SCF #9
Simple Signer
by

A secure in-browser transaction signer

Awarded
Budget request:
$
*
WebsiteCode

Project Stage

Development

Category

No items found.

Based in

Argentina and Australia

Team size

Active since

2021
Products & Services

The Simple Signer project has one clear objective in mind: Reduce cognitive complexity to enter the Stellar ecosystem by providing a secure way to sign for Stellar transactions without installing a browser extension, and without providing your private key to the website that generates the transaction.

The Problem

In order to operate with the Stellar network, a user must: Create a stellar account, buy XLM, and either install a browser extension or use their private key directly on the website where they wish to spend their assets.


With many people still hampered by tech-illiteracy (or specifically crypto-illiteracy), the concept of installing a browser extension can be daunting: “Go into BrowserExtension website and create another account which will hold the keys for the Stellar account you just created, then install this browser extension and enter the details of your BrowserExtension account. You will use this browser extension to sign for transactions on other websites”, most users would find this user experience to be too convoluted.


It is complex workflows like these that, in part, deter users from getting started in their Stellar journey.


However, “Enter your password to complete this operation” is very well understood by any user who has ever done any financial transaction online (including mainstream online banking). The only way to implement this workflow today is to use the private key directly on the website that generates the transaction, but users can’t be certain of what the website will actually do with their private key.


The MVP Proposal

People are familiar with passwords; they have been around for a very long time, and anyone with internet access has had to use their password to authenticate at some point. Stellar Secret Keys are passwords in themselves (with the caveat that they cannot be changed).


The cognitive load is greatly reduced if people simply enter their private key into a website, but at the same time exposes them to a security problem. What if the website is malicious? It could then use their private keys to perform unwanted transactions.


The Simple Signer is a simple, yet secure approach that tackles this problem. Hosted in a trusted website, the Simple Signer comes in the form of an HTML widget that takes a transaction and offers the user to sign it inside the widget using their private key. The Widget will then return the signed transaction to the requesting website, never exposing the user’s private key.



The Simple Signer HTML Widget will be open-source to ensure transparency and auditability.


Into the Future: Help devs create secure Stellar applications faster

The Simple Signer Widget is a great entry point for crypto newbies to get started with the Stellar network; For the tech-savvy, it is no suitable replacement for browser extensions. Browser extensions are still extremely convenient as they allow multi-account handling and other advanced functions which are outside of the scope of this project (such as providing liquidity directly from the extension, as is the case with Albedo).


Today there are many wallets for Stellar; Albedo, Freighter, Rabet, etc., and developers have to integrate their projects with each one of them in order to provide the best range.


The Simple Signer will initially allow users to sign with their private key, but just as easily, it can allow users to connect their favourite wallet directly from the widget, and abstract the complexity of integrating with each individual wallet for Stellar developers, thus helping the community market their products faster.


Technical details

The technical implementation that makes the Simple Signer is rather trivial.


In its simplest form, by using an <iframe> that serves the Widget in a bespoke domain, the parent website cannot access its content or modify it1 as the communication happens from child to parent, meaning the Simple Signer Widget can communicate with the parent, but not vice-versa.


The HTML Widget would take an XDR as a GET parameter, exactly like Stellar Laboratory `https://laboratory.stellar.org/#txsigner?xdr=AAAAAgAAAAABBIe6EMmfpv%2FNWJ…` and would present a user-friendly explanation of the operations that are happening inside that transaction. Finally, it will ask users to sign it and once done, invoke the window.parent.__handleSignedTransaction method and pass in the signed transaction as a parameter.


In this way, the private key is never leaving the Widget’s site.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#scripting


No items found.
Previous Project(s)
No items found.
Progress so far

The project is in the prototyping stage. It doesn’t have users so far, aims to operate worldwide, and no funding has been raised.

Goals

Simple Signer will launch a secure widget that supports displaying all types of operations in a transaction, and allow users to sign for it using a private key that never leaves the widgets domain in the first 3 months.

Simple Signer will allow developers to embed widgets with configurable wallets (at least 2) in the first 5 months.

Simple Signer will allow developers to embed widgets with configurable brand colours in the first 6 months.

To get there, we request a budget of  
$
*
  to:

This project will be led and coordinated by myself, however: I also run argentinaprograma.com (https://www.youtube.com/channel/UCXfQLgiBQPIzBp8-nRsG0KA) which is a free initiative to teach people to program in Argentina, and I often run small paid projects for people to gain real-world experience. I will recruit 2-3 students to participate in this project for 3-6 months.

I will also require freelance support from a senior UX designer. The project will be conducted using Agile methodologies.

Additional information

PROBLEM & SOLUTION

The Simple Signer project has one clear objective in mind: Reduce cognitive complexity to enter the Stellar ecosystem by providing a secure way to sign for Stellar transactions without installing a browser extension, and without providing your private key to the website that generates the transaction.


In a second phase, it will also solve the problem of multi-wallet integration for developers.


TARGET MARKET                    

Our target market in the first phase is anyone who wants to get started with the Stellar network but is currently so detached from the crypto world that the concept of installing browser extensions deters them from participating. This is especially true in places where inflation is rampant, such as Argentina [1], where more and more people are looking to enter the crypto world to easily exchange their pesos for a more liquid asset, but in many cases they do not have the tech-literacy required to understand the required steps to get started, because they are too many. Our project targets those who want a simpler approach to operating with the Stellar network.


