Programmable Wallets

Imagine adding a scripting language to Grin.

Not to the consensus model, where it causes undesirable complexity and attack surface, but to the wallet.

Imagine script support for all the primitives MW can make use of: things like key derivation, nonce generation, signing, key/nonce/signature aggregation, bulletproof generation (single and multi-user), absolute and relative height locks, adaptive signatures, input selection, fee negotiation/splitting, payment proofs, storage of partially signed transactions for possible future use, and more (building self-spend mixing onions?!).

Such a programmable wallet would have to make use of programmable slates as well.

Scripts would roughly correspond to protocols, enumerating the various states that the protocol can be in, and how to transition between them.
The language would have to make it easy to reason about script behaviour, and make it hard to form nonsensical scripts. Being strongly typed and declarative could help in this regard.

With such a scripting system in place, adopting new functionality, like payment channels, could be a simple matter of installing a new script of a few dozen lines of code. Something that’s much easier to audit than a big PR of the wallet codebase.

Design of such a scripting system would be a huge undertaking, and take years to crystallize. The good thing is that we need not design for perfection. If a better design becomes available, then we can migrate away, and in due time would no longer have to keep any support in place for the old one. This is even easier if accessibility of the system is limited to testnet until it has proven fit for purpose and reliable for a few years.

Do you think this is a worthwhile pursuit?

Do you see any downsides, beyond the huge design challenge and development effort required to implement this?


Not sure I understand this part. Would it have op codes like Bitcoin script? Would the script be committed to onchain?

That’s basically what I’m trying to achieve with mimblewimble-py - a scriptable MW. Check some code samples here.


No, scripts would not be visible at all on-chain. Installing the scripting into the wallet would not require any hard fork.

1 Like

I see, so a way to define custom wallet behavior without wallet upgrades and in a way that can be shared with others. I think that’s a good idea long term. I suspect users would need to backup the state to know the role of their outputs on wallet restore.

Sounds interesting and i like the idea because it’s off-chain, so it keeps the core simple but enables easier and safer development of new off-chain things. I would view these small pre-made scripts as axioms and then it all becomes about script composition. I feel like in most cases having such design is a good idea (clean and mathematical). It’s probably a lot of work to go through many iterations of improving the scripting design though, fortunately grin has time

Since you guys start to bring up using it for off-chain solutions.

As an inspiration for scripting and custom transaction building, I recommend checking SnarkyJS from Mina Procotol. It is an off-chain smart contract framework based on zk-SNARKs that is using kimchi proof system for contract resolution.

Replace kimchi zk-SNARKs with bulletproofs or adaptor signatures with satisfiability circuits and we could have an off-chain smart contract framework that is safe (cancellable if all parties mutually agree) and does not require any hard-forks or changes in the protocol.

This makes me wonder if defining elements like regular output, multisig output (including multi-BP) etc. and allowing users to describe a flow/scheme with them could allow us to express atomic swaps with a script rather than having it be hardcoded in a wallet? Then if someone finds a more efficient scheme (e.g. SAS), perhaps we could just describe the a new scheme without any wallet release.

Sounds very promising !

I’m currently funding a social network.

I’m using the grin paper keys as login mechanism.

I call it S.P.A.M
Seed phase authentication mechanism.

But if we had a programmable script wallet with browser. I think the sky would be the limit.

I was going to mention the various flavours of atomic swap as an example where you could provide a script for each one, but then decided not to because atomic swap is a cross-chain protocol that likely requires more than a script on the other side.


Oh right, I forgot about the other side. I guess the other examples could be:

What’s fun is that you’d have no way of knowing what’s going on when looking at the mempool or chain. It would be really neat if these things (and more) became scriptable.

1 Like

theoretically even regular transaction building process (eg. srs/rsr/contract) could be defined as a script


Yes, the idea would be to move all possible protocol logic out of the Rust codebase and into script.


you mean only wallet protocols or also node protocols (eg. block validations)?

I mean only the wallet protocol for transaction building.

1 Like

I really like this idea. I have two requests I hope others would agree:

  1. use a composable stack based language, like lisp
  2. separate any handling of key material in a way that could easily be performed externally on a hardware wallet

Would you provide a high-level design of such scripting language? What kind of methods would you like and definition of context (if any).

I will be happy to include such interface in mimblewimble-py.


Stack based languages are not known for strong typing (nor is lisp, which I do not consider a stack based language), which I think is desirable. I personally like the approach of parser combinators [1], which I think offer great composability.

That’s a worthwhile goal indeed.

[1] Parser Combinators: a Walkthrough

1 Like

i agree, parser combinators seem like a good solution, but how would you run that on a mobile?

@tromp do you have this idea formulated well enough to take to RFC, or is this something you’re hoping others will take up? I’m very interested in this idea