Architecture Design of Avato Labs' Non-Custodial Wallet Based on the RGB Protocol

Charlie-DCharlie-D
11 min read

Executive Summary

Avato Labs is developing a non-custodial wallet based on the RGB protocol, aimed at delivering high-privacy, high-security, and high-performance smart contract solutions within the Bitcoin and Lightning Network ecosystems. This document delineates the technical architecture of Avato Labs' RGB wallet, centered on client-side validation, achieved through a Rust backend integrated with a WebAssembly (WASM) frontend. This design empowers users with full control over their assets while ensuring superior performance and privacy safeguards.

Key features of Avato Labs' solution include:

  • Client-Side Validation and Data Sovereignty: All RGB state data is stored on user devices, upholding user autonomy over assets.

  • Rust + WASM Technology Stack: A full-stack Rust backend complemented by WASM-compiled frontend components for optimal performance and cross-platform compatibility.

  • Decentralized Communication: Peer-to-peer data transmission with fallback relay mechanisms to enhance censorship resistance.

  • Enhanced Privacy Protections: Integration of zero-knowledge proofs (ZKPs) to safeguard transaction confidentiality.

  • Lightning Network Integration: Seamless compatibility with Lightning Network for off-chain instant payments.

  • Multi-Layered Security Architecture: Comprehensive safeguards spanning key management to data transmission.

Our approach aligns with the RGB protocol's decentralized ethos while meeting modern web application demands for usability, paving the way for advanced smart contract applications in the Bitcoin ecosystem. 22

Background and Vision

The RGB (Really Good Bitcoin) protocol represents a scalable, privacy-focused smart contract system layered atop Bitcoin and the Lightning Network. Unlike conventional blockchain smart contracts, RGB employs a "client-side validation" paradigm, wherein contract data—such as asset states—is stored and verified by users rather than on a global ledger. 20 This architecture offers unprecedented privacy and flexibility, enabling Turing-complete off-chain smart contracts without altering Bitcoin's base layer. 21

Avato Labs views RGB as a pivotal advancement in the Bitcoin ecosystem, extending its functionality without compromising security or decentralization. Our vision is to create a professional RGB non-custodial wallet that marries RGB's innovative strengths with exceptional user experience, delivering a truly decentralized and privacy-centric smart contract platform.

This document elucidates the technical architecture of Avato Labs' RGB non-custodial wallet, focusing on eight critical dimensions:

  • Stash data storage: Rationale for client-side storage and implications of server-side alternatives on protocol integrity.

  • Frontend-backend interactions: Designing mechanisms that preserve RGB's decentralization while enhancing data management efficiency.

  • Process risk analysis: Examination of security vulnerabilities, data breach risks, and attack surfaces, particularly with server-side stash storage.

  • Zero-knowledge proofs (ZKPs) security: Application, security, and computational efficiency in the RGB ecosystem.

  • Architecture design: Modular Rust backend with WASM-compiled frontend plugins for feasibility.

  • Performance optimization: Strategies tailored to RGB and future Lightning Network integration, ensuring no degradation in network speed.

  • Implementation approach: Recommended frameworks, databases, and tools for realizability.

  • References: Synthesis of RGB official documentation, academic research, and industry best practices for substantiated discourse. 23

Stash Data Storage: Client-Side vs. Server-Side Comparison

Core Value of Client-Side Data Storage

In Avato Labs' RGB wallet design, all validation data for contract states (stash) resides on the user's client device. This embodies RGB's client-side validation ethos, ensuring that only the user—and transacting counterparties—possess complete contract data related to their assets. 24

Client-side storage yields three primary advantages:

  • Privacy Preservation: No third party can access full contract details.

  • Censorship Resistance: Absence of centralized servers prevents asset freezing or access denial.

  • Trust Minimization: Validation occurs locally, obviating reliance on centralized services.

Avato Labs leverages modern web technologies—such as HTML5's localStorage, IndexedDB, or browser extension file systems—for stash persistence. The system encrypts stash locally, mitigating risks from device compromise.

Data Persistence Solutions

Server-side stash storage undermines these principles by centralizing control, potentially exposing sensitive asset and contract histories to operators. 0 This introduces privacy vulnerabilities, as servers could log metadata or become single points of failure/attack. Even trusted servers erode user sovereignty over assets; loss of stash access equates to asset forfeiture, akin to private key loss. 3 Thus, server-side storage contravenes RGB's ethos, emphasizing user-controlled storage to minimize external risks. 1

Avato Labs employs multi-layered data protection strategies to uphold decentralization while ensuring usability:

  • End-to-End Encrypted Cloud Backups:

    • Automated encrypted backups with AES-256.

