Zondax builds Cosmos

As core developers for Cosmos, the team at Zondax is dedicated to making significant contributions to the ecosystem. Our efforts have been focused on several areas, including hardware wallet support, cryptography, and the integration of Rosetta into the Cosmos SDK.

We're especially proud of our work on Sign Mode Textual, which is a new sign mode that allows hardware devices to sign transactions more securely. Cosmos SDK used to rely on a sign mode called Amino Json Mode to sign transactions. However, Amino has limitations and Cosmos has been making an effort to remove it from their SDK. Our team worked on the ledger app side to deliver support for Sign Mode Textual, ensuring that it did not break any backwards compatibility with other sign modes, like Amino. The transaction is rendered into a textual representation that is then sent to a secure ledger for the user to review and sign. This representation is displayed on screens in sequence, allowing for complete display even on small devices like Ledger. This new sign mode enables secure and efficient signing of transactions with hardware devices, solving the limitations of the previous sign mode.

Another area where we have been active is in the implementation of Rosetta in the Cosmos SDK. This involves the development of a standardized API that facilitates the integration of blockchain networks with other financial systems such as exchanges and wallets. Our team has been working hard to test and improve this integration to ensure that Cosmos can be easily integrated with other systems.

We have also been focusing on cryptography-related topics, such as the migration from bcrypt to AEAD, which makes our implementation more secure and retrocompatible. We use Argon2 for key derivation and have switched from symmetric encryption with Salsa20 to chacha20poly. This new method is more secure and efficient, utilizing the necessary tools to meet the demands of today's cryptography landscape.

We also discovered that the implementation of the secp256k1 algorithm in Cosmos' SDK is not constant time. We put this ticket on hold while we wait for a resolution to the implementation in GO. We have found that there is no audited code that meets the implementation requirements, and the cost/benefit ratio is not ideal.

Zondax has made significant contributions to the Cosmos blockchain platform, with a focus on enhancing its user-friendliness and security. Our work on Sign Mode Textual, Rosetta integration, and cryptography-related topics have made us an important contributor to the Cosmos ecosystem. We are committed to continue our efforts to make Cosmos an even more innovative and secure blockchain platform, and we are excited to be at the forefront of this ongoing development.

Relevant Links:

https://github.com/cosmos/cosmos-sdk/issues/7051https://github.com/cosmos/cosmos-sdk/issues/3129https://github.com/cosmos/cosmos-sdk/blob/1f7f35878e95b91467d9abf867ef5041237c08f7/docs/architecture/adr-050-sign-mode-textual.mdhttps://github.com/Zondax/cosmos-sdk/pull/509