Elliot Blanchard is a full stack web developer. He recently launched Zdash.info, a live analytics dashboard for Zcash ecosystem data, and a beta release of a free Zcash API sharing Zcash-cli data via a RESTful JSON interface. Elliot will be acting as the team treasurer for the project.
Fireice is a freelance C++ developer. He has experience writing miners for Monero and other cryptonote coins, as well as implementing a webwallet for Ryo currency. In Zcash he is helping out with running Telegram and Reddit communities.
Mistfpga is a freelance reverse engineer and tester. He has developed a fpga based zcash hardware wallet. He brings a strong background in finTECH testing and security to the project
A Chromium browser extension for the Zcash ecosystem will provide a simple and intuitive way to make fully shielded transactions. We propose a limited approach that minimizes blockchain data requirements and helps to keep local storage and processing requirements low. Encrypted local stores will keep outputs and keys secure - and are never sent to a remote server. Proper input sanitization will ensure protection against XSS attacks.
Appropriate use cases include low value / high frequency transactions such as receiving mining payouts, sending and receiving tips, and more. Our project will provide immediate value to Zcash users as well as providing a good foundation for potential future functionality including Zcash UDAs/ZRC-20 style tokens.
A WASM (WebAssembly) engine will be used to ensure high performance in the browser while also enabling easy communication with the frontend. The WASM engine will handle two primary tasks: On the Rx side, the engine will receive block data from the frontend, scan this data to find outputs addressed to the user’s wallet, then forward those outputs back to the frontend for local storage in the wallet data file. On the Tx side, the WASM engine will take known outputs and generate a signed transaction, thus spending them. This transaction will be then broadcast via our lightwalletd proxy. Our limited approach to wallet use cases allow us to minimize blockchain data requirements while also ensuring reasonable resource usage on client devices. In general WASM is fairly close in performance to native code, so any devices able to run lightwalletd are likely to be able to run the webwallet. We will additionally write performance tests to have well defined performance limits.
A lightweight proxy server will mediate communications between the client browser and the lightwalletd backend service, translating binary format RPC calls to JSON using JSON-RPC encoding.
Includes OWASP best practice implementation and manual and automated testing. We will also engage an external company for a comprehensive 3rd party security and test review performed by domain specialists.
Despite the efficiency inherent in using a WASM engine, complex transactions will still be constructed locally. This can lead to slow performance for especially complex transactions.
Even though we will be encrypting all local storage, any attacker that gains access to and control of the client device will be able to compromise the local data given enough time and resources.
Finally, ongoing operations, costs, infrastructure, and maintenance could become a complicating factor depending on the scale of user adoption.
We propose a rate of $15,000 USD per man month as a framework. For the 9 1/3 man months outlined above, the base budget would be $140,000 USD. In addition, we include 100 hours of $100/hr consulting fees to compensate qualified domain knowledge experts to assist with technical guidance during the project for a total of $10,000 USD. Finally, we want to include $500 USD for development hosting and infrastructure.