
View File

@@ -0,0 +1,168 @@
<!--
valid status values are: Pre-draft|Draft|Proposal|Accepted
-->
* Authors: Louis Holbrook <dev@holbrook.no> (https://holbrook.no), Philip Wafula, Will Luke
* Date: 2021.10.23
* Version: 1
* Status: Pre-draft
# Social recovery of accounts
Social recovery for the custodial system introduces another new service, `cic-eth-recovery`.
The service interfaces with a multisignature lock smart contract, and provides the following:
- a mapping of one or more wallet keys to the custodial private key
- a proxy for generating multisignature triggers for cic-eth-recovery to change existing wallet key mappings
- a proxy for generating a salt to override the safety grace period of a triggered wallet key mappng change
The service has an HTTP interface, which submits transaction calls to the cic-eth-tasker.
## Nomenclature
### Custodial private key
A private key that holds value, generated and managed by the custodial system.
### Address
The corresponding address of a custodial private key
### User
A human being for whom a custodial private key is held by the cic custodial system.
### Client
A user using a particular device to interface with the custodial system and the CIC network.
### Wallet key
A public/private key pair generated on a client device. The wallet key is used as autentication and authorization to perform queries and transactions using the user's custodial private key.
### Seed phrase
A human readable phrase that may be used to regenerate a wallet key.
### Password
A human generated string protecting the private portion of the wallet key on a device.
### Recovery custodian
A user who may generate a valid signature for the multi signature lock contract that can trigger wallet key changes for another user.
### Social recovery id
Represents all recovery custodian signatures
### Social recovery token
Represents a recovery custodian's signature for a particular user's custodial private key. It is the hash the recovery custodian's address and the user's address.
### Recovery request
The multisignature lock contract state when a quorum of signatures has been reached to satisfy given criteria for changing a wallet key.
### Recovery grace period
A time period that must lapse after a recovery request until a wallet key change can be made. The wallet key may cancel the recovery request at any time during this stage.
### Recovery execution
The funds held by the lost custodial private key are transferred to the new custodial private key.
## Procedure
In the following narratives, Alice is the user whose wallet keys have been lost, and Bob and Carol are benevolent recovery custodians for Alice. Mallory and Trudy are malicious recovery custodians, or are attacking the recovery system in other manners.
### Creating a recovery lock
1. Alice selects "manage recovery" on her device.
2. Alice selects "add custodian" on her device.
3. Alice enters the wallet key of Bob and submits
4. `cic-eth-recovery` calculates and social recovery id `SRID` = `hash(Aa, Sr)` and a social recovery token `SRT` = `hash(Ab, SRID)` where:
- Aa is Alice's address
- Ab is Bob's address
- Sr is a salt value
5. `cic-eth-recovery` registers a multisignature recovery lock entry with the smart contract using `SRID` and `SRT`.
6. Step 2-5 are repeated for Carol.
7. Step 2-5 are repeated for any further recovery custodians Alice wish to register, for a total of `n`
8. Alice selects "activate recovery" on her device, choosing:
- Quorum; Which `m` of `n` recovery custodians must sign before a recovery request will be triggered
- How long is the recovery grace period `G`
- A easy-to-remember override phrase `Po` to trigger recovery execution before `G` has expired.
9. `cic-eth-recovery` calculates the social recovery override proof = SROP = `hash(Po, So)`, where `So` is a salt value different from `Sr`.
10. `cic-eth-recovery` registers the quorum, grace period and `SROP` against the `SRT` in the smart contract.
11. `cic-eth-recovery` _activated_ the multisignature recovery lock. From this point Bob, Carol and any other recovery custodian may initiate recovery requests.
### Deleting a recovery custodian
1. ...
### Recovering the custodial private key
Assume that `2` of `m` signatures are needed to trigger a recovery request.
1. Alice creates a new wallet key.
2. Bob selects "manage custodies"
3. Bob selects the entry for Alice, with the corresponding SRID.
4. Bob enters Alice's new wallet key.
4. Bob selects "request recovery"
5. `cic-eth-recovery` sends a signature transaction for bob to the multisignature lock contract containing the SRID and Alice's new wallet key. (signature validity is checked against `SRT`)
6. `1` of `n` signatures have now been registered.
7. The steps 2-5 are repeated for Carol.
8. `2` of `n` signatures have now been registered, quorum is reached.
9. `cic-eth-recovery` issues a notification to all Alice's devices associated with the SRID, saying a recovery request has been triggered.
(Note that Alice may already transact using her new account, while waiting for the old account to be recovered).
From here on two scenarios are possible:
#### Recovery after grace period
10. The grace period elapses
11. Alice selects `claim account` on her device.
12. `cic-eth-recovery` finalizes the multisignature lock for the SRID.
13. `cic-eth-recovery` triggers recovery execution.
#### Overridden grace period
10. Alice selects `claim account` on her device.
11. Alice enters the override phrase.
12. `cic-eth-recovery` calculates `hash(Aa, So)`
13. `cic-eth-recovery` triggers recovery execution.
## Contract interface
- `register(SRID, SRT)`
- `activate(SRID, G, SROP)`
- `request(SRID)` (where contract hashes sender address to match `SRT`)
## Attack vectors
- Stolen device
- Dictionary attack for `Po` (through `cic-eth-recovery`)

