Defly Wallet and Private Keys
TL;DR
Defly’s mission is to bring DEFI in Algorand to mass-adoption by focusing first and foremost on the user. Many of our design choices derive from this core mission and in this post we highlight how Defly uses your private keys to facilitate trading.
You need an account to actively participate in Algorand. All account information, including an account’s transaction history, is publicly stored on the blockchain where everyone can read it. To manipulate an account and sign transactions you need the account’s passphrase. How you store a passphrase matters. You can delegate somebody to do it for you (custodial wallet, central exchanges) or you can manage this yourself (non-custodial, decentralized exchanges). Defly is a non-custodial wallet optimized for trading in Algorand’s growing DEFI ecosystem. The app uses your smartphone’s underlying secure storage mechanism to store your passphrases. What follows is a description of how exactly Defly is designed. We hope this will help you make informed decisions on securing your funds.
What is an Algorand account / address / passphrase / wallet?
Any user who wants to participate in Algorand needs an account, similar to an account on a centralized platform like Google or Facebook. An Algorand account has a public address (like a username or an email address) and it is protected by a passphrase (like a password). The passphrase is known under various names, e.g., seed phrase, mnemonics, private key, recovery phrase, backup phrase, etc. Unlike a centralized platform, in Algorand the address and passphrase are not chosen by the user, but they are derived from a cryptographic process. The public address is a 58-character string and the passphrase is commonly represented by a list of 25 words. Here’s an example of a public address:
YFLSR54RYJYTGUY3BUBJYVLYJMBDMCGCZD6OR3F2SEPSSWCIYB7ISFBNOA
And a 25-word passphrase looks like this (note that this is not actually a valid passphrase):
stadium wallet include into follow front cement twelve board absorb cube initial salmon shrimp circle census follow soup urge swift fault piece differ lunar dumb
A user can freely share her public address (and often has to, if she wants to receive a payment, for example). The passphrase, however, must be kept private.
It is important to understand what one can do with the public address and/or the passphrase. To begin with, all data on Algorand is publicly available. Given an account’s address, anyone can, e.g., look up the balance of that account (e.g., how much ALGO does the account hold?). Likewise anyone can see what this account has done in the past (e.g., what transactions this account made, etc.). The passphrase is only needed to authorize (a.k.a “sign”) outgoing transactions. That is, if a user wants to send ALGO or an Algorand Standard Asset (ASA) to someone else, she needs to cryptographically sign this transaction with her passphrase.
Typically, users do not enter their address and passphrase every time they want to make a transaction. Instead, they store their account credentials in a wallet for usability and safe-keeping. Both aspects – usability and safe-keeping – are central to Defly and are an important topic that we will get back to. Thus, a wallet is a convenient tool to manage your accounts (wallets can contain multiple accounts) and ease the signing process for every outgoing transaction.
There exist a number of wallets in the Algorand ecosystem, e.g., MyAlgo, Pera Wallet. MyAlgo is a web-based wallet, whereas the Pera Wallet is available as an iOS and Android app. It is important to understand that an account can be used simultaneously in many different wallets. That is, you can, e.g., create a new account in MyAlgo and later import it in the Pera Wallet. You can even use both wallets with the same account at the same time. This is akin to using your Facebook account on Facebook’s webpage and simultaneously using Facebook’s iOS or Android app. Technically, you’re always using the same account, but you’re using it in different applications.
The Status Quo in Algorand DEFI
Today, when a user wants to trade on a decentralized exchange (DEX), she commonly uses at least three independent services: a market viewer (e.g., Tinycharts) to see how the market performs, a DEX (e.g., Tinyman) to initiate a transaction, and a wallet to sign the transaction (e.g., MyAlgo, Pera Wallet, etc.).
All of these services do an outstanding job on their own but having to use three services to perform one task adds a lot of friction where none should be. In addition, these services may ask users to do things that they do not understand or care about, like opting into an asset, or opting into a smart contract. This can easily overwhelm potential first-time users and scare them for good.
Defly sets out to solve these problems and integrating a wallet is a crucial aspect to accomplish this goal.
Defly – The DEFI Wallet
Defly is a non-custodial wallet, specialized for decentralized trading. Non-custodial means that the app can store account credentials such that users never have to leave the comfort of the app during trading. We believe this is crucial for a great user experience, especially for new and inexperienced users.
