xx network Forum

(for feedback) XXB-2026-XXX: Haven Contacts & Identity Backup Bridge via Ledger Hardware Wallet

nobody March 15, 2026, 2:41pm 1

Problem Statement
Haven users store their contacts (codenames + associated pubkeys) and identities (encrypted JSON) locally via the secure KV extension or localStorage (fallback). In case of loss, breakage, theft, or device change (smartphone, computer), recovery requires a prior manual backup (JSON export/QR code).
Without an accessible and secure backup, users lose their identity and contact networks (groups, DMs), which hinders adoption for sensitive use cases (communities, whistleblowing, high-security scenarios).
Ledger provides isolated storage already supported for xx network tokens via the “xx network” app. Reusing this for Haven contacts backup/recovery would dramatically improve resilience without compromising privacy.

Proposed Solution
Develop a third-party browser extension (Chrome + Firefox) that:

Reuses the official KV extension (XXB-2024-003) for primary storage of Haven contacts/identity.

Adds a Ledger bridge (via WebUSB/WebBluetooth) to:

Sign/derive the WOTS+ portion of contacts (via single-seed Sleeve)

Encrypt/backup a minimal contacts list (pubkeys + hashes) or derive an encryption key for the full list, with anti-duplication mechanism + contact list updates from Haven with hardware confirmations

Enable recovery: connect Ledger → unlock → import contacts/identity to a new device.

Simple UX: buttons “Backup ID/Backup Contacts to Ledger” / “Restore from Ledger” with hardware confirmations.

Optional: contact list visualization and deletion in xx.wallet with hardware confirmation.

Local passphrase fallback if no Ledger.

Open source, auditable, limited to “sign only” operations to minimize risks.

Milestones Milestone 1: Design & Proof-of-Concept

Analysis of official KV API + existing Ledger xx app.

Architecture design (WebUSB bridge, WOTS+ derivation via single seed, minimal backup format).

Minimal PoC: extension that lists contacts from KV and signs a hash via Ledger.
Deliverables: Design doc (Figma/Markdown), initial GitHub repo, PoC demo video.
Estimated cost: ??

Milestone 2: Core Implementation + Ledger Bridge

Development of third-party extension (React + JS for UI, Ledger SDK bridge).

Integration: load contacts from KV, encryption/derivation via Ledger, backup/restore flows.

Unit tests + cross-browser (Chrome/Firefox).
Deliverables: Full code, detailed README, automated tests.
Estimated cost: ??

Milestone 3: Security, Testing & Polish

Community (or external) code audit.

Beta testing with users (contact migration, device-loss scenarios).

UI polish, error handling, user documentation.
Deliverables: Audit report, beta version, tutorial.
Estimated cost: ??

Milestone 4: Publication & Final Documentation

Submission to Chrome Web Store + Firefox Add-ons.

Complete docs (how-to backup/restore, compatibility).

Forum announcement + xxDK integration examples.
Deliverables: Store links, forum update post.
Estimated cost: ??

Total Budget
50,000 USD ??

Note:
It would probably be necessary to add a “contact/group to archive” button in Haven.
Could xx.wallet allow a list view of contacts (in a dedicated section to avoid any confusion with the wallet)?

I reasonably believe the foundation could propose co-financing of 50/50 or even 70/30 to Ledger if they wish = new use case for Ledger + xx market cap is still very low.

Motorola is going to create smartphones with GrapheneOS pre-installed. That’s huge news!
Xx is an exceptional project!
I have no doubt about the project’s success.
xx + Haven + Ledger + GrapheneOS = unbeatable combo.

Thanks to the team and validators, you’re fu.king bosses!

rothbardian March 25, 2026, 1:20pm 2

What’s the privacy risk of someone discovering you have NatteringNabobOfNegativism in your Haven contact list? What other risks result from someone finding these xx Network identities?
How do they know these are really your contacts and not just something you put in the file to confuse them?

Complete docs (how-to backup/restore, compatibility).

Okay, so your secret list of Haven nicks is super secure in Ledger, but then you make a backup copy - hopefully strongly encrypted to provide similar or better degree of protection.
Couldn’t we just skip the Ledger step, provide the ability to export encrypted contact list to a file which they can copy number of times and store in different locations?

nobody March 29, 2026, 4:41pm 3

Thank you for your feedback.

You’re right: storing contacts in a simple encrypted file (local + redundant backup) remains the simplest, most accessible, and most redundant solution for the vast majority of users. That’s actually what I recommend by default.
That said, I find the Ledger approach (or any other hardware wallet) particularly appealing a bit like a Yubico ++: both a strong authenticator and a physically isolated storage in the Secure Element. Concretely, we could store only a minimal encrypted version: the pubkeys + hashes of the contacts. Without the PIN and the physical confirmation on the Ledger’s screen, these data remain unusable, even if the device is stolen. This adds a real layer of physical isolation that neither a compromised phone nor a compromised PC can provide.
The advantages I see for Haven / xx network are multiple:

Partnership & funding: This “novel” use case could interest Ledger (co-funding, and later a possible integration into Ledger Live with a custom Haven app, etc.). It’s a concrete lever to move the project forward without relying entirely on the grants budget.

Marketing & adoption: Ledger owners (an audience already very sensitive to self-custody and privacy) would see this as a nice feature. It’s an excellent vector to introduce Haven to them. The purists of “don’t trust, verify” will be attracted by the client-side verifiability that xx network offers and that few other messengers provide today.
Of course, I’m not suggesting we limit ourselves to Ledger. Trezor and other hardware wallets must be supported to guarantee diversity and avoid any single point of failure (manufacturer, chipset, etc.). The user will then choose what suits them best.

Regarding daily usage: even with an encrypted file solution, managing the contact list remains a real issue (multi-platform: GrapheneOS, iOS, Windows, Linux…). The Ledger bridge is not a constraint, but an advanced option for those who want the maximum level of security.
Finally, going a bit further since you almost touched on it: in France (and elsewhere) spam via SMS and messaging has become a real plague. I can easily imagine an authorization system integrated with the contact list: for the first message, the sender must provide a 5-digit code (or an authorization request) that the recipient will have previously shared. If the contact is not in the authorized list, the message is blocked at the network level. This is exactly the kind of feature Zooko from Zcash was talking about recently. It would turn Haven into a truly clean and pleasant messaging app.
In short, I believe this grant proposal (identity backup + hardware bridge + communication control) deserves serious consideration. It strengthens both privacy, UX, and the “cypherpunk” positioning of xx network.
What do you think? I’m open to any counter-arguments. On the technical side, I think you’re better positioned than me.
And if others want to join the discussion, please feel free.
Thank you.