You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This would be a nice security improvement, because it means that while a "hot" browser wallet stores your credential and knows your data, it can't present the credential without signature from the HW wallet, so hacking the hot wallet does not imply stealing the user's credentials or impersonating them (except if the public data on the credential allows you to fully recreate it for a different owner, but that is often not the case)
How: Research the precise capabilities of Mina's Ledger module. What we need is a hash on an arbitrary field element, instead of a hash on a Mina payment.
(Note: Probably we only have "legacy" Poseidon with x -> x^5 available on the Ledger which would mean we need to adapt the in-circuit signature scheme to that, which would be tolerable)
The text was updated successfully, but these errors were encountered:
This would be a nice security improvement, because it means that while a "hot" browser wallet stores your credential and knows your data, it can't present the credential without signature from the HW wallet, so hacking the hot wallet does not imply stealing the user's credentials or impersonating them (except if the public data on the credential allows you to fully recreate it for a different owner, but that is often not the case)
How: Research the precise capabilities of Mina's Ledger module. What we need is a hash on an arbitrary field element, instead of a hash on a Mina payment.
(Note: Probably we only have "legacy" Poseidon with x -> x^5 available on the Ledger which would mean we need to adapt the in-circuit signature scheme to that, which would be tolerable)
The text was updated successfully, but these errors were encountered: