IMPORTANT The wallet is Not Stable, and at this point you should use it with real money only at Your Own Risk.
- 1 Initial warning
- 2 Introduction
- 3 Testnet support
- 4 HD Wallet
- 5 Ultra-Light
- 6 Server
- 7 Identities
- 8 Backups
- 9 Pockets
- 10 Stealth
- 11 Mixing
- 12 Multisig
- 13 Contacts
- 14 Lobby
- 15 Block explorer
- 16 Notifications
- 17 Privacy and anonymity
- 18 Tools and settings
- 19 Extra credits
- 20 Known Issues
- 21 Community
- 22 How to help
The DarkWallet alpha release is our first release, aimed at showing and validating the different features with the community, before we have to settle it as finished and stable.
You can Create an identity in testnet to avoid risking real money with this alpha software.
Also: Keep your seed safe, if anything happens and you have the seed we can maybe help, otherwise it can be impossible and you can lose everything!
For any next releases we may require that you take all funds out from the wallet in order to restructure the internal organization.
Welcome to the DarkWallet software, a next generation wallet designed with the heart, by the people and for the people.
This is fully experimental and bleeding edge concepts put together into a wallet, whose initial 3-4 months development has been funded by a crowdfunding where more than 1000 people from around the world put money forward to make this happen.
We have made a wallet that will make use of new mechanics to better preserve the financial privacy and freedom of users.
In this release we have what we can call "feature complete", at least for the basics of what can make a 1.0. This doesn't mean we're there yet, there is a lot of work to be done, and maybe still 1 or 2 breakthroughs.
What we present: Stealth, coinjoin, 'multisig support, pockets, an innovative interface
We would like programmers and cryptographers to look into our code now, and look for obvious blunders and errors, to question our mechanics, we would like users and pilots in general to test out new concepts and give valuable feedback in order to make a very good stable release when the time comes.
At this point there will be no production level support, that doesn't mean we won't be helping everything we can, but we have to balance how to use our time so we can also keep working on a final stable release where things are expected still to change a lot. Other members of the community are encouraged to join the party to help and guide new people. Bring testcoins ;-)
The wallet is not to be considered stable at this point!. Preferred way to use it is through testnet.
For those that don't know, testnet is a clone network for bitcoin testing and a testing currency separate from bitcoin.
You can get test bitcoins asking in the darkwallet lobby or on internet faucets.
The wallet supports to choose the network at the moment of identity creation, and it can't be changed afterwards (for now).
Note: Our server has some problems at the moment on testnet, so you may not see transactions until they confirm (possibly including the ones you send). Sorry about the inconvenience, the libbitcoin backend team is working day and night to fix this ASAP.
The DarkWallet can generate unlimited addresses from a single seed, that can take the form of a 12 word mnemonic (subject to change by a bigger one).
By keeping the seed safe, the user is guaranteed never to loose access to her bitcoins, and we take the same path as Electrum in requesting the user to input the seed before continuing with identity creation to make sure they don't try to cheat.
As additional technical note, we create several hardened bip32 branches for stealth scanning, identity and communication keys. These are derived from the wallet in hardened mode so we can keep it "open" when needed without compromising the rest of the wallet.
We derive Stealth address from spend main node for the "pocket".
More information about bitcoin hd wallets.
DarkWallet works by connecting to an obelisk server for all of the blockchain queries and getting notifications about changes in the bitcoin network.
We don't initially download headers or otherwise check the history from obelisk at this point. We blindly trust it.
This means initialization is very quick, we don't even really save previous history but at the moment just recreate it every time by downloading it again (of course this will change for the release).
The wallet won't connect the first time you initiate the browser until you open it for the first time. This will likely change to the first time you click the icon, or be configurable so you can also have it starting with the browser itself.
In way for a release, the idea is to download headers in background and check everything with SPV, without compromising immediate use. In any case we will be look into different ways to get proof of the history obelisk provides.
- SPV checking of history or otherwise
- Obfuscating address history through bloom or prefix queries.
The wallet connects to a gateway, that itself connects to obelisk, using a new c++ alternative implementation of bitcoin: libbitcoin. It has been two years in the making with a lot of time put into getting a good architecture and great performance.
It will still need some heavy testing and field validation, and is also undergoing heavy development right now with an ever expanding team of developers.
The gateway is a development made for the darkwallet and allows websocket clients connecting and querying obelisk, bitcoin tickers and also hosts a simplistic chat system over which we base our communications.
We encourage people to install their own Obelisk/Servers, but we haven't had the time to review and configure all in the darkwallet, so for now we are using our own server that comes as default.
