Architecture
A detailed look at the architecture of a Walletium crypto wallet: from key storage to blockchain interactions 🔍
Scope and Goals
Unique Stack: Hybrid (custody + non-custody), multi-chain, crypto-fiat, multi-platform wallet with custom accessibility/privacy regulation.
Target Audience: Telegram users and people connected to the crypto world.
User Experience Goals: User-friendly design, security, ease of use, unique tools, and cost-saving on fees.
Security First
Key Management:
Wallet keys are stored on a separate server in encrypted form.
Users can add their own keys or store them independently.
The company does not have access to users' keys.
Secure Communication Channels:
The Daemon Engine is a central pillar of the project.
New blockchain networks and their tokens will be added in the future, enhancing the platform's capabilities.
User Authentication:
2-Factor Authentication (2FA) for added security.
End-to-end encryption to protect user data and communications.
Cloud-based encryption for additional security layers.
Core Components
Wallet Engine Features:
Envelopes: A new method for transferring funds, allowing users to send "envelopes" with their assets.
Virtual Cards: Capability to create virtual cards for transactions.
Address Management: Ability to add public addresses, groups of addresses, or address + key for fund movement and transaction signing.
Cross-Blockchain Swapping: Swap functionality between different blockchains.
Funds Management: Deposit and withdrawal capabilities.
Media Center: A section where users can access news and updates related to the crypto world.
Personal Payments: Personal payments via direct links.
Payment Receivers: Creation of payment receivers for channels, other bots, and platforms.
Staking: Ability to stake assets.
Proportional Storage: Funds storage in proportions instead of specific currencies.
Watch-Only Wallets:
Address Management: Users can import or add addresses to the watch-only wallet.
Transaction History: The wallet displays a complete transaction history for the watched addresses.
Balance Information: Real-time balance updates are provided for all watched addresses.
No Sending or Receiving: Users cannot send or receive funds from a watch-only wallet.
Blockchain Interaction:
Batching Transactions: Grouping multiple transactions into a single batch to reduce blockchain interactions.
Caching Blockchain Data: Caching frequently accessed blockchain data to minimize direct queries.
User Interface Design:
Platform: The wallet is designed as a Telegram Mini App, leveraging Telegram as the platform.
Privacy: The mini app does not leave digital traces on the user's or provider's side.
Accessibility: Push notifications for easy access and security control.
Media Center: A compact media center within the wallet keeps users updated with news.
Knowledge Base: Access to a comprehensive crypto knowledge base.
Ease of Use: From registration to deposit and first withdrawal, the wallet aims to be the simplest and most user-friendly crypto wallet in the world.
Scalability and Performance
Performance Expectations:
Web API + Business Solutions: Provide external P2P connections and business solutions.
Direct Payments: Support for personal payments via direct links.
Proportional Asset Management: Ability to store funds in proportions rather than specific currencies.
Horizontal Scaling:
Adding More Servers: As the load increases, additional servers can be added to distribute the workload.
Load Balancers: Distribute incoming traffic across multiple servers for efficient processing.
Microservices Architecture: Application is broken down into smaller, independent services, each scalable based on its resource requirements.
Content Delivery Networks (CDNs):
Offloading Static Content: Use CDNs to distribute static content like images, stylesheets, and JavaScript files, reducing the load on the origin server.
DDoS Protection: Implement measures such as rate limiting and use a CDN with DDoS protection to mitigate attacks.
Data Management
Data Minimization:
Collect only essential data for wallet functionality.
Avoid storing unnecessary personal information.
Secure Storage:
Encrypt user data at rest with strong algorithms (e.g., AES-256).
Consider using hardware security modules (HSMs) for extra protection of sensitive data like private keys.
Data Encryption in Transit:
Encrypt all communication channels between user devices and wallet servers using TLS/SSL.
Regular Security Audits:
Conduct regular penetration testing and security audits to identify and address vulnerabilities.
User Education:
Educate users on best practices for data protection, such as using strong passwords and enabling 2FA.
Compliance with Regulations:
Adhere to relevant data privacy regulations (e.g., GDPR, CCPA) for responsible data handling.
Backup Methods:
Mnemonic Phrase: A list of randomly generated words representing private keys; users should securely store this phrase in a physical location.
Seed Phrase: Used similarly to a mnemonic phrase for wallet restoration.
Private Key Export: Users can export private keys as files, although this method is less secure.
Wallet File Export: Exporting the entire wallet, including private keys and transaction history.
Cloud Backup: Offering cloud backup options where wallet data is encrypted and stored on remote servers.
