@identity.com/cryptid-cli

v0.1.4
Sign transactions and configure Cryptid DID Wallets
oclif

Readme Versions Dependencies Scripts

Cryptid

Cryptid is a protocol and client-suite that brings the power of Identity to Solana.

Traditionally, the way to identity yourself on the blockchain is through ownership of a private key. You essentially are your private key. Assets are owned and transactions are signed using this key.

Cryptid changes this, by establishing an identity layer on the blockchain, specifically on Solana. It does this by providing a general-purpose, flexible proxy account between the user and their private keys. Instead of assets being owned and transactions signed by a single private key, these assets are now owned and transactions are signed by a Cryptid account.

Try it out at cryptid.identity.com or install the cli.

Contents

Screengrabs

Balances

Balances Screen

ID Overview

Balances Screen

Features

  • Create a Cryptid account from your existing Solana wallet
  • Access your funds across multiple devices without sharing key material or relying on off-chain infrastructure
  • Cryptid allows you to rotate your key if it becomes compromised, ensuring you can keep control of your identity even if your wallet is breached. Even your initial wallet key can be rotated!
  • Interact with dApps
  • Through the "controller" feature, Cryptid accounts can be connected together. This allows:
    • fully on-chain and secure trust accounts
    • individuals can control assets belonging to dependents
    • corporate wallets - company executives can share control of a company wallet without sharing keys

On Our Roadmap

M-of-N Multisig

Cryptid currently supports 1-of-N multisig. We plan to expand this to support threshold-multisig.

Spending limits and restrictions

An important part of the Cryptid model is the ability to add restrictions to a Cryptid account. We plan to support:

  • Spending limits
  • Recipient whitelists (all fully non-custodial and on-chain)

This will allow use-cases such as:

  • "savings accounts" protected by cold-storage keys, with a "current account" balance on a hot wallet, all under the same account
  • non-custodial account recovery, either social or via a third-party
  • subscriptions - secure and non-custodial standing orders for periodic payments on-chain.

Self-Sovereign Identities

DIDs (Decentralized Identifiers) are the standard identifier for self-sovereign identity. It is a globally unique identifier and independent of any central authority.

Cryptid use the did:sol did method on Solana. The use of DIDs in Cryptid means that we can tie it to up to verifiable credentials, and add claims on your Cryptid account.

As an example. We can have a verifiable way that an NFT creator that has created an NFT under key X is a particular artists. We can add a verifiable credential to that identity, have it discoverable on-chain (either directly on-chain, or via a link that's discoverable on-chain) - that attests to who they are.

Frequently Asked Questions (FAQs)

What is a Cryptid account?

A Cryptid account is an identity in the form of an individual, company, pet, "inanimate object" or any real world thing you can think of.

Cryptid account can have zero or more keys associated with it. Accounts with zero keys can be controlled by a separate entity. Accounts with multiple keys will allow a Cryptid account to preform actions like:

  • Multiple devices accessing the account
  • Key rotation and account recovery
  • Hot and cold storage

How do I create a Cryptid account?

All existing Solana wallets are automatically compatible with Cryptid. If you have a wallet, you have a Cryptid account automatically. Connect your wallet at cryptid.identity.com to test (devnet only at present). Your cryptid account has a new address, but is backed by your existing wallet, and transactions you make with it are signed with your existing wallet key.

How much does a Cryptid account cost?

By default, your Cryptid account is free. Anyone with an existing Solana account already has a Cryptid account they can start using.

Advanced usage of Cryptid requires additional information to be registered on-chain, which incurs a cost imposed by Solana. The details of these costs are explained in detail in the Solana documentation

Do dApps need a special integration to use Crytpid?

No! We are planning to include Cryptid as a supported wallet within Solana's Wallet Adapter which would make the utilization of Cryptid completely transparent towards the dApp. It's just one more option for the user to chose from.

Who really owns the funds in my Cryptid address?

On-chain your Cryptid address is owned by the System Program however the Cryptid Signer program is the authority for it which makes sure that only keys and/or controllers in your Cryptid account are able to sign for it. Therefore, if the program is secure, your funds are too.

Before launching Cryptid on Mainnet we will go through an extensive audit process, so that you don't only need to take our word for it!

Lastly, since Solana generally allows programs to be updated, there would be a potential attack vector there. We will make sure that the Cryptid program is either (1) not upgradable or (2) in the complete control of a multi-sig DAO structure. The latter would even be able to support account recoveries via the DAO.

Why does the world need Cryptid?

We understand that direct private key ownership is the ultimate level of control for any address or program on a blockchain. However, we envision the future world of web3 much more nuanced than this! Private Key ownership is absolute, either you have it or you don't. With this restriction, all higher level access mechanism are pushed off-chain into a world of centralized services like custodial wallets or exchanges.

In contrast, we would like to see all these current and future features realized on-chain where everyone can transparently see and verify them.

Getting Started

To contribute to Cryptid, please check out the code of conduct.

To build and test locally, first install the prerequisites and dependencies.

  1. Install NVM and Yarn 1.x
  2. Update node:
nvm install
  1. Install the dependencies
yarn

Program

To build the Rust Solana program, please ensure:

  1. You have the Solana tool suite installed locally by following the steps here.
  2. You have the Rust tool suite installed locally by following the steps here

Once Rust and Solana are installed, build using:

cargo build-bpf

Run the program functional tests using:

cargo test-bpf

Client

The Cryptid client library provides functionality for signing transactions and managing Cryptid DID wallets. It is required by the CLI and Wallet UI.

  1. Build the client:
yarn workspace @identity.com/cryptid build
  1. Run the unit tests:
yarn workspace @identity.com/cryptid test
  1. Run the e2e tests (you must first compile the Cryptid Rust program (see Program above):
yarn workspace @identity.com/cryptid test-e2e

CLI

The cli tool provides utilities for signing transactions and managing Cryptid DID wallets.

  1. Run the tests:
yarn workspace @identity.com/cryptid-cli test
  1. Run the cli locally:
yarn workspace @identity.com/cryptid-cli cryptid

CLI usage instructions can be found in the readme.

Wallet

The wallet provides a user interface for signing transactions and managing Cryptid DID wallets.

  1. Start the test validator:
yarn start-validator
  1. Start the Cryptid wallet:
yarn workspace @identity.com/cryptid-wallet start

Technical Details

Cryptid uses meta-transactions to abstract the key from the identity. Transactions signed by a Cryptid account are, in fact, wrapped in a meta-transaction. The meta-transaction is signed by a private key and then sent to the Cryptid program The Cryptid program validates that the private key has the permissions to sign the transaction from the Cryptid account, according to the associated identity stored on chain.

The identity information is represented as a DID, using the SOL-DID program. It associates an identity with:

  • a set of rotatable keys
  • a set of permissions on those keys
  • a set of controllers

Signing permissions

A key is permitted to sign a transaction from a Cryptid account if:

It is listed on the DID as a capabilityInvocation key

OR

It is permitted to sign on one of the controllers of the DID. Controllers of DIDs are themselves DIDs, and the controller relationship is transitive. So a controller of a DID may sign transactions for that DID, or any DIDs that it, in turn, controls.

Meta-Transactions

The initial instructions in a transaction are serialised and added as data to the Cryptid transaction. This serialization adds some overhead to the transaction size, meaning that some transactions that initially fit within the transaction size limit may now exceed it. On the roadmap are plans to allow transactions to be chunked to avoid this limitation.

npm i @identity.com/[email protected]

Metadata

  • MIT
  • >=16.0.0
  • identity.com
  • released 10/28/2021

Downloads