Blind Signing Resistance

The security of WaaP is geared toward being like standard financial services: even though users custody their own funds, they shouldn't have to worry about losing them if their device is compromised. In standard financial servies this luxury is due to centralization: one company with a large budget for security controls the entirety of user funds. However, with WaaP, security is outsourced without a company being able to access any funds!

WaaP uses a combination of transaction simulation, malware-resistant multifactor devices, cold storage, and trusted execution environments (TEEs) to make negligable the risk of blind signing.

Communication Channel between Secure Device and TEEs

The way that WaaP resists blind signing is through a secure communication channel between a secure device, for example, a hardware wallet or mobile phone, and a TEE that runs multiple transaction simulations. The TEE sends the human-readable simulation response to the hardware wallet or phone, which gives a signature not of the transaction but of this response. This shows that the user has confirmed on a secure device what the readble transaction output is, rather than the raw transcaction itselfs.

Using with SAFE

WaaP can be used as a SAFE signer. If not using hardware wallets, this helps hedge the risk across multiple mobile phones. It also hedges against the risk of WaaP not existing; while we do not believe this is a serious risk, customers often have this concern. Hence, using WaaP as a signer on a multisignature wallet offers the security that in case WaaP doesn't exist or loses user keys, user wallets will still be recoverable. For this setup, the multisig should have a backup key in cold storage. This is used as a backup cold signer and WaaP is used as the a hot signer for everyday transactions because of its resistance to malware and blind signing.

How to setup WaaP against blind signing:

Please refer to this tutorial on X