Please login or register.

Lunlumo: Cold Signing automation via QR code + full GUI + py[...]

lunlumo 6 Month Plan

A python3 GUI for Monero that with automated cold transaction signing via QR code streams.

source: https://github.com/nasaWelder/lunlumo

by u/NASA_Welder

demo: https://www.youtube.com/watch?v=JuoPNsaDcAs

email: [email protected]

Current Features

  • Full Monero GUI for desktop Linux and Raspberry Pi (armv7)
  • Automated Cold signing via QR code stream + webcam between Hot(watch-only wallet) and air-gapped (full wallet) machines
  • Send / Receive normally via daemon connection with Hot full wallet
  • Account Switching
  • Subaddress selection and generation
  • Comes with a python wallet-cli wrapper library that can be used standalone for your other needs (API not stable yet, but certainly useable)

Why?

I want to help make Monero simpler to use, and increase security of user funds. I think that lunlumo rivals hardware wallet security because it uses open source software, and non-cryptocurrency specific hardware. Additionally, hardware wallets should be able to be used WITH lunlumo for an added layer of security. I don't exactly trust the closed source firmware of current hardware wallet projects (excluding the community funded effort).

My background is in process automation and since I'm wrapping the cli (initially) I will be able to roll out these features faster than projects that rely on other backends.

FFS Milestones

(some milestones may be done out of order)

1

  • March Hardfork integration (increase lowest ringsize, testing against frozen monero codebase)
  • Scan receiver address via QR code
  • lunlumo point release
  • re-license lunlumo to be FFS compliant (I'm the only contributor, so it will not be complicated)

2

  • Multisig cold-generation and cold-signing automation
  • arbitrary file transfer via QR in a standalone library

3

  • Hardware wallet integration into GUI/cold-signing process
  • Restore wallet from Keys without typing / or mouse
  • Export watch-only wallet to hot computer via QR code and create it automatically

4

  • Wallet meta-data transfer and backup (saving/transferring address book and account/subaddress info separately from keys for transfer/backup/merge)
  • Formal API for cli-wrapper library

5

  • Add some GUI features for monero cli functions at my discretion (sign file, add address_book, "set" cmds)
  • September Hardfork integration (fix breaking changes to CLI, testing against frozen monero codebase)
  • lunlumo v1.0 release

Background tasks (not apart of FFS)

  • Integration with android / iOS apps

Funding

  • 26 weeks (approx.)
  • 10 hours/wk (average)
  • $65 / hr (including 15% self-employment tax / income tax, opportunity cost, overhead)
  • 15 % volatility buffer (probably not enough)
  • $211 current XMR quote (Kraken)
  • = 92 XMR

Dependencies

lunlumo wraps the monero-wallet-cli. You must download the offical binaries from www.getmonero.org Note: The goal is to eventually provide all dependencies via this github account for simpler trust verification.

The following assumes Ubuntu Mate:

  • sudo apt-get install python3-tk # this comes standard on some distributions, including ubuntu mate for raspi.
  • sudo -H pip3 install Pillow --upgrade # >= 3.4
  • sudo apt-get install libzbar0 libzbar-dev
  • sudo -H pip3 install setuptools --upgrade
  • sudo -H pip3 install zbarlight
  • pip3 install --upgrade pip
  • sudo apt-get build-dep python-pygame
  • sudo apt install python-dev
  • sudo -H pip3 install pygame
  • sudo usermod -a -G video timepi # raspi only

Hardware / Setup

The GUI can be used standalone, on an internet connected computer for normal transaction usage, however, lunlumo's intended purpose is to allow cold transaction signing via QR code stream between 2 computers.

Internet Connected Linux Computer

  • running lunlumo
  • watch-only wallet
  • v4L webcam

Air-gapped Computer (or Raspberry Pi)

  • running lunlumo
  • full wallet
  • v4L webcam (or Raspberry Pi Camera)
Tested Webcams
  • Logitech c170 ($20)
  • Dell integrated webcam from 6 year old laptop
Replies: 7
apxs94 edited 5 years ago Replies: 1 | Weight: 0 | Link [ - ]

This is incredibly cool. Currently I really like the idea of cold transaction signing, but haven't invested the time into figuring out the process. Likely I'm not the only one held up by the technicalities + lack of spare time. Thus am very keen for something that simplifies the process and maintains security.

impact edited 5 years ago Weight: 0 | Link [ - ]

Awesome idea. Cold signing thus far is... Clunky at best.

Gingeropolous edited 5 years ago Replies: 1 | Weight: 0 | Link [ - ]

this is awesome.

could this run as the hot wallet (view only) on a phone? I would imagine it'd be much easier to have 1 phone and 1 computer as opposed to 2 computers facing each other.

I'm also curious if having multiple QR codes per "screen" would increase the speed, but I guess that might be the same as increasing the amount of data stored in 1 QR code (u had that slider thing). Though I think QR codes have some error correction in them, so perhaps having multiple instead of 1 big one might work.

so cool. Thanks for doing this.

And this, folks, is how you do a FFS.

Reply to: Gingeropolous
NASA_Welder edited 5 years ago Weight: 0 | Link [ - ]

Thanks! I'm working with phone app devs now so they can be the hot wallet. Multiple QRs would work, but to be most efficient the entire Y direction would need to be one QR, so probably not to much room in X to consistently scan all QRs. It's on the bottom of the list. Biggest speed up would be closed loop status sharing.

Reply to: apxs94
NASA_Welder edited 5 years ago Weight: 0 | Link [ - ]

This currently does what you are looking for, try it out from GitHub.

drfred edited 5 years ago Weight: 0 | Link [ - ]

very nice project, going to support it for sure!

michael edited 5 years ago Weight: 0 | Link [ - ]

Good idea. This might nicely complement current hardware wallet design efforts, which already support QR code generation and may someday support NFC transmission for that like RF.