I’ve been working on adding MWC support to the Ledger Nano X hardware wallet for a few months. The code is pretty much done at this point, however I’m stuck on securely generating bulletproofs with the device.

Here’s the code:

Using the secp256k1_bulletproof_rangeproof_prove function directly on the device would require the hardware wallet to have significantly more RAM and takes a noticeable about of time to perform on such a low range device, so this approach isn’t possible for the Ledger Nano X.

For the time being, I’ve implemented commands that return a blinding factor’s private nonce and that return a blinding factor multiplied by a provided scalar so that I could test sending/receiving MWC, however the latter command can easily be used to expose a blinding factor.

Can anyone think of a way to compute or partially compute a bulletproof on a low range device that doesn’t compromise security?

I made some progress with generating bulletproofs on a Ledger Nano X. I’m now able to calculate taux on the hardware wallet and use that and a private nonce to finish creating the bulletproof on a computer.

Does anyone who understands the bulletproof algorithm know if there’s any risk that comes with exposing the private nonce used in the secp256k1_bulletproof_rangeproof_prove function?

To some extent, exposing the private none === exposing the blinding factor of the commitment.

Btw, Grin has an ongoing implementation on this, but it’s not clear when it can be completed. But I think your implementation could be a better choice if you can complete it firstly.
Refs:

1. Grin ledger hardware wallet progress thread by @markhollis - Development and Technical Discussion - Grin
2. [LOCKED] Support Ledger Wallet - Bounties - Grin

Ok, I’ve removed the command that returns a bulletproof’s private nonce and replaced it with a command that returns a bulletproof’s t_one and t_two.

We can now securely generate a bulletproof’s tau_x, t_one, and t_two on a Ledger Nano X and use those values to finish creating the bulletproof on a computer.