206
spec/025_web_wallet_authentication.md
View File

@@ -1,206 +0,0 @@
# Web Wallet Authentication
<!--
valid status values are: Pre-draft|Draft|Proposal|Accepted
-->
- Authors: William Luke <williamluke4@gmail.com> (grassecon.org)
- Date: 2022.01.12
- Version: 1
- Status: Pre-draft
## Rationale
## Intro
## User Flow:
![web_wallet_authentication](../images/webwallet_authentication.svg)
```dot
digraph G {
node [fontname = "Handlee"];
edge [fontname = "Handlee"];
splines=true;
subgraph cluster_0 {
label = "Create Account";
color=black
node [style=filled,color=lightgray];
create [
label = "Create Account";
shape = rect;
];
create -> trusted
trusted [
label = "Are you on a trusted device";
shape = diamond;
];
trusted -> password [ label = "Yes"];
trusted -> are_you_sure [ label = "No" ];
are_you_sure [
label = "Are you sure you want to continue";
shape = diamond;
];
are_you_sure -> password [ label = "Yes"];
password [
label = "Create new Account";
shape = rect;
];
password -> generate_key_pair
generate_key_pair [
label = "Generate Device Key Pair";
shape = rect;
];
seed [
label = "Seed";
shape = rect;
];
seed -> generate_key_pair
generate_key_pair -> verify_key_copied
verify_key_copied [
label = "Verify Seed Copied";
shape = rect;
];
verify_key_copied -> store_key_pair
store_key_pair [
label = "Store Encrypted Device Key Pair";
shape = rect;
];
store_key_pair -> export_key
export_key [
label = "Do you want to save to USB/local?";
shape = diamond;
];
export_key -> select_export_location [ label = "Yes"];
export_key -> create_account [ label = "No"];
select_export_location [
label = "Select Export Location";
shape = rect;
]
select_export_location -> create_account
create_account [
label = "Create account and associate with device key pair";
shape = rect;
];
create_account -> share_endorsement_url
share_endorsement_url [
label = "Share Endorsement URL with Endorsers";
shape = rect;
];
}
subgraph cluster_1 {
label = "Sign In";
color=black
node [style=filled,color=lightgray];
select_profile [
label = "Select Profile";
shape = rect;
];
upload_key [
label = "Upload Key";
shape = rect;
];
select_profile -> enter_password
upload_key -> enter_password
enter_password [
label = "Enter Password";
shape = rect;
];
link_account [
label = "Link Account";
shape = rect;
];
link_account -> enter_phone_number
enter_phone_number [
label = "Enter Phone Number";
shape = rect;
];
enter_phone_number -> send_otp
send_otp [
label = "Send OTP";
shape = rect;
];
send_otp -> enter_pin
enter_pin [
label = "Enter Pin";
shape = rect;
];
enter_pin -> create_account_flow
create_account_flow [
label = "Create Account Flow";
shape = rect;
];
}
subgraph cluster_2 {
label = "Endorse";
color=black
node [style=filled,color=lightgray];
open_link [
label = "Open Link";
shape = rect;
];
open_link -> sign_in
sign_in [
label = "Sign In";
shape = rect;
];
sign_in -> custodial
custodial [
label = "Custodial";
shape = diamond;
];
custodial -> ask_server [label="Yes"]
custodial -> okota_tx [label="No"]
ask_server -> okota_tx
ask_server [
label = "Ask Server to Sign";
shape = rect;
];
okota_tx [
label = "Sign In";
shape = rect;
];
}
}
```
## Example:
## Testing
## Action items
## Implementation
### Workflow
### Variables
### Interface
## Security
## Changelog
<!--
Please remember to describe every change to this document in the changelog using
serial number:
* version 1:
-->