Tagged

In Emojis We Trust

How Argent uses Emojis to secure your wallet

Matt Marshall
Sep 13, 2018

Argent is breaking down barriers to mass adoption of the Ethereum ecosystem, starting with a simpler, safer wallet. At the heart of our approach is making crypto intuitive, not intimidating.

The challenge is how to make user security as frictionless as possible. Our efforts have been helped by some unlikely characters.

Argent uses emojis to make cryptographic hashes easier for humans to use

If you’re thinking “WTF!?”, we forgive you. Here’s some context.

As we build Argent, we’re developing client apps that primarily interact with the Blockchain via HTTP proxy nodes. These are the interaction point for your wallet (until light client nodes become viable). However, this isn’t always enough to create an outstanding user experience that’s familiar to users.

We knew we could improve usability and communication by building several auxiliary cloud services. But we had to do so without compromising the security or trust inherited from a decentralized blockchain. How?

We followed our team’s first rule: “don’t trust the backend” (meaning, “don’t trust ourselves”). The services exist only to provide an enhanced user experience that any mobile customer would expect (e.g. push notifications, user-to-user communication). The end-user interface, the mobile app, can validate the data it receives against multiple sources to establish trust with the decentralized wallet.

An example of this is our smart wallet’s use of actions that require multiple users’ digital signatures (signed by their private key). Here’s a clear example based on our model of account recovery, which uses Guardians:

Alice has bought a new iPhone and wants to recover her wallet on the new device. To do this, her Guardian, Bob, needs to approve the recovery request.

Or, more technically:

Bob needs to provide his digital signature to authorize the transfer of the wallet’s ownership to Alice’s new public address for her new device.

Now comes the issue of trust. How does the Guardian, Bob, know that he’s approving the right recovery request to Alice’s new iPhone? How can we prevent the interaction between Bob and Alice from being compromised? We have to ensure there’s never a Man-In-The-Middle attack whilst they communicate over Argent’s network. And we have to go beyond taking all possible precautions to secure our cloud infrastructure.

The solution? Emojis. With a little help from cryptography.

First, we show Bob (the Guardian) a series of emojis. These represent a hash of the new account address (the public key on the new iPhone). Meanwhile, we show Alice (the owner of the new phone) the same series of emojis, hashed from data received over Argent’s network. Both hashes are calculated client-side to help validate the authenticity of the new account address.

Argent crypto wallet multisig recovery using emojis

Next, Alice & Bob talk via a different medium, i.e. a phone call. They do this to: a) verify the recovery request is genuine; b) check no one has tampered with the new public key on its journey across our Argent network - by confirming they see the same emojis.

That’s it!

This may seem deceptively simple, and it’s meant to be. We use familiar mobile interactions to dramatically enhance security in a simple and friendly way. And we do this without increasing complexity.

So please, emoji hash away! Here’s our emoji hash code in Swift if you wish to use it in your own project.

Ready to get started with DeFi?

Argent is a simple, secure, all in one wallet for investing in DeFi

Download Argent

Related Blogs

Secure, Simple and Seedless

A new model for decentralised wallet recovery

Building Ethereum Dapps on iOS with web3.swift

A new, open source library for Dapps

Argent: Solving Dapps’ Dirty Secret

How to not sacrifice your security when using Dapps

Own It

We use 🍪 cookies to personalise your experience on Argent. Privacy Policy

Accept

HQ London, made with ❤️ across Europe