It is important to note that Defly is still usable and, in fact, also useful if you do not provide your account’s passphrase, or even your account’s public address. If all you want to do is look at the market, see some charts, etc., you do not have to provide any account information at all. If, however, you want to see your account balance or your past swaps and transactions, you have to provide your account’s public address (but not your passphrase). Only if you want to trade from within Defly you have to provide your account’s passphrase.
Being a non-custodial wallet that can store passphrases puts a lot of responsibility on Defly’s shoulders. After all, whoever has access to an account’s passphrase has access to the account’s funds and can sign any transactions in that account’s name.
Providing your passphrase requires a great deal of trust and we are writing this article to be as transparent as possible about what we do, why we do it, and most importantly how we do it. We’ve already argued why it is important to have a built-in wallet and the remainder of this article explains how we keep your account credentials safe.
Defly uses your smartphone’s underlying secure storage mechanism to store your passphrases. On Apple iOS this is Keychain and on Android this is EncryptedSharedPreferences. It is important to note that this is how Apple and Google recommend an app should store a secret. These built-in secure storage mechanisms were designed and implemented by expert cryptographers and are used by many other apps to store credit card information and other sensitive data. We do not implement any encryption ourselves and solely rely on the operating system’s underlying secure storage mechanism.
Defly reads the passphrase from secure storage only after a user confirms a transaction (e.g., to swap, send funds, add assets, etc.) or the user wants to export the passphrase (e.g., to import it somewhere else). In no other case does Defly read the passphrase. Importantly, Defly is designed for the passphrase to never leave your device. We also disabled having the stored passphrases synchronized on iCloud or backed up on Google’s servers. Note that when the app is uninstalled on an iOS device, the corresponding Keychain entries that store your account credentials are not deleted by iOS. To fully wipe your account information (address and passphrase), explicitly remove the account in Defly, which will clear the respective Keychain entries.
How Defly compares to other Wallets, security-wise
Let us look at two other popular non-custodial wallets in the Algorand ecosystem, the Pera Wallet and the popular MyAlgo Wallet.
Example 1 (Pera Wallet). The Pera Wallet comes as an iOS and Android app and is very similar to Defly when it comes to how it uses your passphrase. The wallet is open-source, meaning its source code is publicly available and can be found here. Looking at the source code, one can see that like Defly, the Pera Algo Wallet uses the operating system’s underlying secure storage mechanisms to save the passphrases securely. In the Privacy Policy of the Pera Wallet, it says: “The Application uses the private keys solely for the purpose of signing transactions. These keys are stored locally on your mobile device and Pera Wallet will have no access to them.” The same applies to Defly.
Example 2 (MyAlgo Wallet). MyAlgo is a web-based wallet that can be accessed from any browser. Importantly, MyAlgo stores account credentials in the browser’s cache such that they never leave the user’s device (as a consequence, if a user clears the browser’s cache, the passphrases get deleted). The account credentials are encrypted with a user-chosen password before they are stored in the local cache. While a browser based wallet is not directly comparable to Defly, they are similar in that they store only encrypted versions of your passphrases in their respective local storages. And in both cases passphrases never leave the user’s device.
Defly Wallet – Next Steps
Defly already combines the three essential aspects to become the go-to Algorand DEFI wallet: a market viewer, a DEX and a wallet. However, we are not stopping there. While becoming the first DEX aggregator on Algorand is the top priority, we are working on even more features to make Defly all the more useful to you.
Security Audit
Defly uses the same state-of-the-art techniques that other wallets use to keep your account credentials safe. We will go one step further and undergo a security audit by an independent auditor to make sure that all features and especially the passphrase handling of Defly are extremely secure and safe to use. Our current timeline is that the audit is completed by the end of March.
Support for Hardware Wallets
Hardware wallets (e.g., Ledger) are considered the most secure way to keep your account credentials safe. Passphrases never leave a hardware wallet: they are created on the device and stored there. If a user wants to make a transaction, it is first sent to the hardware wallet, where it is signed and then sent back to the user.
Many people have (rightfully) asked if we are going to support hardware wallets in the future. The short answer is yes, we plan to add support for hardware wallets.
The biggest challenge when adding support for hardware wallets is to ensure a smooth user experience. On a technical level, a swap on a DEX consists of several transactions that the user must authorize. For example, on the Tinyman DEX, it can take more than five transactions to perform a swap (this includes possible opt-ins, the swap itself, and redeeming possible excess amounts). Defly hides this complexity from its users. However, this complexity leaks to the users once they use hardware wallets, because they have to review and sign every single transaction on their hardware wallet. Defly will try to make this process as smooth as possible for users.