This is proposal for Milestones 5&6.
DOT/EUR exchange rate calculated as 5.8176 by EMA7 (EMA with 168 period frame) by Kraken
Our team proposes to design an open source hardware storage for dotsama ecosystem.
Please see complete proposal on Skiff
Project matrix room: #Kampela:matrix.zymologia.fi
See previous material here:
Project name is Kampela, Finnish word for flounder fish. The device is envisioned as flat card mostly consisting of e-paper screen and few controls (and it allows keys to stay safely in depth).
Kampela is a hardware version of Parity Signer. It is a small card-shaped device (ideally comparable to a credit card form factor, to be carried in a wallet when needed) that accepts data through unidirectional NFC port and shows output on a monochrome electronic paper screen. It has cryptographic strongbox with elliptic curves supported by Substrate — which only stores private keys (after initial import) and performs all signing operations on-chip.
Kampela is designed to be a comparatively low-cost (below €100, in contrast to €500+ for a Signer-compatible smartphone) single-purpose device, which would only support a single seed phrase per unit, operated via a drastically simplified user interface. However, it would have all the security features of Parity Signer: a full-featured SURI account derivation system, transactions preview, metadata updates, logging.
As something that supports the same QR code output formats as Signer, it would be able to drop-in replace Signer when providing signatures back to a mobile/desktop wallet. The only challenge would be in transforming the current QR-driven input format of Signer into a suitable NFC payload. Alongside with native support in some apps (which would require software modification) this can also be achieved with a tiny “translator” app for a regular (online, not necessary trusted — one’s usual daily driver) mobile phone: it would snap a QR code with the transaction details and (statelessly, without any extra features or complicated UI) transform that into an NFC payload.
Kampela is a natural (and long-discussed) extension of Parity Signer to leverage the most out of modern hardware-based crypto chips and drastically reduce Signer’s attack surface: no mobile OS, not extra platform features, no unexpected communication methods or airplane mode to take care of.
Kampela is not a wallet! It is a signing tool, it is not able to track on-chain balances, validate things over chain-provided information or generate transactions on itself.
The scope of this proposal does not include actual production, but does result in all preliminary development required for production. Hopefully, many assembly shops would rush in to compete with us and each other!
As these last milestones were listed out long time ago, it makes sense to clarify them now with more details on planned work and deliverables:
We have decided to leave RNG analysis out of scope, as that component of chip is indeed certified and tested upstream; implementing extra hashing over existing certified secure RNG device in an airgapped cold device with single baremetal app running does not seem feasible, as implementation error risks greatly outweigh probability of hardware attacks, as there is no path to pass exploit trigger event for an attacker; deploying simpler exploits that would make SE accessible to an attacker or make snapshots of onboard RAM, would be simpler for manufacturer to embed into hardware.