TECHNICAL GRANT APPLICATION - MPC WALLET WITH DID+AA - Tier 3

APPLICATION INTRODUCTION
The Bitizen Wallet team has built the most advanced MPC-based wallet existing in the market, that provides a much safer and easier entry point for Web3 than any traditional wallets that have private keys and seed phrases. By applying for Conflux Technical Grant, Bitizen wishes to commonly integrate and further develop its technology and applications, helping the secure growth of the Conflux Ecosystem.

We are going to do an MPC + AA (EIP-4337) wallet solution for Conflux, which is specifically designed for Web3 projects to onboard Web2 users. The highlight is that the whole process is decentralized without any technical and knowledge barriers. It allows Web2 users who haven’t even heard of Bitcoin, to access NFTs, GameFi or other Web3 applications with zero barriers and smooth experience, with “no crypto slang, no KYC, no fiat deposits, no gas, and no blockchain knowledge." This is the only project on the market that is completely dedicated to converting Web2 users to Web3 users.

Underlying MPC cryptographic technology stands for Multi-Party Computation, that creates distributed and independent encrypted key shares, and allows multiple parties (or devices) to jointly co-sign the transaction, while completely removing a full private key. The MPC solution designed by the Bitizen team provides 2-of-3 TSS (Threshold Signature Scheme) that allows two out of three signing parties (mobile phone + server, or mobile phone + second device) to jointly compute the signature.

MPC technology will become a new benchmark for secure crypto wallets in the near future, removing the old standard of private-public key cryptography that is being currently used in Metamask, Trustwallet, TokenPocket, Bitkeep, Coin98 and other traditional wallets.

Right now Bitizen Team has fully working and operating Bitizen Wallet as a main product supporting Web3 Browser and Dapp Discovery functions, with its own SDKs and full WalletConnect v2 compatibility; while developing and adding more features at the moment, including Use-to-Earn (U2E), AA (Account Abstraction), DID (Digital Identity), Bitizen RewardBox, Bitizen Launchpad, GameFi Store, Bitizen DEX aggregator, DeFi aggregator, Fiat on-ramp solution, CryptoNews Hub and so on.

TEAM

Winson LIU - the Founder of Bitizen Wallet. Former Tencent & Sina Senior Engineer, skilled at cryptography engineering. Crypto OG, started mining and investing in BTC in 2013, long-term HODLer. Founded a privacy data marketplace protocol in 2017.

David Peng - CTO, Master’s degree in Cryptography from BUPT, former Blockchain Architect at Oracle, proficient in cryptography and blockchain, former core architect of a data marketplace protocol.

Nikita Ermakov - CMO, Master’s degree in Economics from Peking University. Former Head of Broker Department at OKX, Strategy Department Specialist at Huobi. Seasoned Russian expert in digital assets, multi language (EN, RUS, CH, KOR) & creative writer.

TG: nikitawins
TW: https://nikitashengli

James Jiang - Marketing and Global Growth Advisor. Former CEO of Global Markets at OKX Exchange Developed exchange’s both local and global operations and marketing since 2016. Since 2018 focused on overseas markets and served as the CEO of Global Markets, implementing his rich experience, team management skills, wide international network and resources in global marketing, greatly driving exchange’s performance, boosting revenue and user acquisition. Top-level marketing expert, with strategic vision and entrepreneurship spirit, James is a trusted partner, contributing to the Bitizen global growth in Web3.

Will Wang - Master’s degree from Tsinghua University, Ph.D. in Cryptography from Worcester Polytechnic University. Former Chief Data Office Cryptography Manager at USA AT&T; Security Architect at Apple Inc.; Senior Engineer at Qualcomm Corporation.

TOTAL BUDGET AND FUNDING TIER 2-3

Negotiable according to the depth of the integration with Conflux Ecosystem and its Partners.

CURRENT FUNCTIONALITY

Bitizen can completely solve the problems of unsecure private keys and seed phrases used in Conflux users’ wallets by providing an MPC-based solution as well as creating a unique DID related to each real user.

Easy user onboarding in less than one minute, including download, creating a safe wallet and backup, with no extra steps like creating a password or writing down a seed phrase.

Other steps can also be improved:
3FA Backup and Recovery solution including Biometry (face scan) and Social Recovery, becoming a complete AA solution for all users’ needs

TECHNICAL PROPOSAL

A complete and secure MPC wallet solution for fast and easy user on-boarding (within 30-40 seconds) with 20+ blockchains, DID, Web3 Domains, and NFT support, Web3 browser, DApp Store, Rankings, Widgets, News Hub, and ability to add dozens of modular features such as DEX + DeFi aggregators, fiat gateways, U2E, and so on.

