Graft mobile wallet and point of sale apps do not maintain a full copy of the blockchain for obvious reasons. Does it mean the wallet content is stored on supernodes which may compromise its security and privacy?

There are multiple elements of the Graft user wallet:
  • Private spend key – secret – required to spend money; stored in the wallet app
  • Private view key – “semi-secret” – required to see the balance and previous transactions
  • Payment address – public – required to receive money
In Graft, the Private spend key is always stored at the client (wallet) and never shared with the supernodes. Therefore, it is not the same as credit card when you share you card account number with the merchant, payment processor, and the bank every time you make a payment. If one of them is breached, your credit card can be stolen and used to make fraudulent payments. If any or even all supernodes are “breached”, they don’t have your private spend key so no one will be able to “use” your Graft account.
The Graft wallet balance is a “hidden” set of previous transactions. It is calculated by scanning all the previous transactions which are stored on the public blockchain but invisible without view key. Since mobile wallet app does not have direct access to the blockchain, the private view key is temporary shared with a single “proxy” (relay) supernode in order to retrieve the wallet balance; the supernode will not store this view key in any database so even if it’s “breached” the view key will not be disclosed in most cases. However, even if the view key is disclosed, it only allows to see transactions, not to spend any money.
Users (either buyers or merchants) with higher requirements for privacy can host their own private “proxy” supernode with full copy of blockchain. This way they will never share their view keys with the random “foreign” supernodes. Most probably, due to limited processing power and other resource limitations, such a private proxy supernode will not be able to participate in transaction processing and earn any block rewards or transaction fees, but it will still be able to validate transactions and view balances privately by scanning the local copy of the blockchain. For users who cannot or don’t want to host their own supernode but still don’t trust the entire network, Graft creates a special (free) cloud service with trusted proxy supernodes that are protected by multiple levels of security.

In order to process real-time authorization (instant confirmation) Graft network puts a “lock” on buyer’s account. How does it not violate one of the main goals of any cryptocurrency system – untraceability?

First of all, untraceability is not a feature of any cryptocurrency. As of today, CryptoNote is perhaps the only protocol that enables full privacy and untraceability. The beauty of Cryptonote is that it hides the details of transaction while still preventing double-spending. This is achieved through the use of key image which is unique “fingerprint” that represents the spending address and amount without disclosing any details about the buyer or the amount. By providing the key image for upcoming transaction to the network of supernodes, the buyer’s wallet will temporarily “lock” its “account”, so no other transaction with the same key image can happen until the locked transaction is settled or the lock is removed. If the buyer will try to finalize the transaction with the key image different from the one used in the original lock, such transaction will be rejected by the supernodes. On the other hand, the key image does not contain any information about the buyer, buyer’s wallet, or recipient (merchant). In addition, any traces of communication between the buyer (wallet app), the merchant (point of sale app), and the supernodes (selected proxy and sample supernodes) during authorization phases are completely removed once transaction is settled (written into the blockchain). Even transaction fees paid by merchant to authorizing supernodes are hidden from public view, which is another major privacy improvement comparing to all previous CryptoNote implementations that do not hide transaction fees.