One of the most annoying and error prone aspects of crypto trading is the process of deposits and withdrawals from exchanges.
Take a look at this Bittrex deposit dialog for Ardor
Let’s think together about all the things which can go wrong when you send your precious Ardor tokens from your account to Bittrex.
- You can mistype the account address — not a real risk since the account address has internal error correction.
- You can forget to include the message or mistype it. Your funds will still go to Bittrex, but Bittrex won’t be able to credit your account, so expect a looooong discussion with their customer support team.
- You may mistakenly deposit Ardor into an Ignis address or vice versa. Again, expect a looooong recovery process for your funds.
- A deposit from another exchange to Bittrex or from Bittrex to another exchange may not specify a message, so it will get lost as well.
- Even if your deposit does specify a message, some exchanges expect plain text messages while you may send it encrypted or vice versa.
But things can get much worse …
6. What if instead of connecting to Bittrex.com, you were tricked into connecting to, say, Bitrex.com? Let’s assume for a moment it’s a phishing site aimed to steal your funds, if you don’t notice the difference you will happily deposit into the address they provide you, losing all your tokens.
Exchange withdrawal process suffers from similar problems as well. For example, what if you withdraw your funds to a newly created account and then forget the passphrase? Say bye bye to your precious tokens.
But even just sending crypto between friends or businesses is risky. When you email your account address and amount without any authentication, what if someone intercepts this email and changes the address or amount? Can we do better? Yes we can!
Our Solution — Transaction Vouchers
Think about transaction vouchers like an invoice. A request to pay a certain amount to a certain address signed by the private key of the recipient. The idea is based on the Bitcoin Payment Request proposal but using the rich functionality of Ardor/Ignis, we can do so much more.
Say, Alice wants Bob to pay her 100 IGNIS. She logs into the Ardor wallet using Bob’s account and sends payment as if she were Bob. Of course, she does not have Bob’s passphrase, so she cannot submit the transaction. Instead, she signs Bob’s payment using her passphrase and generates a voucher.
Alice then downloads the voucher and emails it to Bob.
Bob receives the voucher and loads it into the Ardor wallet. The Ardor wallet automatically verifies that the voucher signature is valid and that the voucher bytes are a correct representation of the voucher transaction JSON. After validation succeeds, the wallet presents Bob with the request, it shows Alice’s address as the recipient, the amount she wants him to pay, any attached messages and any other transaction parameters.
All Bob needs to do is validate the data, sign, and submit the transaction using his passphrase.
Bob is sure that the voucher is authentic, since any changes an attacker might have done to it, will prevent it from being validated by the wallet. Bob is also sure that Alice knows her account passphrase since otherwise she couldn’t have generated the voucher in the first place. Finally, both Alice and Bob now have a document for their bookkeeping, proving to each other and anyone else that the payment was requested.
You can watch me demo the concept in this video from a workshop I ran in Norway back in March 2018.
Now think about the Bittrex exchange deposit process. Instead of asking you to send tokens to an address with an attached message, Bittrex could generate a voucher file that you can import into the wallet which contains their deposit address and the message they want you to send them. Perhaps they will also let you scan a QR code with this data. All you’ll need to do, is load this voucher into your wallet, double check the recipient address with the well known Bittrex account, sign, and submit the transaction.
But vouchers are not limited to payments. They can be used for any transaction type supported by Ignis. For example Bob wants to delegate a poll vote to Alice. Alice logs in as Bob and generates a voting voucher, then sends it to Bob by email and asks him to sign and submit it.
Or, as another example, Charlie, a forging pool operator, wants Bob to lease his balance to his pool. Again he performs the leasing request on behalf of Bob, then sends a voucher that Bob needs to sign and submit.
However, it’s important to note that vouchers do not depend on the wallet. Alice and Dave can generate the voucher using an API and Bob can validate and sign them using an API as well. All the processing can even be off loaded to lightweight contracts since vouchers can be used to trigger lightweight contracts and lightweight contracts can generate vouchers. More on this in my next article.