SYSTEM MODEL

The working product can be viewed by downloading Bitizen Wallet app (iOS and Android):
https://bitizen.org

DEVELOPMENT ROADMAP

2023 Q1-Q2 Integration with Conflux Ecosystem, introducing RewardBox, U2E
2023 Q2-Q3 Launchpad, DEX & DeFi Aggregators
2023 Q4 Full DID Solution, GameFi Store, Fiat onramp

MAINTENANCE CONSIDERATIONS

Different modules will be added one by one, main functions will be not affected. Other projects from Conflux ecosystem are welcome and will be supported accordingly

Send us an email to [email protected] or contact directly in Telegram @nikitawins @winson_bit

Hi interesting project and consider supporting it! May I know can AA achieve MPC? For example can the smart contract in the user account implements MPC? If so just AA wallet is enough as it can contain MPC right? Thanks a lot!

Thanks for your application @BitizenWallet! Just some initial questions on my end:

1. When did Bitizen launch?
2. What traction have you guys seen so far? Any metrics you can share on your user base, like number of downloads etc.?
3. Can you link some Dapps that have integrated your wallet solution we could play around with?

Hello @BitizenWallet, thanks for applying for a grant. Just a couple of questions:

• In which phase of the roadmap would you be able to support Social Recovery feature on Conflux?
• Can you provide more details on the budget you require and on how it will be spent?
• What blockchains are you supporting at the moment?

Hi, Thank you for your application. Few questions below:

1. Is the creation of DID already integrated in the wallet?
2. Have your smart contracts been audited? Can you share us any report?
3. What is Reward Box functionality?
4. What would be the deliverables for the first release? Can you please list them in detail.
5. What are the improvements you propose for the 3FA setup?
6. Is the recovery solution currently included?

In which phase of the roadmap would you be able to support Social Recovery feature on Conflux?
In Bitizen we already integrated Face scan of a family member to help support wallet backup and recovery. We can apply this method in Conflux within a very short period of time.

Can you provide more details on the budget you require and on how it will be spent?
Around 30k on product and extra developers, 20k on marketing and promotion activities.

What blockchains are you supporting at the moment?
BTC, ETH, BNB, MATIC, FTM, HECO, AVAX, OP, Arbitrum, GNO, OKC, KCC, Aurora, Bitgert, Tomochain (TOMO), KardiaChain (KAI)

When did Bitizen launch?

We launched Bitizen in October 2022

What traction have you guys seen so far? Any metrics you can share on your user base, like number of downloads etc.?

We have around 30,000 users right now.

Can you link some Dapps that have integrated your wallet solution we could play around with?

Kyber Network DEX, TwitterScan, LuaSwap, Izumi, Ascendant, TownStory and others.
By the way, Bitizen wallet is compatible with any Dapps.

In which phase of the roadmap would you be able to support Social Recovery feature on Conflux?

In Bitizen we already integrated Face scan of a family member to help support wallet backup and recovery. We can apply this method in Conflux within a very short period of time.

Can you provide more details on the budget you require and on how it will be spent?

Around 30k on product and extra developers, 20k on marketing and promotion activities.

What blockchains are you supporting at the moment?

BTC, ETH, BNB, MATIC, FTM, HECO, AVAX, OP, Arbitrum, GNO, OKC, KCC, Aurora, Bitgert, Tomochain (TOMO), KardiaChain (KAI)
@0xn1c0

Is the creation of DID already integrated in the wallet?

Right now we support DID by a third-party providers such as TwitterScan, Key3.id, which let our users to get Web3 domains (.nft, .meta, .id etc. also those from including NFT collections) for their Bitizen wallets. We also support unique zero-knowledge encrypted account IDs, which will be eligible to claim and receive various benefits for performing certain actions through the wallet (voting, subscribing, referring, trying new Dapps etc.), meaning rewards for their Web3 activity.

Have your smart contracts been audited? Can you share us any report?

We have been audited by SlowMist. You can find their official reports here:

iOS:

Android: https://github.com/slowmist/Knowledge-Base/blob/master/open-report-V2/blockchain-application/SlowMist%20Audit%20Report%20-%20Bitizen%20Wallet(Android)_en-us.pdf

Besides, we have a Bug Bounty Program by BugRap:
https://bugrap.io/projects/Bitizen

What is Reward Box functionality?
Reward Box will help making product-building and promo campaigns more efficient through automation and restricting bounty hunters. If a project from Conflux ecosystem or other third-party want to run such a campaign, Reward box will collect addresses and distribute rewards after completing certain tasks, for example, activity in community events or referral program, voting in a poll, making a test transaction, submitting a questionnaire, etc. Each account at Bitizen is unique, meaning one person can create only one account, by submitting backup with his/her face scan, and we can a restrict multiple deposit addresses coming from one account, meaning that one person can receive a reward only once.

