Warning
This document is deprecated. We have decided to first implement backup, and tackle sync later. The multi-device sync described in this document would lead to a bad/unexpected user experience that does not justify the conceptual / implementation complexity.
This document discusses considerations for backup and synchronization of wallets.
The blob stored on the backup/sync server is a compressed and encrypted JSON file.
The various entity types managed by the wallet are modeled LWW-Sets (Last Write Wins Set CRDT). Timestamps for inserts/deletes are are Lamport timestamps. Concurrent, conflicting insert/delete operations are resolved in favor of “delete”.
The managed entities are:
(Some of these might be further split up to allow more efficient updates.)
Entities that are not synchronized are:
Entities that could be synchronized (to be decided):
There are two types of garbage collection involved:
CRDT tombstones / other administrative data in the sync blob. These can be deleted after we’re sure all wallets enrolled in the sync server have a Lamport timestamp larger than the timestamp of the tombstone. Wallets include their own Lamport timestamp in the sync blob:
{
clocks: {
my_desktop_wallet: 5,
my_phone_wallet: 3
},
...
}
All tombstones / overwritten set elements with a timestamp smaller than the smallest clock value can be deleted.
Normal wallet GC. The deletion operations resulting from the wallet garbage collection (i.g. deleting legally expired denomination keys, coins, exchange signing keys, …) are propagated to the respective CRDT set in the sync blob.
Sometimes a wallet can learn about an operation that happened in another synced wallet before a sync over the sync server happens. An example of this is a deposit operation. When two synced wallets spend the same coin on something, one of them will receive an error from the exchange that proves the coin has been spent on something else. The wallet will add a “ghost entry” for such an event, in order to be able to show a consistent history (i.e. all numbers adding up) to the user.
When the two wallets sync later, the ghost entry is replaced by the actual purchase entity from the wallet that initiated the spending.
Ghost entities are not added to the sync state.
When a wallet is connected to multiple sync servers, it automatically propagates changes it received from one sync server to the others. Local changes made by the wallet are propagated to all sync servers. The goal of this is to make the state of the sync servers converge.
The different sync servers one wallet is enrolled with do not necessarily have the same set of other wallet enrolled. Each sync server has a separate Lamport clock and contains a separate CRDT.
This screen can be reached by pressing the Backup services setting in the Backup Settings Screen. It lists the currently active service and other services that can be used. The user has the option to add new services to the list.
A backup service has
Clicking an active service shows the above service information as well as:
Clicking an inactive service allows the user to use the backup service (after accepting ToS and making the payment).
This screen always appears when a backup provider is selected and the user did not yet accept the current version of its terms of service.
It shows the terms of service text and an accept checkbox, as well as the usual back button.
This is the same screen that the user sees when doing other purchases. The only difference is that after successful payment, the user will be shown the service secret instead of the transaction list.
After setting up a backup service,
the user needs to securely store the secret needed to restore from backup.
The secret will be shown as a Taler URI in plain text.
This has the form: taler://sync/$SYNC-DOMAIN/$SYNC-PATH#$PRIVATE-KEY
Additionally, the URI will be encoded as a QRcode.
Depending on the platform, there should be an option to print or export (PDF) the secret.
If no backup service was selected when the user makes the first withdrawal, an onboarding screen will be shown that takes the user to the backup configuration screen.
Don’t loose your money, use a backup service!
Your wallet comes with a list of backup services that can store an encrypted copy of your wallet. Use one to keep your money safe!
[Set backup up now]