The Bytecoin Team is proud to present Bytecoin Zero, a browser wallet for the Bytecoin platform. This software allows users to open their Bytecoin wallets and transfer BCNs straight in the browser without requiring desktop-class software. It is unique in that it bridges two technological aspects previously thought incompatible: the convenience of browser-side applications and the security of running a native desktop app. In this article we will look into why such technology is necessary, how it works and how users can benefit from it.
The origin of Bytecoin
Envisioned as a means of anonymous value exchange, Bytecoin started off with a structure similar to Bitcoin, which is made up of several technologies beautifully tied together:
- a ledger that is basically a database of who-owns-what;
- a network of nodes that all keep a copy of the ledger and share it via peer-to-peer protocol;
- a cryptographic Proof-of-Work algorithm that allows nodes to decide who can update the ledger, and secure it from illegitimate modification.
Bitcoin has changed the way we see value exchange and gave birth to a whole new industry.
However, such a design has one major flaw - the information in the ledger is available in plain sight for everyone to examine. Bitcoin does not store personally identifiable information per se, but if anyone were to identify that a certain address belonged to you, they would be able to trace all value movements to and from your address and potentially calculate the volume of your assets.
Trying to make up for this shortcoming was the motivation behind Bytecoin - to create a fully anonymous blockchain value exchange system. Bytecoin acheived this by employing an assortment of cryptographic technologies to conceal the information in the ledger and the origin of the coins in a transaction. At some point it required unconventional approaches, like using elliptic curve ring signatures to obscure the coin that is being spent.
As a result, with Bytecoin all users still keep a copy of the ledger, but can only decrypt the transactions that belong to them. In addition to security-related differences, Bytecoin improved upon other aspects of using a cryptocurrency when compared to Bitcoin. For instance, the difficulty parameter, which describes how much computational effort one has to make to mine a block, is recalculated every block, compared to the two weeks it takes with Bitcoin. This allows for fast adaptation to a changing network hashrate.
While such a technological model is secure, it puts some requirements on using Bytecoin. In order to take full advantage of Bytecoin’s security, a user has to run a node, which is to have a complete copy of the blockchain (which at the time of writing this article is around 30GB) and run the native desktop software. Such a setup is not the most convenient, but it allows for completely decentralized and anonymous value exchange, a limited commodity in the modern world.
It is worth mentioning that there is a workaround to the first requirement: a user has the option to connect to a remote Bytecoin node they trust. Such an option allows users to request blocks from a remote machine, instead of a local copy of the blockchain, potentially saving storage space. In such a setup the remote node is responsible for checking the correctness and legitimacy of the newly-mined blocks and the connecting node just requests the blocks to find the funds that belong to the connecting node owner.
Web wallets and centralized trust
Web wallets were a logical step in the development of cryptocurrencies. Their appearance was a result of the ongoing effort to make cryptocurrencies more convenient to use. While the advantages of using a cryptocurrency in the browser are obvious, the technical structure of such platforms is not always so. It is crucial to understand how a system functions in order to be confident in its safety.
Most cryptocurrency web wallets in use today are so-called hosted wallets. In such wallets a user’s private keys - the most crucial info that can be used to view/spend user assets - are stored on the web wallet’s servers. It goes without saying that by using such services a user has to agree to take the following risks:
- the organization behind the hosted web wallet has full access to the user’s keys and, consequently, to their assets in the web wallet;
- in addition to the previous point, the user themselves might not always have access to their keys;
- the user has to trust the wallet’s operation is secure and protected from external breaches;
- the user has no way of verifying the behavior of software that makes up the web wallet, even if it is open-source.
In other words, web wallets are similar to internet banking services with one major difference: the legal landscape behind cryptocurrencies is not well-formed yet and differs from jurisdiction to jurisdiction. Even if the organization behind the web wallet is a registered legal entity and the web wallet has a corresponding digital domain certificate, there is no certainty that a user would be legally protected should a conflict arise.
Of course, the aforementioned information should not discourage users from using web wallets. First of all, if a user is comfortable with such a security model, there should be nothing stopping them from using web wallets. People have different reasons for using cryptocurrencies and their security needs vary as well. Secondly, there are several well-established names in the web wallet market and there are reasons to believe they would be interested in keeping their names clean.
