At Zondax, we've been committed to securing users' assets since 2018. Our team's dedication has driven collaborations in areas like hardware wallet support and core SDK components, with a particular emphasis on cryptography. Our efforts are geared towards enhancing user experiences, improving performance, and making technical advancements within the cryptography module. Additionally, we actively contribute to the integration of Rosetta into Cosmos SDK, continuously working to maintain and enhance its features for optimal performance.


Our Journey with the Cosmos SDK

Since our inception, we've been tirelessly dedicated to developing and maintaining the Cosmos Ledger App. Our work, supported by the Interchain Foundation, involves continuous collaboration with other Cosmos SDK developers and Ledger. These types of partnerships ensure that the Ledger app can recognize and process all new message and transaction types introduced by any team that relies on the Cosmos SDK, providing users with a seamless and secure experience.

The Transition from Amino Json Mode

Historically, Cosmos SDK has utilized a sign mode known as Amino Json Mode for transaction signing. While Amino has served its purpose effectively, the evolving needs and capabilities of the Cosmos SDK have led to the exploration of new methods for transaction signing that can be more flexible and generic. As part of our ongoing commitment to improving and adapting the SDK. This new mode, Sign Mode Textual, is designed to complement the existing capabilities of Amino. 

The Birth of Sign Mode Textual

Enter Sign Mode Textual, a new string-based sign mode specifically designed for hardware devices but not limited to them only. We took on the challenge of developing this new sign mode. Our team worked diligently on the Ledger app side to deliver support for Sign Mode Textual, ensuring that it did not break any backwards compatibility with other sign modes, including Amino.

How Does Sign Mode Textual Work?

In Sign Mode Textual, a transaction is rendered into a textual representation. This representation is then sent to a secure Ledger for the user to review and sign. The textual representation is displayed as a sequence of screens. Each screen is designed to be displayed in its entirety, even on small devices like a Ledger. This method allows for complete display and review of the transaction details, enhancing the security and user experience.

There is a one-to-one relation between the binary transaction and the textual representation. This is to ensure by the node. This way, hardware devices and their software can be kept as generic as possible.

The Impact of Sign Mode Textual

The introduction of Sign Mode Textual marks a significant step forward in the realm of secure and efficient transaction signing. It addresses the limitations of the previous sign mode and provides a generic, secure and user-friendly method for signing transactions with hardware devices.

Our contribution to this development has been instrumental in pushing the boundaries of what's possible in transaction signing. Our efforts in Sign Mode Textual underscore our dedication to improving security and efficiency within the blockchain industry.

The Technical Details of Sign Mode Textual

Sign Mode Textual was officially accepted and implementation started in 2022. It is designed to be invertible, meaning that the rendering of the transaction can be parsed back into a proto message equivalent to the original. This ensures that the rendered text contains the full information of the original transaction, not a hash or subset.

The rendering function may depend on the current chain state, which is useful for reading parameters or user-specific preferences. However, if the observed state changes between signature generation and the transaction's inclusion in a block, the signature will be invalid and the transaction will be rejected.

For security, transaction signatures should have three properties: they must be possible to validate, it must be computationally infeasible to find a substantially different transaction for which the given signatures are valid, and the user should be able to give informed consent to the signed data via a simple, secure device with limited display capabilities.

The correctness and security of SIGN_MODE_TEXTUAL is guaranteed by demonstrating an inverse function from the rendering to transaction protos. This means that it is impossible for a different protocol buffer message to render to the same text.

The Future of Sign Mode Textual

Sign Mode Textual is purely additive and doesn't break any backwards compatibility with other sign modes. Once it is fully implemented and adopted, it will allow for the deprecation and removal of SIGN_MODE_LEGACY_AMINO_JSON, and in the long term, the complete removal of Amino from the SDK.

However, there are still open questions and areas for further discussion. For example, some non-representable characters (like emojis, or non-Roman letters) cannot be shown certain devices and as a consequence then might be shown as hexadecimal or UTF8 escaped sequences. There are also questions about whether Ledger apps can support both SIGN_MODE_LEGACY_AMINO_JSON and SIGN_MODE_TEXTUAL at the same time, and whether app developers should be allowed to overwrite the textual representation of certain Protobuf fields and messages.

Despite these challenges, the introduction of Sign Mode Textual represents a significant step forward in the security and efficiency of transaction signing in the Cosmos SDK.

Stay tuned as we continue to break new ground, streamline integration processes, and empower blockchain developers worldwide. Together, we're shaping the future of blockchain integration.

Join us on this thrilling journey into the world of Rosetta and Cosmos SDK v0.50. For more updates, visit www.zondax.ch, follow us on X, LinkedIn and Telegram.