Interchain Ledger App Brief

Current State

The vision Cosmos has laid out of hundreds of blockchains in a single ecosystem interacting with each other is becoming a reality.
25 Cosmos SDK chains have IBC enabled, more chains adding IBC support every week. Cross-chain interactions are becoming more commonplace.
Using a hardware wallet is one of the best steps a crypto user can take to harden security to prevent hacks and loss of funds.
Existing Ledger security thought process conflicting with Cosmos.

Problems

Legacy issues with Amino JSON
- Current Cosmos app only supports signing Amino JSON
- Proto signing application will need to be released
  - Signmode textual ADR(link) led by Regen Network team
  - Is signmode textual acceptable for Ledger's standard?
    - What are some potential concerns?
- Confusion for web app developers around two different signing methods on Cosmos, with various levels for compatibility across SDK versions and Ledger support
Lack of standardization on cointype
- Uses Cosmos Hub cointype: Cosmos Hub, Osmosis, Regen Network, Akash, etc
- Uses own cointype, but no Ledger app: Kava, Secret Network
- Uses own cointype, with own Ledger app: Terra, Desmos, Persistence
Barrier to entry for good security practice (using a hardware wallet)
- Unsustainable to expect users to install 20 Ledger apps to interact with the Cosmos application-specific blockchains
Unclear definition of what the 'Cosmos app' is
- Is it the Hub? or the entire ecosystem?
Lack of composability vs lack of privacy
- Composability
  - I don't need to install a 'MakerDAO' app to interact with the MakerDAO smart contracts, why do I need a 'Alice Chain' app to interact with the Alice Chain app?
- Privacy
  - I didn't realize that using a common cointype across Cosmos blockchains meant someone could link my addresses across Cosmos blockchains
If solutions are proposed to above problems, will they apply to other hardware wallets?

Discussion points

Implication of 'one chain, one BIP44 cointype' to prevent replay attacks
- 'What is a chain?'
- How does Cosmos prevent replay attacks, and is it enough?
What is the role of the wallet?
- Keplr's perspective
  - Private key management (not storage)
  - Show content of transaction (ETH contract signing?)
  - Application interface
Ledger Live support

Goals and Objectives

Coming to a common acceptable specification with considerations for good practical security and interchain UX across various stakeholders
Signal standardization across Cosmos ecosystem chains (opt-in basis)
Ship interchain-focused Ledger app
Document thought process, decisions and share conclusion to guide future decision making

Examples / User stories

Agoric is launching with their own Ledger app because the current Cosmos app can't provide signing for offer-safety. But if 'sign mode textual' was available, Agoric would be happy to use a common 'Cosmos' Ledger app
Desmos has launched a new chain with an airdrop that token holders need to prove ownership of a foreign chain address. The process was confusing for users as Keplr wallet only supports the Cosmos Ledger app, but no the Desmos Ledger app
Users of Secret Network that imported their previously extension-wallet-managed mnemonic to their Ledger Nano S (bad security practice?) has realized that they can't access their existing funds. After research and help from the community, I realized I need to unstake all my tokens then transfer my assets to my Ledger address.

Stakeholders

Would like this list to include the least amount of stakeholders as possible to efficiently drive early-stage progress. Thoughts?

Interchain Foundation
- Interchain Foundation funding various core entities contributing to the research, development, operations, and maintenance of various products in the Cosmos ecosystem
Ledger
- The largest and the only hardware wallet that supports signing for Cosmos SDK blockchains
Regen Network
- Primary developer/maintainer of the Cosmos SDK
ZondaX
- Developer of the Cosmos Ledger app
Confio
- Developer of CosmJS singing library
Chainapsis / Keplr
- Developer of Cosmos wallet
Cosmostation
- Developer of Cosmos wallet

dogemos

2021/12/07 15:01:29

Proto signing application will need to be released - Signmode textual ADR([link](https://github.com/cosmos/cosmos-sdk/pull/10701/files)) led by Regen Network team - Is signmode textual acceptable for Ledger's standard? - What are some potential concerns?

Thanks for the heads up Amaury! Added link to the ADR and modified the content to reflect this. (Edited)

webmaster128

2021/12/14 09:24:55

Persistence

+ Starname (IOV) (Edited)

2021/12/14 09:45:43

Ship interchain-focused Ledger app

Not sure where it belongs really, but this is an important open question to me that people seem to be answering implicitly all the time: Can we have a single Ledger app with chain specific derivation paths? (there are ecosystems that prove yes and I wrote a spec talking about this in detail) (Edited)