What is important is that a user should be aware of the risks inherent to the security model of the product they use.
Of course one cannot go on without mentioning mobile apps as a prospective domain for the cryptocurrency software. They indeed have multiple advantages when compared to web wallets:
- dedicated isolated storage space in the phone’s memory;
- rapidly increasing performance of smartphones;
- presence in user attention spectrum.
However, mobile wallet apps are not far away in terms of security from hosted web wallets. As it is with web wallets, mobile apps are a centralized technology. For instance, there is no secure way of running a custom built app on iOS devices: an app can only be distributed via Apple’s App Store and that brings the following limitations:
- an app has to be verified and approved by the app store’s vendor. Typically, this is a good practice, however, the status of cryptocurrencies on these platforms is not firm, so it may be difficult to publish or push an update to a crypto-related mobile app;
- consequently, an app can be suspended at any point in time by the app store’s vendor;
- by using the app store, a user essentially trusts a third party: there is no way to verify an app’s source code or any facts of its modification;
- and more importantly, the app store’s vendor is subject to local legal prosecution. If any conflict should arise involving government, the app store vendor would be obliged to comply. This case is of specific importance to anonymous, egalitarian cryptocurrencies.
Of course, it is crucial to mention that the same security principle can be applied to mobile apps: if a user fully understands the security model of the service provided, it is up to them to decide whether to use it or not.
We at Bytecoin have observed these limitations and wanted to push the envelope further in that regard; we wanted to design a product that combines the convenience of web apps and the security of native desktop software.
Today we present Bytecoin Zero, an end-to-end, secure Bytecoin wallet. This wallet allows users to safely receive and send money from their Amethyst wallet file, right in the browser. Bytecoin Zero’s main advantage is safety and it stems from its technical implementation. Basically, it is made up of safe and tested Bytecoin Desktop code that has been compiled to run in the browser.
In addition to porting Bytecoin’s core functionality to the browser, the Bytecoin devs have found a way to allow users to verify the safety and origin of Bytecoin Zero’s build right in the browser. We will describe this novel and unconventional approach in a later article.
Structure and safety
From a technical standpoint, Bytecoin Zero is Bytecoin software that has been compiled in WebAssembly and embedded in a web app. WebAssembly is an open technological standard that defines a portable binary code format for executable programs. Bytecoin Zero’s functioning can be better explained with a picture:
Bytecoin Zero runs on a dedicated webpage in the browser. In order to function it utilizes two external components:
- browser’s local storage - an isolated storage space that a page can request from a browser. Unlike a browser’s cache, local storage is not flushed when a page is force-reloaded. Bytecoin Zero uses it to store its database and wallet cache;
- remote Bytecoin node. Bytecoin Zero uses it to request the blockchain data, just like Bytecoin Desktop would when configured to use a remote node. All information is passed via JSON RPC API. Thanks to the remote node there is no need to keep a local copy of the blockchain.
It is crucial to point out that while such a setup is light-weight and does not require installing any software, no user’s private info is sent to the node - the operation is completely independent. While the remote Bytecoin node is responsible for storing the blockchain and checking the correctness and legitimacy of newly-mined blocks, Bytecoin Zero requests the blocks from the node and locally searches them for user funds.
We have designed Bytecoin Zero with several key concepts in mind:
- Zero-trust operation. The user does not need to trust their private keys to a third party, all cryptographic operations are made browser-side;
- Mobile-first approach. With so many platforms going mobile, Bytecoin Zero is designed to work on mobile devices first. It can be used to its full extent in a browser on a mobile phone;
- Adaptability. We are investigating the possibility of integrating Bytecoin Zero into the InterPlanetary File System (IPFS) to provide a way to verify the safety and integrity of Bytecoin Zero builds when running them.
We see Bytecoin Zero as breakthrough step for Bytecoin technology: it combines ease of use with comprehensive security. In the next article we are looking forward to describing Bytecoin Zero’s interface and some specific Beta testing nuances. Feel free to share your feedback in an issue in our corresponding GitHub repository.