Restoration Methods:
Using Mnemonic or Seed Phrase: Allows users to restore their wallet on a new device.
Importing Wallet File: Wallets can be imported using exported wallet files.
Restoring from Cloud Backup: Users can download and restore their wallet from the cloud backup.
Recovery Procedures:
Regular Backups: Ensure frequent backups of wallet data, including private keys, transaction history, and other relevant information.
Multiple Backup Locations: Store backups in multiple locations (e.g., physical, cloud) to prevent data loss due to a single point of failure.
Backup Verification: Regularly verify the integrity of backups to ensure they can be restored successfully.
Integration with Other Systems
External Services and APIs: This information will be updated soon.
Security Considerations for Integration:
Risk Assessment and Vendor Due Diligence:
Conduct a comprehensive security assessment of the third-party service provider.
Investigate the provider's reputation, history of data breaches, and compliance with security standards.
Review the provider's data privacy and security policies to understand how your data will be handled.
Assess the provider's incident response plan to determine how they handle security breaches.
Data Security:
Share only the necessary data with the third-party service (Data Minimization).
Ensure data is encrypted both at rest and in transit.
Implement strict access controls to limit who can access shared data.
Conduct regular security audits to identify and address vulnerabilities.
Authentication and Authorization:
Use robust authentication methods like multi-factor authentication (MFA) to protect access to the third-party service.
Implement Role-Based Access Control (RBAC) to grant appropriate permissions based on user roles.
Securely manage API keys and other credentials used to access the third-party service.
Security Testing:
Conduct regular vulnerability assessments to identify potential weaknesses in the integration.
Perform penetration testing to uncover vulnerabilities and assess the system's resilience.
Regularly conduct security audits to evaluate the overall security posture.
Incident Response:
Develop a comprehensive incident response plan to address security breaches effectively.
Conduct regular incident response simulations to ensure preparedness.
Establish clear communication channels for reporting and responding to incidents.
Contractual Obligations:
Ensure a clear Data Processing Agreement (DPA) outlines data sharing, processing, and security responsibilities.
Define service levels in the Service Level Agreement (SLA), including security requirements and penalties for breaches.
Plan for the termination of the relationship, including data retrieval and security measures.
Continuous Monitoring:
Implement systems to detect unusual activity or data breaches (Anomaly Detection).
Regularly analyze logs for suspicious patterns or security incidents.
Keep the third-party service and your systems up-to-date with the latest security patches.
Architecture Diagrams
Data Flow Diagrams:
Data flow diagrams will be used to illustrate the system architecture, showing how data moves through the system and how components interact.
Development Methodology
Prioritization:
Features will be prioritized based on their value to the user and the overall project goals.
User-Centric Approach:
A strong focus on user experience and feedback will drive development decisions.
Version Control System:
Git: The preferred choice for version control, offering distributed nature, speed, and powerful branching capabilities ideal for managing code changes efficiently.
Testing Strategy:
Unit Testing: To verify individual components for correctness.
Integration Testing: To ensure that different components work together as expected.
Security Testing: To identify and mitigate security vulnerabilities.
Performance Testing: To assess the system's performance under various conditions.
Usability Testing: To evaluate the user interface and overall user experience.
Additional Features
HD Wallets:
Key Generation: HD wallets will generate public and private key pairs deterministically from the master seed, ensuring consistency and reproducibility.
Address Generation: The wallet will generate multiple addresses for each account, providing better privacy and security.
Multi-Signature Wallets:
Status: Coming soon.
Hardware Wallet Integration:
Status: No integration planned.
Watch-Only Wallets:
Functionality:
Address Management: Users can import or add addresses to the watch-only wallet.
Transaction History: The wallet displays a complete transaction history for the watched addresses.
Balance Information: Real-time balance updates are provided for all watched addresses.
No Sending or Receiving: Users cannot send or receive funds from a watch-only wallet.
Use Cases:
Monitoring Funds: Investors or traders can track the movement of funds without controlling the assets.
Portfolio Management: Users can monitor their cryptocurrency holdings across multiple wallets or exchanges.
Cold Storage Verification: Watch-only wallets can be used to verify the balance of cold storage wallets without exposing private keys.
Auditing: Businesses or organizations can use watch-only wallets to audit their cryptocurrency transactions.
Documentation and Maintenance
Scheduled Updates
Regular reviews and updates will be conducted to ensure the document reflects the current state of the architecture.
Now let's take a look at the Walletium Deep Paper ➡️
Last updated