I’ve been working on adding MWC support to the Ledger Nano X hardware wallet for a few months. The code is pretty much done at this point, however I’m stuck on securely generating bulletproofs with the device.
Here’s the code:
Using the secp256k1_bulletproof_rangeproof_prove function directly on the device would require the hardware wallet to have significantly more RAM and takes a noticeable about of time to perform on such a low range device, so this approach isn’t possible for the Ledger Nano X.
For the time being, I’ve implemented commands that return a blinding factor’s private nonce and that return a blinding factor multiplied by a provided scalar so that I could test sending/receiving MWC, however the latter command can easily be used to expose a blinding factor.
Can anyone think of a way to compute or partially compute a bulletproof on a low range device that doesn’t compromise security?