Monerujo SideKick is an Android app which is a functional replacement for dedicated Monero hardware wallets. Although it is designed & built to be as secure as possible, it surely cannot match up to a dedicated device. In terms of OpSec, it is positioned somewhere between a dedicated hardware wallet and a regular hot wallet. In terms of UX is it positioned above dedicated hardware as we have a lot of computing power as well as screen real-estate on an Android device.
SideKick is run on a separate Android device without internet connectivity. It is a companion app to regular Monerujo. The SideKick holds the wallet keys and is never connected to the internet thus keeping the keys offline & safe. The regular Monerujo app is connected to a node but doesn’t have the keys. Monerujo communicates with SideKick when operations using the secret keys are necessary - like scanning the blockchain, creating and signing transactions or even creating subaddresses. This communication between Monerujo & SideKick is implemented over encrypted Bluetooth. Further development could include airgapped transport mechanisms between devices, like audio or 2D barcodes depending on viability.
The SideKick implements the Monero Ledger protocol which is also used for regular software wallets. And so, the SideKick is designed to be used with other Monero wallets (e.g. the official CLI/UI wallets) if the Bluetooth communication layer is implemented there.
Just like Monerujo, SideKick encrypts the keys at rest with a 256-bit random password.
As part of this project, Monerujo will deliver supporting and educational material with a focus on OpSec in this scenario.
The Monerujo Team who have been building Monerujo since 2017 and have been involved in numerous Monero Community Projects:
- Dev: m2049r
- UI/UX: baltsar
- Artwork and stuff no one else wants to do: anhdres
It’s at the core of Monerujo's ethos to put the most secure and powerful Monero wallet we can make into the hands of the people who need it the most. That’s our compass.
SideKick is in essence a DIY hardware hardware wallet - built on hardware people have lying around (often with broken screens and cameras). Creating a wallet that is safer than just storing keys on a device connected to the internet makes sense.
Hardware wallets are nothing short of centralized. Some are not even completely open source, so there’s a significant portion of trust involved there. It's also difficult to buy a hardware wallet from a company without leaving a trace of the purchase. It's not only the company which knows about it, but in the case of a data leak, it's the whole world. In other words, buying a hardware wallet signals the buyer as a cryptocurrency holder in a way buying a phone does not.
There are also social aspects. Buying a dedicated device could mean a very high price for a person in a developing country. Such a person could have worked for months to save maybe the equivalent of $100. Purchasing a hardware wallet and spending at least something equivalent, considering shipping and customs - if even possible - would make no sense. This means there's a gap in the security available to a first-world citizen and one that's not. Since mobile phone penetration is huge even in the poorest of nations, it opens a possibility to bring extra security to people living there as well.
Building the SideKick is also sustainable. We are consuming devices at a faster pace than ever before, and we could surely squeeze a bit more functionality out of that piece of plastic & precious metals which are already produced and owned.
We feel these principles align strongly with the Monero community. Decentralization, disruption, fairness and long term thinking are important guides of Monero's roadmap.
Proof of Concept
- Target Date: 2021-08-01
- Funding: 200 hours x 0.45 XMR = 90 XMR
- Target Date: 2021-10-01
- Funding: 120 hours x 0.45 XMR = 54 XMR
UI/UX Design & Supporting Materials (Docs, FAQ, Video, ...)
- Target Date: 2021-11-01
- Funding: 140 hours x 0.25 XMR = 35 XMR
Funding needed: 179 XMR