The gateway also has a bitcoin broadcaster that can run stand alone and used by other projects.
More information at: DarkWallet/Gateway
DarkWallet supports the user having different identities.
At the moment just one identity can be open at any one moment, and identity can be switched to resume using a different one. All of the user preferences are stored inside the identity, like contacts, servers and even transaction history, to maintain good identity isolation.
- Multiple identities open at the same time (after 1.0).
- Logging out and in an identity so only by providing the password can any information be accessed.
- Shadow identities that don't appear in the identity list
By keeping the seed safe the user can make sure they won't lose their funds, but what about the other metadata that will be attached to the wallet over time? Pocket names, contacts, transaction labelling... the wallet becomes less useful without that data, and with dark wallet we want to provide a powerful backup system allowing to backup identities in a safe and proven way.
Backups can be made of either one or many identities at the same time.
At the moment we use our own custom way of making the backup that involves dumping the identity store and encrypting it with aes 256 bit.
- More general import export options
- Compatibility with backups from other wallets
- Sharing backups with trusted contacts
The wallet is organized into different pockets. Each of these pockets can hold its own bitcoin addresses and history separated.
The mechanics in the wallet are defined so usually one is spending from one or other pocket to avoid mixing histories in a more natural way.
Each pocket has an mpk, and can be set in mixing state.
We start with several pockets:
- Spending: For general quick spending, the users 'hot' wallet
- Savings: For keeping your longer term savings
- Business: For doing trade and business
Any number of pockets can be created, this is a new way to organize the wallet looking to better manange long running wallets, and we're looking forward to hear feedback from the community.
Stealth addresses are a new form of bitcoin addresses that solve the problem of address reuse.
They allow the sender to generate new addresses for the receiver, and sending without anyone watching the blockchain knowing the receiver is the owner of the original stealth address.
The required extra data for the receiver to know the transaction is for her is included in the blockchain together with the transaction by using the OP_RETURN instruction.
You can see how a stealth transaction looks like.
Note: OP_RETURN is just supported as standard in the bitcoin network in recent versions of the mining software, so not all miners will confirm or propagate the transactions, this means at this moment sometimes they can take a bit longer to confirm. Also you probably won't see the unconfirmed transaction, but this is more an issue in our obelisk interaction or in obelisk.
More information at DarkWallet/Stealth.
The wallet supports a simple form of coinjoin mixing.
This works by some users setting their pockets in "mixing" state, so they will register on a coinjoin channel in the lobby and wait for ppl making joins.
Note: At the moment the mixing pockets will revert to "not mixing" when restarting the browser for security reasons. Later on you will be asked for a password to restart them.
When sending, the transaction is sent to an internal mixer, that starts announcing on the coinjoin channel, if another peer answers, both will negotiate a shared transaction that includes both peers inputs and outputs. If successfull the final transaction will be sent into the network.
The initial announce goes over an encrypted but public channel where other anonymous peers can be listening (thats the idea). The announcement goes with a public key, so any messages after the announcement will be encrypted using ECDH. Check the section on lobby (below) for more information.
Note: When sending the darkwallet will always first try mixing for 60 seconds. You can disable this from the advanced send, but the option will stick. We will keep it this way but in the future offer options to configure it.
- General hardening, should validate tx more!
- Improve state machine from the mixer always exit properly
You can see how a transaction from the mixer looks.
More information at DarkWallet/CoinMixing.
DarkWallet supports creating and spending multisig funds.
Multisig funds are special bitcoin addresses that can be spent from only by a number of participants signing the transactions. This means accounts can be held among several people or devices, and several signatures (above some threshold) will be needed to spend.
At the moment, spending and communicating the funds is quite manual, transactions have to be copy pasted from one user to another, but the plan is to leverage the wallet communication capabilities to make this transparent to the user for the release.
Note: To create a multisig funds you need to add public keys, not just regular bitcoin addresses. You can do with stealth addresses (they actually have a public key) or look for "copy public key" button in darkwallet or other bitcoin wallets.
- Better style for ongoing transactions, they have their own tab now but should appear with the other transactions and controls for up or downvoting.
- Automatic sending of the fund to relevant contacts.
- General review of the forms and layout.
- Maybe allow chatrooms linked to funds so communications over funds can happen there
- Adding keys from contacts is broken at this moment you need to copy paste
At DarkWallet's heart we have a powerful contacts system. Each contact can have several keys or addresses attached, in order to better correlate all information.
Possibly later on it will be possible to share generic information with the contacts, but this is still to be designed.
Right now this is still quite rough, so expect big improvements in contact page.
