Ledger Fresh: Our New Project To Enhance Your Web3 Experience

Ledger is built on world-class security. Smartcards are historic security technologies that we have improved to make them suitable for the next Internet era. 

Ledger has done so in three distinct ways: 

1. By removing the need to have a card reader to use a smartcard. It can now be directly connected to the USB port of a computer or used over Bluetooth. 

2. By providing an open Operating System, BOLOS (Blockchain Open Ledger Operating System) lets developers load their native code into the device and users pick applications from a thriving ecosystem. 

3. By adding a screen and buttons connected directly to the smartcard to prevent malware from changing the information displayed to the user or faking user consent, thus ensuring that What You See Is What You Sign. 

While security will always be our North Star, we collected feedback about Ledger devices and found a few user pain points:

1. Onboarding your Ledger Nano devices requires writing down a list of 12/24 words (the mnemonic) to back up the private cryptographic keys. This backup is critical to recovering the assets if the device is lost and for interoperability with multiple wallets. As those words unlock a lot of power and value, attackers are getting more creative in tricking users into giving them.

2. When using a Ledger device, the user always performs the same actions regardless of the transaction amount. This process can lead to fatigue and a lack of attention to detail for more important transactions. 

3. As users spend more time transacting cryptocurrencies, NFTs, and navigating Web3, they may move to different governance solutions (such as multi-signature) or plan for an inheritance. With current solutions, this is complex and costly as this requires moving all assets to a new wallet.

A Smarter Wallet. A Better Web3 Experience.

How to solve these pain points? A smart wallet that can run its independent logic lets users customize part of this logic. With Ledger Fresh, you can interact with DApps seamlessly without the need to approve all your transactions on your hardware wallet and without compromising on your digital security. If you’re a new user, Ledger Fresh will open the possibility to enter the Ledger ecosystem without a Ledger device while gradually increasing your safety as your usage grows. 

Here are a few scenarios on how Ledger Fresh could address the pain points we’ve just examined:

1. A revamped onboarding process. The new onboarding phase would let users register different devices to the smart wallet. The recovery phrase would only be used once if all devices are lost, after giving notifications on all possible media and a grace period to cancel the operation to the user.

2. Personalized security profiles. Smart wallets could set distinct security profiles. For instance, one profile for daily use cases and another for specific use cases. This process could be done through allowlists or more complex policies linked to sources of truth operated off-chain by the user.

3. Updatable standards. The smart wallet logic would be updatable/upgradable on the fly without moving assets to a new wallet implementing new features.

We’ll see next how the Ledger Fresh wallet is the ultimate smart wallet and which technical components it contains.

Ledger Fresh’s Building Blocks: Account Abstraction, FIDO, Starknet & Account Plugins

Account Abstraction

Account Abstraction is a long-term goal of the Ethereum ecosystem to use the execution capabilities of a blockchain to implement the account verification logic instead of just implementing the logic of applications. Account Abstraction replaces the traditional concept of accounts associated with keys by account smart contracts, making it possible to use custom verification logic (for example, different signature schemes) and to perform additional checks such as using an allowlist of contracts and functions. 

It has been partially implemented on Ethereum, with Argent pioneering its use since 2018. There are currently several competing specifications (EIP 4337, EIP 3074 and EIP 5806) being reviewed to move to full implementation, enabling, for instance, to pay for network fees using different assets (e.g any ERC-20 token), or define transaction orders.

Unfortunately, even partial implementations of Account Abstraction didn’t get a lot of traction because of the related network costs, notably when gas prices surged during Defi Summer in 2020 and then during the NFT era in 2021. This will change with a growing range of efficient L2 solutions aiming to reduce gas costs.

FIDO / WebAuthn

In 2012, FIDO defined a web-native protocol using cryptographic signatures to replace standard Second Factor Authentication (2FA) and One Time Password algorithms using a shared secret. While not protecting users against malware, FIDO helps solve phishing attacks and attacks targeting the server credentials database.