Stellar developers will also benefit from this project, as it allows them to integrate with a simple-to-use widget that simplifies the experience for their users. In a second phase, it’ll allow them to quickly integrate with all the popular wallets in one go.

   

REVENUE MODEL

This is a free and open-source initiative and as such, it does not have a revenue model.

INDUSTRY AND MARKET RESEARCH

The Stellar network keeps growing, an extra ~1.5 M accounts have been created in the past year [2]. With some blockchain fees making them unworkable or accessible to most of the world, Stellar is becoming a more attractive blockchain to work with.


Developers will also benefit from this project, as it allows them to integrate with a simple-to-use widget that simplifies the experience for their users.



In terms of the LATAM market, specifically Argentina, according to a report by economic daily El Economista, Argentines hold some US$130 billion within the financial system — estimated to represent about eight percent of the actual physical stock of dollars in the world — and another US$175 billion “under the mattress,” as Argentinians like to say.


Cryptocurrency P2P transactions have risen from US$200,000 in late 2019 to US$600,000 last year, according to data from ChainAnalysis. [1]

               

THREATS AND OPPORTUNITIES

Strengths: Ease of use (simplicity) for both users and developers, intimate knowledge of the target market (Argentinian dev team).


Weaknesses: The project will always be focused on simplicity and as such, it will lack the more advanced functionalities that other wallets or transaction signers have to offer.


Opportunities: In the second phase, the project is likely to evolve into a wallet-hub of sorts, a one-stop for connecting all wallets and excellent browser extensions that already exist in the market. The simple technical design means that it can be reskinned and other widgets can be developed (for instance a “Connect wallet” widget as opposed to a fully fledged transaction signing widget).


Threats: With some countries banning cryptocurrencies all together or looking to heavily tax them, this is always going to be a threat to the adoption of this project.


Other well established projects could copy this idea and release their own widgets.

COMPETITION

Browser-extension based wallets and signers such as Albedo, Freighter, and Rabet. Even though it is a different target market, the reality is that it will compete for users who are starting out their crypto journey.


MARKETING AND  SALES        

Marketing (or rather, announcements/discovery) will be mostly done via Reddit, Stellar Developer Discord, Keybase, etc. The marketing strategy is to announce this project and its milestones, verifiable through a public and open-source github repository.



RESOURCES AND RELATIONSHIPS

In terms of relationships, I am the founder of an online community that teaches people to program for free in Argentina (http://argentinaprograma.com), and I intend to run paid internships for advanced students for 3 months to help me develop this project.


The project enjoys moderate success with ~4k students in the Slack community and the proposal has already gathered interest.



1 https://www.forbes.com/sites/afontevecchia/2021/06/28/a-crypto-revolution-in-argentina/

2 https://stellar.expert/explorer/public

Pitch deck
No items found.
Deliverables
First Deliverable

This fits in the Medium project scope < USD $50,000 bracket.

I will be launching a new product that aims to solve a real-world problem, and the result of the development efforts will be publicly available and free for anyone to use.

The development effort will be led by myself, but I will make use of my existing argentinaprograma.com online course and through a paid internship, recruit 2-3 developers to help me with the project for 3-6 months, which has the added benefit of letting them get real-world experience which will prepare them for their next job. A paid software internship in Argentina costs ARS ~50,000. The total development cost is expected to be the majority of the budget with around USD ~7,000 for 6 months worth of development, which is likely to include more features beyond the ones described in the MVP.

I will also be in need of a senior UX designer to craft a beautiful user interface at a rate of USD ~13/hr for a total of ~2,000 USD for ~1 month of work across the first 6 months of the project. The other USD ~1,000 will be used for miscellaneous expenses such as hosting (which we anticipate will be fairly cheap, if not free), small marketing activities and regular expenses.

Team

Fabricio Leonardo Sodano Pascazi

Lead developer

15+ years of experience in Software Engineering, including managing teams of 100+ around the globe across Product Engineering, QA, Platforms, Mobile, Data and Security, with experience managing multi million dollar tech budgets, currently working in the FinTech industry.

Founder of argentinaprograma.com, a free online course for people in Argentina with an active community of ~4k+ students who regularly connect with each other on Slack, where I also run small paid internships for students to be able to get their first job in the industry.


There will be 2 other members of the team yet to be selected from the argentinaprograma.com community.


Regarding my experience with Stellar:

I have built tangoswap.com (now acquired by answap.io), being the first operational liquidity pool in the Stellar network (even before CAP38).

I have also developed a Stellar Turret utility to manage and run contracts, generate XDR Tokens and see general Turret information in an open source project found at https://answap-io.github.io/tss-admin/


linkedin.com/in/fsodano

The students selected to deliver this project are:
Leonel Gauna
https://www.linkedin.com/in/leonel-gauna-15590716b/



Mauricio Genebrieres
https://www.linkedin.com/in/mauricio-genebrieres/



Viktor Agustín Luzny
https://www.linkedin.com/in/viktor-agust%C3%ADn-luzny-41529617a/"