Problem Statement
Haven users store their contacts (codenames + associated pubkeys) and identities (encrypted JSON) locally via the secure KV extension or localStorage (fallback). In case of loss, breakage, theft, or device change (smartphone, computer), recovery requires a prior manual backup (JSON export/QR code).
Without an accessible and secure backup, users lose their identity and contact networks (groups, DMs), which hinders adoption for sensitive use cases (communities, whistleblowing, high-security scenarios).
Ledger provides isolated storage already supported for xx network tokens via the “xx network” app. Reusing this for Haven contacts backup/recovery would dramatically improve resilience without compromising privacy.
Proposed Solution
Develop a third-party browser extension (Chrome + Firefox) that:
Reuses the official KV extension (XXB-2024-003) for primary storage of Haven contacts/identity.
Adds a Ledger bridge (via WebUSB/WebBluetooth) to:
Sign/derive the WOTS+ portion of contacts (via single-seed Sleeve)
Encrypt/backup a minimal contacts list (pubkeys + hashes) or derive an encryption key for the full list, with anti-duplication mechanism + contact list updates from Haven with hardware confirmations
Enable recovery: connect Ledger → unlock → import contacts/identity to a new device.
Simple UX: buttons “Backup ID/Backup Contacts to Ledger” / “Restore from Ledger” with hardware confirmations.
Optional: contact list visualization and deletion in xx.wallet with hardware confirmation.
Local passphrase fallback if no Ledger.
Open source, auditable, limited to “sign only” operations to minimize risks.
Milestones Milestone 1: Design & Proof-of-Concept
Analysis of official KV API + existing Ledger xx app.
Architecture design (WebUSB bridge, WOTS+ derivation via single seed, minimal backup format).
Minimal PoC: extension that lists contacts from KV and signs a hash via Ledger.
Deliverables: Design doc (Figma/Markdown), initial GitHub repo, PoC demo video.
Estimated cost: ??
Milestone 2: Core Implementation + Ledger Bridge
Development of third-party extension (React + JS for UI, Ledger SDK bridge).
Integration: load contacts from KV, encryption/derivation via Ledger, backup/restore flows.
Unit tests + cross-browser (Chrome/Firefox).
Deliverables: Full code, detailed README, automated tests.
Estimated cost: ??
Milestone 3: Security, Testing & Polish
Community (or external) code audit.
Beta testing with users (contact migration, device-loss scenarios).
UI polish, error handling, user documentation.
Deliverables: Audit report, beta version, tutorial.
Estimated cost: ??
Milestone 4: Publication & Final Documentation
Submission to Chrome Web Store + Firefox Add-ons.
Complete docs (how-to backup/restore, compatibility).
Forum announcement + xxDK integration examples.
Deliverables: Store links, forum update post.
Estimated cost: ??
Total Budget
50,000 USD ??
Note:
It would probably be necessary to add a “contact/group to archive” button in Haven.
Could xx.wallet allow a list view of contacts (in a dedicated section to avoid any confusion with the wallet)?
I reasonably believe the foundation could propose co-financing of 50/50 or even 70/30 to Ledger if they wish = new use case for Ledger + xx market cap is still very low.
Motorola is going to create smartphones with GrapheneOS pre-installed. That’s huge news!
Xx is an exceptional project!
I have no doubt about the project’s success.
xx + Haven + Ledger + GrapheneOS = unbeatable combo.
Thanks to the team and validators, you’re fu.king bosses!