The goal of this epic is the attestation of the influx Car Wallet to riddle.network via the 0x21e8 service that is currently finished.

The Car Wallet does not come with an HW-based secure element (e.g. SE050).
Therefore, we propose to integrate a simple trezor-crypto-based SDK to add the SE050 features into the Car Wallet. Instead of using this directly, we propose to craft a small SDK with an API similar to the SE050 abstraction.

This SDK should become a part of the adapt3r toolchain.

The SW-based SE SDK should have the following features:

Master seed

• create a secret master seed
• backup a current master seed
• restore master seed from mnemonic phrase given by an array of words (24)

HD features

• define chain-id, account, index to retrieve an address and the raw public key
• sign given data for an chain-id, account, index
• verify signature with data, and public key

Initially, we need to support liquid and planetmint.

we will review the status and capabilities of https://github.com/RiddleAndCode/utimaco-connector

Symmetric Key Derivatoin (SLIP 21) will enable the RDDL-devices to utilize a different symmetric key per transaction and thereby increase the security management around encrypted transactions.

The challenge is to number the transactions so that the derivation index is in line with the transaction itself and can be recomputed after even after some disaster recovery (from on chain data, most likely).

The use case for the machine attestation will be as follows. The machine attestation request to the data to the serivce locks as follows:

• the machine identity for rddl.network (liquid addr, planetmint addr) (multiaddress)
• the machine owners identity for rddl.nework (liquid addr, planetmint addr) (multiaddress)
• the machines lifetime value
• the machines purchase value
• the machines maintenance costs
• the envisoned shareholder structure: how many tokens should be issues as machine shareholder tokens.
• attest an insureance policy refering to the machine

Planetmint:
The service will create an NFT with it's own identity (service identity / per attestation request) on planetmint. The NFT will contain all the above mentioned data in the asset field of a planetmine cerate transaction.

Liquid:
The service will issue the requests amount of shareholder tokens on liquid and transfer all of them to the machine owners rddl.network identity.

@jmastr @nmarcovici : we need to take the following actions:

1. deploy libwally on all the hw-03: (will be installed at /usr/local/lib:
   • git clone https://github.com/ElementsProject/libwally-core.git
   • cd libwally-core/
   • git checkout release_0.8.6
   • git submodule init
   • git submodule sync --recursive
   • git submodule update --init --recursive
   • ./tools/autogen.sh
   • ./configure --enable-debug --enable-export-all --enable-swig-python
   • make
   • sudo make install
2. create a version for 0x21e8 - DONE: https://pypi.org/project/x21e8/
3. deploy a version of 0x21e8 instead of pulling the repository.

test

Symmetric Key Derivatoin (SLIP 21) will enable the RDDL-devices to utilize a different symmetric key per transaction and thereby increase the security management around encrypted transactions.

The challenge is to number the transactions so that the derivation index is in line with the transaction itself and can be recomputed after even after some disaster recovery (from on chain data, most likely).

Symmetric Key Derivatoin (SLIP 21) will enable the RDDL-devices to utilize a different symmetric key per transaction and thereby increase the security management around encrypted transactions.

The challenge is to number the transactions so that the derivation index is in line with the transaction itself and can be recomputed after even after some disaster recovery (from on chain data, most likely).

This epic is all about µ-Investent management.

1. The community devices have to be connected to the local element nodes
2. the 0x21e8 token issuance will be delegated to the local elements node
3. The local elements node will hold and contian the liquid master key. Processes to backup/restore such seeds need to be established.
4. The 0x21e8 and rddl-client shold be enabled to receive and send liquid and planetmint transactions/assets.

To be filled in by Jurgen for work this Sprint:

1. Uploading Tasmota firmware to Sonoff that can sign payloads. To be done by Tom, Stefan and Maurice.
2. Reading from Sonoff the consumed watt amount of the laptop and turning this data into a Planetmint transaction. Then connecting the CID result of this transaction to a resolver so that we can showcase the watt amount when exploring the transaction online. To be done by Stefan and Jürgen.
3. To better demonstrate the trust anchor, we will also put a TA outside the Sonoff casing. This TA will be attested the same way the Sonoff device internally is attested - both will share the same mnemonic phrase. To be done by Tom and Juergen-
4. verify the endpoint to verify if the CID content got signed with a given public key/TA verify.rddl.io

rddl-network HW-03 are expected to contain 2 Trust Anchors:
- trezor-crypto trust anchor
- libwally-trust anchor
- both are initialized with the same mnemonic phrase
- the liquid node will also be initialized with the same mnemonic phrase

This is meant to be a prototype for the software-based Secure Element.
This will be used to verify the integration and the use cases. An embedded version will be integrated thereafter.