    • Keys derived via PBKDF2 from user master passwords; servers never access keys.

    • Support for Avato Labs' cloud or user-linked services.

  • Multi-Format Export Options:

    • Encrypted file exports for stash.

    • Simplified recovery phrases (12-24 words).

    • QR code exports for critical data.

    • Automated post-operation backup prompts.

  • Deterministic Cross-Device Recovery:

    • BIP-32/39/44-derived keys for stash reconstruction.

    • Automatic history rebuilding on new devices.

    • Blockchain-verified consistency.

All persistence mechanisms execute encryption locally, ensuring plaintext data never leaves user devices, balancing privacy with convenience.

Potential Synergy with Graph Databases

Avato Labs plans to integrate graph databases in future iterations to optimize RGB state transition storage and querying. RGB state histories often form directed acyclic graphs (DAGs), with transitions as nodes and edges.

  • Client-Side Integration: Embed lightweight graph databases or indices in browsers/apps for accelerated queries, e.g., tracing transfer lineages or aggregating states.

  • Server-Side Auxiliary Analysis: For enterprise users (e.g., auditing), sync read-only, de-privatized data (Merkle/hashed commitments) to backend graph databases like Neo4j or JanusGraph for visualization, under strict user authorization.

Privacy and security remain paramount: Adhere to RGB's "minimal disclosure" principle, concealing sensitive data via Pedersen commitments or Bulletproofs. 2

Frontend-Backend Interaction Mechanisms

Designing interactions between the browser-based frontend and backend services is crucial for maintaining decentralization while ensuring operational efficiency. In RGB wallets, the frontend handles sensitive data (e.g., keys, signatures, stash), while the backend manages non-sensitive tasks (e.g., blockchain queries, message relaying). 40

Minimizing Backend Trust

Avato Labs' frontend (UI and WASM modules) acts as the primary executor for sensitive operations, performing client-side RGB contract validation. When transferring/receiving assets, the frontend constructs data (e.g., consignments for senders or validations for recipients). The backend is auxiliary: broadcasting Bitcoin transactions, querying UTXOs, or relaying consignments for offline recipients. Transmitted data avoids exposing secrets, e.g., sending hex-encoded Bitcoin transactions or encrypted consignments. 41 This separation preserves RGB's non-custodial ethos, with the backend as a facilitator, not an authority.

Decentralized Communication Schemes

RGB is agnostic to transport layers for state transmission. Two primary schemes exist:

  • Peer-to-peer (P2P) via protocols like Storm, utilizing Lightning channels for RGB Lightning Network (RLN).

  • Client-server models via HTTP/JSON-RPC for data exchange.

Avato Labs prioritizes P2P: Frontend attempts direct connections using WebRTC, Nostr, or Storm for consignment transfers, embodying RGB's peer-to-peer purity. 42 Browser constraints (NAT/firewalls) necessitate fallback server relays: Senders upload consignments; recipients download. RGB standards permit third-party relays but caution on privacy/censorship impacts. 43 To mitigate, employ end-to-end encryption, preventing servers from viewing content. Open-source CLI tools enable user-deployed relays, akin to Electrum servers.

Ensuring Data Management Convenience

Interactions are streamlined: Browser wallets invoke backend APIs for tasks like "fetch UTXO info," "broadcast transaction," or "store data for user Y." Servers process without RGB contract insight. Typical flows:

  • Frontend WASM constructs Bitcoin transactions with commitments and consignments.

  • API calls broadcast transactions and relay consignments.

APIs follow REST/JSON-RPC, e.g., POST /rgb/upload for consignments, GET /rgb/download?param=... for retrieval. Frontend initiates atomic operations, independently verifiable, upholding decentralization while enhancing usability. 44

Process Risk Analysis (Security and Privacy)

Any cryptocurrency wallet must rigorously assess risks. Avato Labs' RGB wallet implements dual safeguards for Bitcoin (UTXOs/keys) and RGB (off-chain states), addressing vulnerabilities, breaches, and attacks, especially server-side stash implications. 10

Security Defenses

Primary threats include malicious code injection (e.g., XSS). Frontend adheres to web best practices: Content Security Policy (CSP) blocks unauthorized scripts; all code (WASM) undergoes integrity checks/digital signing; distribution via extensions/PWAs minimizes remote dependencies.

