Development update — Open source CLi light wallet, new components, and vulnerability patch progress

This is the first of a series of development updates which will be released once every two weeks.

CLi light wallet release and open sourcing

We are pleased to announce that our developers have made progress on the CLi light wallet, and are releasing a second iteration. The previous one was written in TypeScript while this one is now written in C# as the rest of the protocol. A ‘light wallet’ means that this executable is not a Tangram node and thus doesn’t participate in the membership protocol or consensus in the network. It is rather intended for everyday users to be able to broadcast and receive transactions or messages by connecting to the closest nodes in the network topology. CLi stands for Command Line interface, which means that while this version will have all the functionalities that have been implemented so far, it doesn’t yet offer a graphical interface. The source code of this release is available for anyone to review on the Cypher repository of our Github. Instructions to compile the source code for Linux, Windows and MacOS are available on the relevant Wiki page. Once downloaded and compiled, you can proceed to testing the different wallet processes. The list of current capabilities can be found here.

Note: For main-net the wallet will be pre-built and pre-packaged. Users will be able to unzip and run Cypher / Bamboo.

There have been multiple significant updates to the CLi light-wallet for this release. One change to take note of is the redemption process for rewarding of the wallet test-net coins and importantly Pederson Comitments. In previous releases, users were able to reward their wallet with as many coins as they wanted, however that has changed with this release.

The redemption of coins in this way can be seen as a “faucet” mechanism. The reason for this new redemption process is that it allows for only a set amount of coins within the network. This ensures that the mechanism for preventing double spends is fully implemented and may be tested, e.g. for bugs existing with the minting of new coins that exceed the total supply.

Coins for transfer will be made available in the near future.

Forked components for Tangram

We have forked relevant repositories from three other projects and implemented them in the Tangram protocol: The first two are secp256k1-zkp, which is Mimblewimble’s extension of the secp256k1 algorithm (already implemented in Bitcoin), and Secp256k1.Net. Secp256k1.Net was a wrapper for the previous version of secp256k1, and has been changed to serve as a wrapper for secp256k1-zkp. Together, they will serve as a support to implement Mimblewimble inspired commitment, range proofs and multi signature schemes and will be implemented in the light wallet and node software alike. The third repository forked was ed25519. This is utilized for leveraging Tor’s public/private key cryptography for signing message between nodes. In particular, these signatures are for inter-node communication in order to verify that a particular message is coming from a ‘valid’ node on the network. Furthermore, this algorithm might eventually come into play with slashing and delegated staking. More explanations on these different components and their roles will be made available in future articles. In the meantime, the projects are visible on our GitHub if you feel like taking a look. Code contributions will not be taken into consideration just yet but you can always raise issues if you have specific feedback or a feature request.

Download and view the updated CLi release:

https://github.com/tangramproject/Cypher

Vulnerability patch progress

Work to fix the previously uncovered vulnerability in the core protocol is still ongoing. The aforementioned components are being implemented with careful considerations regarding this situation and should help bring together the work being done towards a patch. When this is complete, we will be more comfortable proceeding with a test-net and subsequently the security audit. Further details regarding the vulnerability will be released at a later date.

If you’re interested, have questions and feedback:

Visit our website: www.tangrams.io

Read our blog: www.medium.com/@tangramd

Subscribe on Reddit: www.reddit.com/r/Tangrams

Discover us on Discord: www.discord.tangrams.io

Message us on Telegram: https://t.me/Tangrams

Follow us on Twitter: www.twitter.com/tangram

Watch on YouTube: https://www.youtube.com/channel/UCoe5hPG_zjltaG_j2n1Oh4Q

Email: info@getsneak.org