Hey all - I'm Roneil, one of the cofounders of Audius. We built Hedgehog to solve a specific pain point we faced - how can we get non crypto-native / non-technical users to sign up for a decentralized app? Current onboarding flows using Metamask and other alternatives were too cumbersome, time-consuming, and restrictive for our needs. We needed a way to generate a wallet on behalf of a user without them even knowing crypto was operating behind the scenes.
Hedgehog lives in your front end Javascript code. A user enters a username (or email) and password, which is used to secure a set of encrypted auth artifacts that are generated client-side and stored in the browser’s localStorage / on your (the application developer's) server. In this way, the encrypted auth artifacts can be retrieved and consumed on secondary devices without centralizing custody and control of the private key.
If the centralized server hosting the keys goes down, users can continue to access their wallet on the devices they already have. If the centralized server is compromised or operated by bad actors, the resources required to decrypt a stored auth artifact would be immense. However - this is why we recommend using Hedgehog only in low-to-no financial value use cases.
This approach is not without tradeoffs - but for the right use-cases we believe this will provide a needed alternative.
Assuming you've seen that project, how does Hedgehog compare?
Do you have recommendations on handling the initial funding of a wallet, especially for your target market of non-technical users? (after they have the wallet, how do they obtain ETH or other tokens to get started?)
We haven't seen that before, looks cool! The approach may be similar, but we packaged Hedgehog as a standalone / documented library to be consumed directly by developers. In looking briefly I wasn't able to ascertain how the private key is stored / propagated between devices in his model so it's hard to comment more precisely.
The approach we've taken at Audius on initial funding is to avoid funding the wallet entirely - we use EIP-712 signatures combined with a trustless transaction relay service that pays gas / submits EIP-712 signed transactions on-chain on behalf of users. In this way, the user wallet never holds any tokens but is still used to secure access to their account. We'll be open-sourcing our contracts and infrastructure code soon, but here's a good public example of this model in action: https://github.com/hellobloom/core/tree/master/contracts
That said, other folks may decide to use Hedgehog differently - perhaps you integrate with something like Wyre (https://www.sendwyre.com/) to help users fund their wallet client-side without knowing that crypto is there.
Probably late summer / early Fall! Want to make sure the developer experience is high-quality at time of open-sourcing, but we're testing now / onboarding artists in a private beta.
Very similar from a meta-transaction standpoint, but ours is simple and centralized (albeit trustless due to the tx signing model). This is much cooler!
Hey Roneil, I'm really new to crypto development and I'm having a hard time finding crypto communities for developers (the one who builds stuff). I've checked out eth's forum but it's not really developer focused, it's too general.
Where do you usually hang out? I would like to learn more about building crypto stuff and would like to participate in a community. Can you point me in the right direction?
Thank you!
PS: I have completely no idea what Audius is about, but it sounds cool. Good luck!
Hi there! Unfortunately I haven't found any high-quality online communities of crypto builders - most of my connections to other folks building are offline / irl. Would encourage you to attend local developer groups to get to know others in the space!
There are tons of helpful resources online though, as lots of folks write tutorials and other things. Googling most problems you face will yield good results.
Oh wow that's really unfortunate. I met some crypto people locally but almost all of them are trading focused. I also attended some "blockchain events" but most of them are just people shilling their coins/how to become a better trader.
Maybe I haven't tried hard enough finding the builders.
Thank you Roneil, and good luck on your endeavors!
Sorry to hear that - I've had good experiences in the past at Hackathons and other developer-focused events rather than general "crypto" or "blockchain" events.
It looks very cool. Just skimming the documentation, there isn't anything on how to perform actual wallet functions, or whether encrypt/decrypt data using public/private keys is available (which is something I'd find super useful!). Am I missing it, or is it just a matter of looking through the code?
Thanks for making something as cool as this open source!
Has there been any thought as to how the REST API + database side of this could be replaced with ipfs/swarm? I'm not sure how it would work, and there would likely be additional trade-offs, but it would be nice if the "D" in DApps could be retained in full.
There has! This could be a great approach - eg. a network of folks committed to supporting users in this manner could operate IPFS nodes that re-pin the encrypted keys.
We are also thinking about offline ways to share the key such that the centralized side is not required - eg. a QR code displayed on one device and scanned by another to propagate the wallet. This creates a problem if a user loses all of their devices though.
I'm part of the team that develops the Embark Framework and it would be awesome to rehash our decentralized Reddit tutorial using a fully decentralized Hedgehog.
As for the QR code getting lost, that's a good point, but the user could always be encouraged to make a physical copy and keep it in a desk drawer, and/or store it electronically somewhere else (e.g. Dropbox or 1Password) "just in case".
Maybe hit us up via GitHub or Gitter or Twitter if/when Hedgehog provides a fully decentralized option/s (as discussed above). At that point I think the Embark team would be really excited to leverage it in a new or refreshed tutorial series.