Communication channels use HTTPS/WebSockets to thwart man-in-the-middle attacks. Consignments are cryptographically protected (tampering fails validation); replay/loss mitigated via timestamps/nonces, session tokens, and timeouts. 11

Server-side: Operators are prime targets. Server stash storage risks leaks/tampering, enabling impersonation. Avato Labs mandates client-side architecture; server backups are end-to-end encrypted. Multi-layered defenses: Access controls, audits, vulnerability scans, anomaly monitoring.

Privacy Safeguards

Privacy is RGB's cornerstone: Wallets ensure data belongs solely to owners, undisclosed externally. 12 Future holders see only selectively disclosed info. Architecture avoids leaks: Relays use end-to-end encryption; no metadata association of identities/transactions.

Enhancements: Tor integration masks IPs; Storm for onion-routed encryption; blind signature tokens for anonymous relays; multi-server/channel options prevent single-point tracking. Metadata minimization with periodic purges thwarts long-term analysis. 13

Data Integrity Assurance

Client validation risks data availability: Stash loss equates to asset forfeiture. Avato Labs implements intelligent backup reminders, one-click encrypted exports. Checksums/versioning enable rollbacks; "stash audit" tools verify against Bitcoin data for consistency.

These measures fortify against extremes, ensuring asset integrity. 14

Zero-Knowledge Proofs (ZKPs) Security

ZKPs in RGB enable verifiable computations without revealing inputs, bolstering privacy in asset transfers. 15 Applications include proving amounts non-negative (range proofs) or state validity sans history disclosure.

Security: Based on discrete logarithm hardness, ZKPs resist forgery; recursive variants (e.g., zk-SNARKs) enhance efficiency. 16 RGB integrates Bulletproofs for compact, non-interactive proofs.

Efficiency: Proof generation is computationally intensive; optimizations like batching, pre-computation, and AluVM parallelism reduce overhead. 17 In RGB, ZKPs minimize disclosure, aligning with client-side paradigms while scaling for high-throughput scenarios. 18 Avato Labs employs audited libraries (e.g., bulletproofs-rs) for secure, performant integration. 19

Architecture Design: Rust Backend with WASM Frontend

Avato Labs employs Rust for the backend, with WASM for frontend core logic, leveraging Rust's safety, performance, and memory efficiency for cryptographic/concurrent tasks.

Rust Modular Backend

The backend comprises microservices per LNP/BP standards:

  • Bitcoin Interface: Interacts with nodes for UTXO queries/transaction broadcasts.

  • Lightning Module: Manages channels, atomic swaps; supports RGB asset transfers.

  • RGB Data Handler: Stores/forwards consignments/invoices akin to Bifrost/Storm.

Modules run as daemons/multi-threaded processes or unified binaries using Tokio for asynchrony. 5 Libraries: rust-bitcoin, rust-lightning (LDK), rgb-std. 6 Inspired by MyCitadel, it unifies RGB, Lightning, Bitcoin indexing, and wallet services.

WASM Frontend Core

Core logic compiles from shared Rust crates to WASM, handling:

  • Key management (mnemonic derivation).

  • Bitcoin signing.

  • Consignment construction/validation.

  • Encrypted stash management.

WASM yields near-native speeds for intensive crypto ops. UI uses React; WASM interfaces via APIs like create_wallet(mnemonic), get_balance(asset_id). 7

Frontend-Backend Communication

Dual HTTPS/WebSocket channels for requests/instructions. Flows: WASM builds transactions/consignments; APIs broadcast/relay. All atomic, client-verifiable.

Lightning Network Integration

Deep Bifrost integration: Backend coordinates RGB state updates via Lightning HTLCs/channel commitments. Asynchronous event-driven: WebSockets push updates; parallel Lightning/RGB ops minimize latency. 25

Deployment Models

  • Self-Hosted: Local backend for tech users.

  • Cloud-Hosted: Avato-managed for accessibility; configurable custom nodes via Tor.

This modular, secure, performant architecture upholds RGB's decentralization with code reuse and efficient validation. 30

Performance Optimization

Performance is paramount, especially for RGB-Lightning integration, ensuring no bottlenecks.

