First I highly appreciate progress for grin ledger support.
At 09:21 i see verification of slatepack address on hardware wallet. (button pushed on Hardware wallet.)
But the Address seems to be irrelevant since it is not used on sender side or for transportation of slatepack message.
At 09:52 first slatepack message is copied from sender wallet to Ledger Live Desktop window. Continue button is clicked on Desktop window.
At 10:44 Desktop window suggests “you received 9.970156” and also shows slatepack reply without any need to push a button on hardware-wallet. If your consider the desktop as as (partly) untrusted the information passed from the trusted device to the untrusted device automatically. And user does not know if the wallet automatically tries to transport the slatepack reply back to sender.
I wished for a required action on hardware wallet button, before signed information goes from (trusted) hardware wallet to (partly untrusted) desktop application. But showing the User necessary information to decide, whether to sign or decline on the trusted screen.
Correct, user confirmation is only required on the hardware wallet when sending Grin and not when receiving Grin.
TradeOgre doesn’t support sending to a Slatepack address which is why I don’t use the Slatepack address in the video. Ledger Live Desktop only supports receiving Grin from manually entering non-encrypted and encrypted Slatepacks. The Slatepack address should be used by the sender if they want to encrypt the Slatepack and/or if they want the Slatepack to contain a payment proof.
Correct, Ledger Live Desktop uses the SRS workflow for sending and receiving Grin. This is the first step in that workflow.
It seems unnecessary to require user confirmation on a hardware wallet when receiving Grin since doing so doesn’t guarantee anything. Even after a Slatepack is “signed” by a recipient, malicious software could always send its own valid response back to the sender (if the Slatepack doesn’t contain a payment proof).
Currently, the only way that I know of to guarantee that a Slatepack was “signed” by the intended recipient is to have the Slatepack contain a payment proof. The payment proof allows the sender to verify the recipient’s Slatepack address after they receive the Slatepack response from the recipient. The recipient’s Slatepack address is verified by the recipient on their hardware wallet, and the sender is shown the recipient’s Slatepack address on their hardware wallet when approving the transaction if there’s a payment proof. The recipient’s hardware wallet creates the payment proof signature when receiving Grin, and the sender’s hardware wallet verifies the payment proof signature when sending Grin.
‘TradeOgre doesn’t support sending to a Slatepack address’, just curious by what you mean here, because I bought and sent Grin to my grin-wallet via TradeOgre few days ago with Slatepack copy/paste mechanism. So maybe you mean something else, but was curious to understand.
The Slatepacks generated by TradeOgre when withdrawing Grin can be receive by anyone since they don’t have a specific Slatepack address set as the Slatepack’s destination.
You can set a Slatepack’s destination when sending Grin with the CLI wallet by using the the optional --dest argument. When a Slatepack address is set as the destination, the Slatepack will be encrypted and contain a payment proof so that only the intended recipient can receive the Slatepack.
Understood, thanks. So if by huge mischance someone else get the Slatepack from TradeOgre and use it before you (not realistic situation though except if full laptop hacked already) they could receive it.
Yes, if someone else got your Slatepack from TradeOgre and sent their Slatepack response back to TradeOgre before you do then they will receive the Grin and you wont.
Anyone can create a valid response to a Slatepack if it isn’t encrypted and doesn’t contain a payment proof, and the transaction’s sender has no way of knowing who actually “signed” the Slatepack response if it doesn’t contain a payment proof.
It’s probably going to be several more months before MWC and Grin are added to the official Ledger Live Desktop. Ledger won’t merge a PR with my changes into Ledger Live Desktop & Ledger Live Mobile until Ledger finishes reviewing the hardware wallet app.
You can see where Ledger currently is in the review process here. They have limited resources when it comes to reviewing apps, so the process has been pretty slow so far.
Also, here’s all the changes that I’ve made to the hardware wallet apps and Ledger software since my last post. Huge thanks to the MimbleWimble Coin and Grin communities for suggesting several of these changes!
Requires user confirmation on the hardware wallet when receiving.
Hardware wallets shows a progress bar when creating Bulletproofs.
Sped up creating Bulletproofs on hardware wallets by about 10%.
Ledger Live Desktop/Mobile give the option to change a transaction’s base fee.
Ledger Live Desktop/Mobile show a syncing percent when adding a new account.
Fixes sending to and receiving from Grin++.
Fixes transactions being removed when clearing the cache in Leger Live Desktop/Mobile.
Implemented several optimizations to reduce syncing times.
And with that, everything required by Ledger to add MimbleWimble Coin and Grin support to their official Ledger Live Desktop and Ledger Live Mobile releases is now complete Now we just have to wait for Ledger to finish auditing the code and merging in the changes. However, based on how slowly Ledger seems to operate, I’m not expecting this to happen anytime soon.
Should I ignore the MWC update available in Ledger Live desktop? I’m using the custom Grin integration with the installed MWC/Grin apps via the tutorial. I’m not sure if updating Ledger Live’s version of MWC will break the integration. Thanks!