** mnemonic **

• create mnemonic
• backup mnemonic
• restore mnemonic

** signing, verification & address generation **

• get address for HD derivation path: exp. input: (chainid, account, return address = (0|1), index)
• sign real transaction for a given derivation path, exp. input: tx-details, (chainid, account, return address = (0|1), index )
• verify a message & signature pair with a given public key, msg/Tx, signature, public key , chainid

Initially, support for Liquid and Planetmint is needed.
Planetmint chain id: 822
Liquid chain id: 1776

The goal is to have an SDK that is used by the 0x21e8 service and the Car Wallet so that they can both be initialized with an mnemonic phrase and thereafter start signing transactions (liquid,planet) == rddl.network

The developed python trezorcrypto lib computes too short public keys for planetmint.

Situation

all of this is commited to:
In the branch trezorcrypto https://github.com/RiddleAndCode/0x21e8/tree/trezorcrypto
we utilize the trezorcrypto library of https://github.com/RiddleAndCode/wallet2/tree/trezor_crypto_cython/crypto (the most recent trezor wallet , branch: trezor_crypto_cython)

How to reproduce this

prepare

please prepare the environment as follows:
https://github.com/RiddleAndCode/wallet2/tree/trezor_crypto_cython/crypto

launch the app

how to launch the app is documented here https://github.com/RiddleAndCode/wallet2/tree/trezor_crypto_cython/crypto

The API docs can be found at
open a browser and type http://localhost:8000/docs

reproduction command

a reproduction of the issue can be done by executing the following curl command:

curl -X 'POST' \
  'http://localhost:8000/issuetokens' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "strisdfsadfng",
  "ticker": "strasdfsdfing",
  "amount": 212232,
  "precision": 0
}'

The error log

Traceback (most recent call last):
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/uvicorn/protocols/http/h11_impl.py", line 366, in run_asgi
    result = await app(self.scope, self.receive, self.send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/uvicorn/middleware/proxy_headers.py", line 75, in __call__
    return await self.app(scope, receive, send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/fastapi/applications.py", line 261, in __call__
    await super().__call__(scope, receive, send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/applications.py", line 112, in __call__
    await self.middleware_stack(scope, receive, send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/middleware/errors.py", line 181, in __call__
    raise exc
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/middleware/errors.py", line 159, in __call__
    await self.app(scope, receive, _send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/exceptions.py", line 82, in __call__
    raise exc
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/exceptions.py", line 71, in __call__
    await self.app(scope, receive, sender)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__
    raise e
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__
    await self.app(scope, receive, send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/routing.py", line 656, in __call__
    await route.handle(scope, receive, send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/routing.py", line 259, in handle
    await self.app(scope, receive, send)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/starlette/routing.py", line 61, in app
    response = await func(request)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/fastapi/routing.py", line 227, in app
    raw_response = await run_endpoint_function(
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/fastapi/routing.py", line 160, in run_endpoint_function
    return await dependant.call(**values)
  File "/home/juergen/develop/0x21e8_test/0x21e8/0x21e8/./main.py", line 59, in issuetokens
    tx = plntmnt.transactions.prepare(
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/planetmint_driver/driver.py", line 248, in prepare
    return prepare_transaction(
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/planetmint_driver/offchain.py", line 126, in prepare_transaction
    return _prepare_transaction(
  File "/usr/lib/python3.9/functools.py", line 888, in wrapper
    return dispatch(args[0].__class__)(*args, **kw)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/planetmint_driver/offchain.py", line 45, in _prepare_create_transaction_dispatcher
    return prepare_create_transaction(**kwargs)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/planetmint_driver/offchain.py", line 192, in prepare_create_transaction
    transaction = Transaction.create(
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/planetmint_driver/common/transaction.py", line 655, in create
    outputs.append(Output.generate(pub_keys, amount))
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/planetmint_driver/common/transaction.py", line 401, in generate
    ffill = Ed25519Sha256(
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/cryptoconditions/types/ed25519.py", line 44, in __init__
    self._validate_public_key(public_key)
  File "/home/juergen/.local/share/virtualenvs/0x21e8-93IsVed1/lib/python3.9/site-packages/cryptoconditions/types/ed25519.py", line 55, in _validate_public_key
    raise ValueError(
ValueError: Public key must be 32 bytes, was: 28