FIDO support was initially only provided by dedicated devices such as Yubikeys, but things got more interesting in 2019 when Apple and Google started including FIDO 2 (aka WebAuthn) support directly in their devices, with keys, signatures, and authorizations backed by the hardware security features of the platform – the Secure Enclave and Face ID for Apple, StrongBox and biometric authentication for Android.

We now have a solid and reliable cryptographic authentication mechanism available on most smartphones that can be used from the browser.

It would be great to use it as an everyday signer with additional restrictions in the user account contract. Currently, verifying WebAuthn signatures on-chain is too costly since the only curve supported by the FIDO2 compliant hardware solutions is secp256r1, the neighbor of Ethereum secp256k1; most chains don’t natively support it.

Starknet

Starknet is a scalability second layer released in 2021 by Starkware. It allows to compute more expensive transactions on that layer and only submit a brief proof of proper execution to be verified by the settlement layer of the rollup, Ethereum.

Given the substantial savings, Starknet uses an Account Abstraction model for all users. Interestingly, as Starknet execution model is not based on the Ethereum Virtual Machine, complex mathematical operations are also less expensive, and it is thus possible to implement a validation of WebAuthn signatures at the application level. Cartridge has pioneered this.

Thanks to Starknet, we can run an acceptable cost Account Abstraction model with several devices that can authenticate to the account smart contract, including smartphones implementing WebAuthn in the browser.

Account plugins

Account plugins are a flexible mechanism to extend an account smart contract logic with pluggable logic (plugin). The reference implementation is currently being worked on jointly by Argent, Cartridge and Ledger.

Account plugins allow updating mechanisms to validate transactions on the fly. Different signing mechanisms (such as WebAuthn) or security schemes (such as reduced signature friction for games or social applications with session keys) can be added to an account smart contract supporting the plugin architecture after it has been instantiated, without having to move assets or create a new wallet.

Ledger Fresh usage

Ledger Fresh builds a security-oriented web wallet interface interacting with an account smart contract on Starknet with different security validation mechanisms (such as creating an allowlist or relying on an external source of truth) depending on the device interacting with the account. This can be, for instance, either a WebAuthn device or a Ledger device. Moreover, this wallet can be enhanced/extended by external plugins.

Without a Ledger device

When starting his journey without a Ledger device, the user can register different WebAuthn devices (mobile phone, laptop, etc) to Ledger Fresh.

Ledger Fresh will provide additional guidance when an operation is risky, or the user account value is significant enough to get protected against malware with a Ledger device.

Switching between security profiles or modifying the current security profile will be performed with a customizable delay and notifications to allow users to cancel the operation if it was initiated by malware.

Adding a Ledger device

Adding a Ledger device provides full protection against malware – thus security operations can be confirmed instantly on device (What You See Is What You Sign). The user will also be able to bypass security restrictions set to the account (for example a spent amount per day) if and only if using a Ledger device.

Future Ledger Fresh services

In the future, we plan to extend the support of Ledger Fresh – both by connecting other chains to Starknet and by supporting the same concept on different chains if it is economically viable.

Additional services will also be implemented as plugins, such as a multi-signature service or a trustless legacy service allowing to send crypto to a predefined address if the account has been idle for some time.

Ledger Fresh plugins – technical deep dive

Plugins must follow an interface defined here. All functions need to be implemented. Is_valid_signature validates a signature made off-chain and can be called by other contracts. Validate is the function that allows the plugin to validate a transaction. This function cannot read the state of other contracts. Initialize is called when adding a plugin, and it is a delegate call, so your storage variable must be prefixed by your plugin name to be unique.

If you need more functions in your plugin, the account features an “executeOnPlugin” method to perform arbitrary calls to your plugin. This is used to do a delegate call on the plugin to update its state.

• SEO Powered Content & PR Distribution. Get Amplified Today.
• Platoblockchain. Web3 Metaverse Intelligence. Knowledge Amplified. Access Here.
• Source: https://www.ledger.com/blog/ledger-fresh-ledger-labs-plan-to-make-your-wallet-smarter