- Layout in contact page
- Trust and reputation control
- More filtering options
The wallet has the need to have some lobby or meeting point in order to meet other users to then proceed with more private communications.
At the moment we added a very simple chat system in the obelisk gateway, so we can use it with that purpose, in the future there are plans to move away from that model into a more decentralized system.
The lobby works by separating conversations into channels, where channels are chosen client side to have a name and encryption password depending of its name, that should be communicated only to conversation participants. This provides a first layer of defense, althouth it's important to note that publicly known channels like the Trollbox or CoinJoin are compromised and should be used only for pairing or trolling.
Once channel communication is established, the peers exchange public keys, allowing to generate shared secrets and move to p2p encryption.
The chat present in dark wallet at the moment is an experimental feature, and builds on the lobby feature to just introduce a chat.
- Encrytion on the channels is now using aes256 ccm with sjcl js library.
- All communication is encrypted with the channel name, and the channel name in the server will be a hash, giving a protection similar to a bitmessage mailing list where if others don't know the name the communications are private.
- Elliptic curve on communications is curve25519. We have chosen this from investigating on bitcoin forums but is subject to change as we get feedback on this issue, for now it serves as an implementation we can test against.
- Encryption primitives and libraries are still subject to change, as we test new ways to do things and finally remove all cruft.
- Identity is not implemented yet, but will likely build upon gpg, bitcoin and ed25519 signatures so we can build a web of trust, take from existing systems and use something else for channel communications.
- The transport for the lobby is supposed to be some broadcast medium, where we are using our own custom one, it is planned we can move to different systems, like bitmessage or openbazaar.
- Private communications are DH on top of the lobby, later can go to a different channel, lobby or even transport.
- Send identity key and signature, so trust and reputation can be built.
- Private chat is missing but possible (coinjoin uses it though).
- Relinking identities after cloak changes.
The wallet features a simple block explorer that works by fetching information from the obelisk server in real time.
At the moment it can show transactions and addresses, and in the future will show also blocks as well as more throughful information about transaction, scripts, funds, etc.
The wallet uses an icon in the browser extension area to inform about the number of open notifications.
Notifications show rich information about different events:
- Ongoing transactions (less than 6 confirms)
- Ongoing mixes
- (future) Multisig requests
The popup area is still being fully developed, now features widgets for calculating bitcoin to fiat, and a quicksend.
Privacy and anonymity
At this point the wallet doesn't make any special claims about privacy or anonymity while using it.
We have been tying up together all the building blocks to have a system that can actually protect the user, but not everything is assembled yet, thus this notice.
Tools and settings
There is a section for general tools, where the user can configure some of the expected items, like showing btc or mbtc, preferred fiat currency.
There is another section for advanced tools, where you can find the browser and tools for signing or checking bitcoin signed messages.
Both sections need a layout and style review but everything in them is functional.
Credit for developing the details about the implementation for the stealth idea goes to Peter Todd. Credit for the original idea goes to ByteCoin and others who provided input.
This is an alpha, and not everything works, not everything that works works perfect, and there are glitches.
Check the following more detailed list and up to date list: DarkWallet/Alpha/KnownIssues
Here is a quick list of the issues known at the time of release:
- In testnet unconfirmed transactions may not be seen (this is an issue with the server).
- The wallet does not reconnect if disconnected from the server
- Some buttons are disabled since they're not implemented yet (some actions to move funds among pockets).
- Stealth is received properly but may not show properly the first time a transaction and stealth address is detected (balance shows but the tx says +0). You need to restart the browser to resync the history properly.
- We don't really store the transaction history so you can always restart the browser your history will sync again.
- Unconfirmed balance or change pending may not show properly. It can be confusing since when you send change will be discounted from your balance till the transaction confirms.
- The mixer state machine is not very refined and after a failed interaction outgoing transactions can fail to mix or go out. Another transaction with the same outputs can be made only after restarting the browser to resync history. (this usually means you may not be able to send until you restart the browser).
- We don't always reserve outputs from the wallet, this means you may see you have balance but you can't spend. Usually either wait for transactions to confirm so the balance is definitely reserved (spent), or restart the browser to re-sync your outputs.
- Feedback when sending is not very good at the moment.
- Design in some areas is still quite rough
- Some parts of the interface may not refresh information at some moments.
- Some heavy processing makes some computers lag in some situations (like signing bitcoin transactions or checking stealth that happens now and then). We will implement budgeting of resources as well as sending tasks to background so they won't hog the frontend.
We invite everyone to join in the following places:
How to help
Check the DarkWallet/HowToHelp document on how you can help us in creating the darkwallet and everything that lies beyond.