• one trust anchor with libwally upon to sign liquid transactions
• one trust anchor with trezor-crypto upon to sign liquid transactions

Symmetric Key Derivatoin (SLIP 21) will enable the RDDL-devices to utilize a different symmetric key per transaction and thereby increase the security management around encrypted transactions.

The challenge is to number the transactions so that the derivation index is in line with the transaction itself and can be recomputed after even after some disaster recovery (from on chain data, most likely).

we need to setup testcases and verify if this works as expected.

create asset with amount 10
transfer 5

verify that 5 are still in the original address.

The attestation workflow will be added at:
@app.post("/machine-attestion")
input is

• metadata : if we get an json object we do ipld.multihash( ipld.marshal( json-object) )
  otherwise, we will verify if the received string is IPLD compatible (@eckelj will update on
• attestation on liquid (with metadata) -> token-address
  1. Name of the asset (e.g. RDDL-Token)
  2. Ticker symbol (e.g. RDDL)
  3. Reference web-domain of the machine owner (well-known entry that works like a soft-KYC)
  4. asset amount
  5. re-issuance : yes / no
  6. precision: natural numbers or decimals (0 means 8 post decimal places, 8 means natural numbers, 7 means 1.0 …. 1.9)
  7. IPLD hash reference (if Planetmint attestation is done first)
  8. metadata on plntmnt as IPLD hash
• attestation on planetmint:
  1. Liquid hash reference (if Liquid attestation is done first)
  2. IPLD to metadata
  3. machine ID (public key of the SE050)
  4. primary liquid public key
  5. primary planetmint public key

the following json object should be the input for the attestation:
https://www.notion.so/riddlecode/Machine-Attestation-b5956ab981504785a328b175593c343a#a450a6949ec74ff094f210fe758f9e7a

{
"asset name": "",
"ticker": "",
"public url": "",
"amount": 1000,
"re-issuance": True, False,
"precision": 0-8,

"metadata-IPLD": "ipld string",
"machine id": "machine identity of the secure element",
"LBTC pub-key": "m/44/LBTC/0/0/0"
"PLNTMNT pub-key": "m/44/PLMNT/0/0/0"

}

• 15 trust anchor with libwally upon signing liquid transactions
• 15 trust anchor with trezor-crypto upon signing liquid transactions

This epic is all about a software-based SecureElement SDK for adapt3r.

The goal is to utilize a simple SDK to integrate an HD wallet into a project with the goal to sign both: planetmint (ed25519) and liquid transactions (libwally and realted libraries e.g. sample C integration in trezor-mcu )

Why that? We want to ease integration for PoCs and easier switch to HW-based secure elements like SE050 later on. This could be a library that could be used for a potential riddle.network users that want to test a potential solution.

First Integrations: This should be integrated into Car Wallet and 0x21e8 so that we reduce frictions and align on how we design HD wallets.

iterative approach:

1. First we want to have sample python SDK with libwally and planetmint support. (@FiratBerkCakar please discuss with @strahinjagolic if he is able to integrate a python version into his solution or not)
2. thereafter we create a embedded version to support a deeper integration

Symmetric Key Derivatoin (SLIP 21) will enable the RDDL-devices to utilize a different symmetric key per transaction and thereby increase the security management around encrypted transactions.

The challenge is to number the transactions so that the derivation index is in line with the transaction itself and can be recomputed after even after some disaster recovery (from on chain data, most likely).

The goal of the epic is to provision the service

• with a mnemonic phrase (12 or 24 words).
• get a mnemonic randomly created (12 or 24 words)

Initially, this will be done in software only, thereafter we migrate this to the SE050.
So an endpoint /provision is added with /provision?words={12|24}