Webnative-Filecoin Suggested Task-Breakdown for Phase 2

Task breakdown for epic transfer FIL natively in browser:

1. demonstrate holding a Filecoin account non-custodially in the browser (starting from new user with empty Keychain)
   1. generate BLS key in webnative-filecoin in browser using noble-bls12-381
      1. generate random 32 bytes for private BLS key, generate random 32 bytes for secretSeed to send to Cosigner on requests
      2. store both 32 byte secrets in Keychain dir on WNFS; either under publicKeyUser.json or filecoinTestnetDefault.json (assuming no path separation)
   2. request cosigner over API REST endpoint to generate BLS public key, and receive response from cosigner with its public key (opt. and signature of publicKeyUser signed with publicKeyCosigner to protect against Rogue Key attack - can be stretch goal)
      1. this request to cosigner should have a UCAN for “keychain” resource; this can mimicked by the existing “WNFS” resource by assuming an implication on attenuation:

             "att": [
               {
                 "wnfs": "alice.fission.name/private/Keychain",
                 "cap": "APPEND"
               }
             ]
             =>
             "att": [
               {
                 "keychain": "alice.fission.name/private/Keychain",
                 "cap": "ADMIN"
               }
             ]
         

         this way, it suffices to use the existing UCAN code, and wrap it in a check for the Keychain directory.
         More details on a proposal for UCAN flow on Talk forum.
         This UCAN proves the ownership of DID of Alice; later improvements can narrow attenuation to specific PublicKeyUser.
      2. recommendation to reduce code: to bypass creating persistant storage in cosigner, it suffices for privateKeyCosigner to be calculated as

             privateKeyCosigner = Blake2b-256(
               RSASign(didUser + pubKeyUser + secretSeedUser,
               rsaPrivDidKeyCosigner))
         

         for production code, memCache can speed up short-lived subsequent requests, but only rsaPrivDidKeyCosigner needs to be backed up.
      3. in browser (linearly) aggregate the two public BLS keys (using noble-bls12-381) and store cosigner details (did, public key) and aggregated public key in keystore file on WNFS on Keychain dir. (suggestion)
2. demonstrate sending FIL from user account to another account (on testnet)
   1. from webnative.transfer(..) create a Filecoin message with parameters, and sign with BLS privateKeyUser.
   2. request cosigner to cosign this message, passing also secretSeed in request to allow cosigner to calculate its private key.
   3. This request should be accompagnied with a new UCAN issued to did:key:zCosigner associated with this Filecoin account, but attentuated to

          "att": [
            {
              "keychain": "alice.fission.name/private/Keychain",
              "cap": "COSIGN"
            }
          ]
      

      but this requires a translation between “WNFS” resources to “Keychain” resources. I put a proposal for that UCAN delegation flow here -same link- on Talk forum.
      To keep things simple for Phase2, propose simply attentuating

          "att": [
            {
              "wnfs": "alice.fission.name/private/Keychain",
              "cap": "APPEND"
            }
          ]
      

      to aud: did:key:zCosigner but for a short duration, and if the AES key isn’t shared with Cosigner, then effectively it has neither read or write ability.

I moved this to the public project, and the Github Project should outline the higher level tasks Filecoin Webnative Integration · GitHub