What would be the deliverables for the first release? Can you please list them in detail.

We can provide a Demo with a working Reward Box solution with various parameters: participating in Discord, Twitter, Telegram campaigns and referral system.
If the demo is found meeting the expectations, we can add extra features such as daily rewards, promo task board, etc.
If the demo needs logic/system architecture/design upgrades, we can adjust it.
Working solution can be deployed after confirmation from Conflux.

What are the improvements you propose for the 3FA setup?
We support 3FA with an email, personal cloud storage (Google Drive, iCloud, Dropbox, Baidu Cloud), and face scan. All user data is encrypted, so even our team can’t decrypt it and check user’s personal data, making it zero-knowledge privacy safe. We also support family member’s face as an extra Social Recovery level.

Is the recovery solution currently included?
Right now, we have fully operating recovery solution in Bitizen Wallet, you can try it by downloading and setting your Bitizen Wallet account, available on iOS and Android. Back it up, delete the App and try recover it. Link: https://bitizen.org
For Reward Box, it can come within Bitizen Wallet (already included), or opt out, or be made as a separate solution, by Conflux request as you put it in technical requirement. We will be happy to discuss it.

AA and MPC do not contradict each other, they are actually may work perfectly together. Bitizen Wallet is on the forefront on adopting AA, being the first true MPC wallet that supports many features of account abstraction, e.g. Social Recovery (by a family member’s face), unique accounts etc. I will post a link to our article where we describe this mechanism and future prospects a bit later. Speaking of other AA wallets, it depends on their product architecture if they can implement MPC feature.

Thank you for answering my questions. Few more below:

1. I am not able to access the audit report pdf. Can you please give our team access to this one?
2. I am not sure I understand how you are integrating the DID feature by using third-party providers. Can you elaborate a bit more. Or if you have any documentation or demo on that, that would be better.
3. Where is the data related to the face scan stored?
4. In relation to the above question, do you have any data that is being stored off-chain?
5. Who do you think your competitors are? How do you fair better when compared to them?

Thank you.

Regards,
Keerthi.

I am not able to access the audit report pdf. Can you please give our team access to this one?

Scroll down to find Bitizen wallet in SlowMist Github Main repository (just in case links below can’t be opened):

I am not sure I understand how you are integrating the DID feature by using third-party providers. Can you elaborate a bit more. Or if you have any documentation or demo on that, that would be better.

We have integrated two services: ENS domains https://ens.domains, NNS from https://metascan.pro, and currently integrating with Key3.id https://key3.id ,

Please kindly check this PPT on how to create NFT DID with Bitizen wallet via our partner MetaScan NNS. I registered nikita.meta NFT DID for myself as an example. Link below:

We also have bitizen.eth for ourselves as a quick sample for reference:

Where is the data related to the face scan stored?

The data about users’ faces is stored on the Bitizen server, however, it’s just an encrypted hashed mathematical formula describing the user’s main facial features geometry. Since this data is encrypted, it is protecting users’ privacy, and there is no point in stealing this data.

In relation to the above question, do you have any data that is being stored off-chain?

Yes, we have some data stored on Bitizen servers; however, it is all encrypted to the form that even our team can’t access it.

Who do you think your competitors are? How do you fair better when compared to them?

Zengo Wallet is our main competitor. Compared to ZenGo, Bitizen Wallet achieved full censorship-resistance, because we implement 2-of-3 TSS model, so the transaction signature can be computed by two user’s devices (mobile phone + mobile, or mobile + desktop via Bluetooth) without interacting with Bitizen server at all; meanwhile ZenGo users can only compute the signature with ZenGo’s wallet (2-of-2 TSS), meaning that ZenGo can decline any transaction from the user, or the user can’t sign a transaction if ZenGo’s wallet is down.

Yes I mean can AA contain MPC? Because AA makes user accounts self-defined by smart contracts, users can have the smart contracts of MPC and TSS to have MPC and TSS in their accounts.

Also I didn’t see anywhere you implemented AA in your wallet so far, could you please help indicate where you used AA?

Thanks a lot and look forward to your link!

Thank you for answering the questions. We will review your application further and let you know.

Regards,
Keerthi.