Awesome job! I love that you are addressing the UI/UX challenges of non technical users. Have you considered some type of integration with Keybase's social proofs and paper seed QR code for cross signing and revoking keys? I'm part of a research cohort hosting a month long series of workshops and hackathons on making emerging Web3 capabilities more accessible, at NYU ITP Camp in NYC in June. Perhaps we can play around with something. Will dive into the code for inspiration. Thanks for this great project!
We did not want to require use of Keybase to use our dapp Audius, though I could see it making a lot of sense to offer a keybase integration as a potential option.
FWIW, Audius still supports Metamask too - web3 is all about giving users choice from our perspective.
Right now Hedgehog is specific to the Ethereum account model (eg. POA network and others use this too), but there's no reason the approach couldn't be extended to work with other chains.
You could replace the use of 'ethereumjs-wallet/hdkey' with any other chain wallet library if it is compatible with the BIP-39 style HDWallet structure. Bitcoin and many other blockchains have compatible libraries that could be substituted easily!
There is not - this is the biggest deficiency of Hedgehog today. Without centralized custody of keys, it's not possible to have someone prove their ownership of a given key to a centralized party in order to unlock it. The key is encrypted, so the application provider nor anyone else can decrypt it without the user's username/password combination. This tradeoff is both a good thing and a bad thing in our view.
That said, there is a mechanism for changing your password if you are already signed in.
We are considering some mechanisms for fallbacks, eg using a threshold cryptosystem with multiple private keys and a 1 or 2 of n requirement, such that if a user forgets the way to generate one of the n keys they may still remember a way to generate the other(s). If you're curious, more on these schemes here: https://en.wikipedia.org/wiki/Threshold_cryptosystem
We feel these tradeoffs make sense to enable more mainstream adoption of cryptocurrencies, but they are tradeoffs; for certain types of applications the cost of losing control of an account is too high for this approach to make sense.
This is so badly needed in the Ethereum space. Metamask is a massive drag and a known onboarding blocker -- Hedgehog seems like a huge leap forward. Congrats team!
The hedgehog library is completely unsafe considering that any third party library or browser extension loaded in the website using the SDK can loop through localStorage to read the entropy value therefore recreating the hd wallet and stealing the user's account.
This is why FinneyFor uses an iFrame to keep the private key safe in localStorage only accessible from JS running on the same domain. FinneyFor uses postMessage to communicate between the parent frame when payment is processed, so you get the benefits of creating transactions in any kind of browser, but none of the risks as the parent rightfully points out.
This is why we recommend that you audit all 3rd-party Javascript in your app for accesses to localstorage, and avoid sourcing 3rd-party javascript from uncontrolled origins (the code could be switched out from under you if it is not baked into your application)
The post message model is an interesting one - we looked into designing Hedgehog in that way, but decided it ultimately did not help solve this issue and created unnecessary complexity. If you include Javascript from libraries or other origins on your page, eg. Google Analytics, that Javascript could still post-message into your iframe.
Perhaps we are wrong here though! Is FinneyFor open-source? Would love to see how this is implemented.
We don't have any other js libraries on FinneyFor so there would never be that problem.
Auditing the source code of all libraries is a tall order. And, even if you don't find a bug, there still might be some that someone else could exploit with bugs in your code and the js libraries.
Looks compelling, been waiting for something like this to come along. Built a couple dapps with Metamask and the popups and mnemonic phrases and browser extension installation were a serious UX issue that had no real workaround and seemingly no timeline for improvement. AFAIK, development seems to have slowed or stopped entirely on Metamask? Will try working with this and share any feedback. Nice work guys, thanks for moving the space forward
MetaMask is actually working hard on these problems, and building faster than ever, but they're big problems that aren't trivially fixed in a point release. You can expect some big announcements this summer.
The UX of the wallet being one difficulty for adoption. There are other even bigger reasons (in my opinion) - variable mining fees per transaction being a large one.
lol I made an account just to add this reply. Are you familiar with EIP 1559? There are solid efforts currently ramping up research to change the fee market from an auction to a flat fee:
The existing issues with ETH are why we currently use POA network for the Audius private beta. POA network has its own set of issues, but the 1) fast transaction confirmation time, 2) low fees, and 3) lack of congestion make it a great testbed for us.
FWIW, Hedgehog works with any web3-compliant API, in our case core.poa.network but could be any other one of developer's choosing eg. Infura
True - was answering the general case of password change, eg. some folks like to rotate passwords every so often in the absence of a known leak or breach.
In the case of a compromised password the entire wallet should be abandoned.
Hedgehog lives in your front end Javascript code. A user enters a username (or email) and password, which is used to secure a set of encrypted auth artifacts that are generated client-side and stored in the browser’s localStorage / on your (the application developer's) server. In this way, the encrypted auth artifacts can be retrieved and consumed on secondary devices without centralizing custody and control of the private key.
If the centralized server hosting the keys goes down, users can continue to access their wallet on the devices they already have. If the centralized server is compromised or operated by bad actors, the resources required to decrypt a stored auth artifact would be immense. However - this is why we recommend using Hedgehog only in low-to-no financial value use cases.
This approach is not without tradeoffs - but for the right use-cases we believe this will provide a needed alternative.
Happy to answer any questions you all have!