Client-Side Validation Efficiency

RGB clients store/verify only relevant data, adding minimal overhead per transfer. Cache intermediates; validate increments only. 26

Asynchronous and Parallel Processing

Rust's Tokio handles concurrent requests; WASM with Web Workers parallelizes client computations.

Lightning Network Considerations

Bifrost enables off-chain RGB updates via HTLCs, paralleling Lightning/RGB for near-instant transfers. 27 Backend in-memory queues minimize delays.

Reducing API Latency

Indexed databases (e.g., Electrs) for fast queries; caching monitored UTXOs; push notifications via fraud proofs.

Throughput and Scalability

Off-chain validation scales with users; stateless APIs enable load balancing. 28

WASM and UI Optimization

Memory management prevents leaks; efficient UI updates.

This ensures RGB enhances Lightning without latency. 29

Implementation Approach: Frameworks, Databases, and Tools

We select proven tools for reliability.

Rust Backend Frameworks

Axum for high-performance async web; JSON-RPC with serde_json for RGB RPCs. 31

RGB Libraries

rgb-std/core for contract handling; secp256k1, curve25519-dalek, bulletproofs for crypto.

Lightning Integration

LDK for modular channel management.

Databases and Storage

PostgreSQL for accounts; RocksDB-backed Electrs for Bitcoin; Redis for transient consignments. Client: IndexedDB for stash.

WASM Toolchain

wasm-bindgen/pack for Rust-to-WASM; feature flags for environments. 32

Frontend UI

React with Material-UI; QR libraries for invoices.

Development and Testing

Rust tests; regtest for integration; Puppeteer automation; cargo fuzz for robustness.

CI/CD

GitHub Actions for builds/tests; Docker for deployment. 33

This toolchain ensures secure, performant realization. 34

Avato Labs RGB Non-Custodial Wallet Development Roadmap

Completed Work (2025 Winter, Q1)

✓ Core Rust codebase and WASM framework established.

✓ Basic backend functionality implemented.

✓ Initial prototype validation and architecture finalized.

2025 Summer (Q2 End - Q3 Start): Feature Enhancement and Innovative Development

User Interface and Core Functions

Design intuitive dashboards for novice and expert users.

Implement comprehensive wallet management, asset transfers, and receipts.

Develop secure local stash encryption and backup solutions.

Innovative Integrations

Construct distributed stash architecture for user-centric security and recovery.

Develop lightweight graph database modules for optimized RGB state queries.

Implement RGB contract issuance tools for asset creation and management.

Security and Testing

Conduct testnet integrations and security audits.

Optimize performance for high-load stability.

Iterate UI based on user experience testing.

2025 Late Summer (Q3 Mid - End): Mainnet Launch and User Expansion

Official Release

Deploy mainnet version for public access.

Establish user support systems and educational resources.

Initiate community-building initiatives.

Technical Iterations

Refine based on feedback for enhanced usability.

Expand APIs for third-party integrations.

Fortify security against real-world scenarios.

2025 Autumn (Q4): Ecosystem Expansion Planning

Lightning Network Integration Planning

Design RGB-Lightning fusion schemes.

Develop payment channel prototypes.

Formulate comprehensive Lightning functionality roadmap.

Ecosystem Growth

Forge strategic partnerships.

Explore broader Bitcoin Layer 2 applications.

Assess enterprise needs for next-phase planning. 35

Core Innovative Technologies

  • Distributed Stash Management: Serverless, secure storage/recovery ensuring user sovereignty.

  • Graph Database Optimization: Specialized structures for efficient state transition querying/visualization, reducing validation overhead.

  • Zero-Knowledge Proof Integration: Bolsters transaction privacy with minimal disclosure proofs. 15

Conclusion

Avato Labs' RGB non-custodial wallet marks a significant advancement in Bitcoin smart contracts, fusing RGB's decentralization and client-side validation with contemporary web technologies to yield a secure, efficient, privacy-focused platform. 22 Through client data control, robust privacy mechanisms, high-performance architecture, and Lightning integration, it serves as vital infrastructure for the RGB ecosystem, enabling secure, seamless participation in this transformative technology.

We are confident that RGB will redefine Bitcoin's scalability and functionality, with Avato Labs' wallet playing a pivotal role in this evolution, delivering a decentralized smart contract experience.

1
Subscribe to my newsletter

Read articles from Charlie-D directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Charlie-D
Charlie-D