๐Ÿ“‹Onboarding & Wallets

Starknet Integration and Wallet Compatibility

Starknet, a Layer 2 solution, incorporates separate public/private keys from your Ethereum keys. To interact with Paradex on Starknet, here's a simplified overview:

  1. Key Generation: visit the Paradex UI running in your browser. When you sign the Onboarding transactions, it will deterministically generate your private Starknet keys based on a signature from your Ethereum L1 signature. Any Ethereum wallet that supports deterministic signing is supported. Importantly, this process ensures that you can regenerate your Starknet keys using the same Ethereum key/pair and seed phrase. Rest assured, your Starknet keys are never transmitted to Paradex servers or any external location; they remain securely stored in your browser.

  2. Transaction Signing: Your private Starknet key is employed to sign any transactions you authorize on Layer 2. The UI running on your machine automatically performs these signatures when required.

  3. Wallet Integration: Starknet's technology is being increasingly adopted by various wallets, including Argent, Braavos etc. with more integrations on the horizon. Wallet integration facilitates storing your private Starknet key directly within the wallet itself, offering enhanced security compared to browser storage.

Important Limitations 1. Smart Contract Wallets: At this time, smart contract wallets like Argent are not compatible with Paradex. 2. Transfering Funds: It is not currently possible to transfer fund from the Public Starknet to a Private Paradex Starknet. There is only support for deposit/withdrawal functions from L1s to ensure security. 3. Subaccounts: Sharing a single Paradex account with many L1s acting as subaccount is not supported at this time.

Paradex internal Starknet wallet

Why did we decide to build a Starknet wallet internal to our app?

At the time, there were two wallet solutions available for interacting with Starknet: Argent X and Braavos. However, we wanted to provide our clients with the simplest possible onboarding experience.

Our solution was to allow our customers to operate on Starknet while only having to care about their Ethereum wallet, which they are already familiar with. We did not want users to have to manage a separate Starknet wallet, but instead be able to use a wallet they are comfortable with, such as MetaMask. This reduces complexity, as they would have to manage an Ethereum wallet anyway in order to interact with Starknet.

How the internal wallet works

How the Starknet private key is generated

Remember that in order to make changes to the blockchain, the transaction doing so must be signed by a private key and that private key must belong to the user and to the user only.

So how do we generate the same private key to the same user over and over?

I'll answer that with a question: What's the one thing that a MetaMask user can do that we can verify that only they and no one else have done?

The answer: A signature!

Why a signature?

  1. It's based off of the user's private key on Ethereum, which in turn is based off of the recovery phrase provided to them by MetaMask, which we know can be used to recreate the wallet on a different device, therefore allowing the same private key to sign on different devices.

  2. Only the user is capable of generating that signature given that they are (presumably) the only holder of that private key.

But it's not just any signature.

We need the user to be able to generate the exact same signature over and over otherwise, again, they will lose their funds. The way we do that is by always asking the user to sign the same thing every time.

There we have it: some bytes that only the user themself can generate repeatedly in any device that they choose to use.

How the Starknet private key is generated based off of an Ethereum signature?

This is where some slightly advanced cryptography comes in.

The signature itself can't be the user's private key on Starknet because the private key must be compatible with a Stark-friendly elliptic curve.

Converting arbitrary inputs into a private key is done with a KDF or Key Derivation Function. The KDF takes the input and does a series of transformations to it in order to convert it to a key in a deterministic way.

Of course we relied on the StarkWare team as the cryptography specialists to provide us with the KDF that would do what we needed in a secure way.

Finally, this gave us the key (no pun intended) to allow our users to interact with Starknet by only having a MetaMask wallet.

How the Starknet private key is stored

You must be asking yourself how secure is this private key, right?

It's as secure as the user's computer. The private key never leaves RAM and is sandboxed to the browser tab running the app. This means that only the user's machine can sign transactions on Paradex and only while that machine is running. It's not stored anywhere else and is never sent in a request. The moment the app closed the private key goes away.

How is โ€œremember meโ€ possible?

If โ€œRemember Meโ€ is checked when connecting the wallet, the Ethereum Signature used to derive the Starknet private key is stored in the browserโ€™s Local Storage. As with the private key, this signature never leaves the user's browser, but allows the user to automatically authenticate on loading the app without requiring interactions with their wallet. Users can opt-out of the Remember Me feature during Sign-In (Connect Wallet), so that the Ethereum Signature is not stored in the user's browser Local Storage.

Clock Synchronization

You should update the date and time on your device to be set automatically, to avoid issues when signing requests (e.g. during Onboarding/Authentication). See MacOS documentation or Windows documentation

References

PreviousFAQNextBridges & Audits

Last updated