Careful when using Cross-Platform cryptocurrency code!

Using the same wallet on your all your devices sounds brilliant, doesn’t it? Not having to wonder how a software wallet differs from what you’re used to or if it’s safe and does what you want is a good way to simplify your life. Also converting a stranger to Bitcoin or other cryptocoins is much more likely to happen by showing off a mobile wallet than from sitting the person in front of a PC for minutes. Not only are you likely to have your phone on you when ranting about Bitcoin, but there’s also the convenience of always-synced SPV wallets that hides the terrible weight of downloading the blockchain when booting your core wallet. So should you work out a way to use the same wallet on your mobile and your PC?

The first problem is that there’s actually very few cross-platform wallets; because there are few cross-platform technologies that work well for this kind of software; any sort of middleware to make the user interface work on all platforms without re-coding anything probably doesn’t work well at all if you code to PC first and then try to cram the UI on a tiny smart phone screen.

So let’s assume you choose a wallet that was coded first for your mobile phone; then running it on Windows should at least get you a workable experience since since the screen and mouse can replace the touchscreen.  That means your wallet was coded with the few cross-platform technologies that are workable right now, for example Java, JavaScript or some other virtual-machine based system.

There are platforms like Meteor to do this, which basically wraps up and packages a web app inside a bundle compiled for the target platform.  It might work, but how much of the security model is respected while using something as kludgy as node.js and lots of glue on your cell phone?  How much of the same standard code is being reused on both machines? I don’t really know, but I think the only reason we don’t hear about hacks on this stuff is because they’re not yet practical enough to be in widespread use.

There are no guarantees a specific JavaScript engine will respect all the math functions a wallet requires. Unless the engine or the wallet itself have been thoroughly tested and certified to run flawlessly on both engines you’re using then a single difference in a floating-point operation could “corrupt” your wallet.  So although you CAN pick a cross-platform wallet and there are a few notables that have spent a lot of time and effort making sure they work correctly, it’s simpler to use a technology that has standard maths in the first place, for instance using the same standard Virtual Machine on both platforms or VM Containers to ensure there really is no difference in what code you are running. For all practical purposes, right now this comes down to either using Java technology or a Docker or similar Container.

After you’ve spent ours searching for options, gave up and decided to use an Android wallet in a virtual machine like BlueStacks with a Java Core that can be run in a standard Java VM for more serious server applications, you will probably want to export/import the private wallet key to all those platforms to have instant access to the same wallet on all your machines.  And guess what, it works!  But only if you’re using a certified VM/language and the wallets use HD ecdsa keys (Core 0.10+).  Otherwise when you generate a new receiving address on one of the wallets,  you won’t have it available on any other platforms.  Meaning you will lose money if it’s sent to an address you can’t reproduce.  You should test beforehand to see if you the public/private subkey generators work in the same way on all your machines and how well you can import/export them before using them for any amount of money. You’ll be glad you tried it before putting too much money on the line.


July 28, 2017

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *