Skip to main content

ULedgerNET Wallet System

Overview​

ULedgerNET implements a hierarchical wallet system that supports parent-child relationships, permission-based access control, and cascading wallet management. This architecture enables enterprise-grade identity management while maintaining cryptographic security.

Wallet Architecture​

Hierarchical Structure​

πŸ” click to expand

Wallet Types​

TypeDescriptionParent Field
Parent WalletRoot-level wallet with no parentEmpty
Child WalletCreated by a parent walletParent's address
Satellite WalletTerm for any descendant walletTracked by parent

Wallet Structure​

Core Properties​

πŸ” click to expand

Property Details​

PropertyTypeDescription
publicKeystringThe wallet's public key (hex-encoded)
addressstringSHA256 hash of the lowercase public key
parentstringAddress of parent wallet (empty for root wallets)
enabledbooleanWhether the wallet can transact
satelliteWalletsstring[]List of child wallet addresses
authGroupsmapPermission groups for access control
keyTypeenumCryptographic algorithm (secp256k1, ED25519, BLS12-377, ML-DSA-87)

Permission System​

Authorization Groups​

ULedgerNET uses a flexible permission system based on authorization groups:

πŸ” click to expand

Permission Structure​

Each authorization group contains CRUD permissions:

PermissionDescription
CreateCreate new entries of this type
ReadRead existing entries
UpdateModify existing entries
DeleteRemove entries

Built-in Groups​

GroupPurpose
adminFull administrative access (all CRUD on all resources)
walletWallet management permissions (create, update child wallets)

Admin Check Logic​

A wallet is considered an admin if it has the admin group with all four permissions enabled:

πŸ” click to expand

Wallet Operations​

Creating Wallets​

πŸ” click to expand

Transaction Payload: Create Wallet​

FieldTypeRequiredDescription
publicKeystringYesPublic key for the new wallet
keyTypeenumYesCryptographic key type
authGroupsmapNoInitial permissions for the wallet

Parent Wallet Requirements​

For creating a child wallet, the parent must:

  1. Exist in the blockchain
  2. Be enabled (not disabled)
  3. Have permission - either:
    • Be an admin (admin group with full CRUD)
    • Have wallet group with create permission

Wallet Alteration​

Alter Wallet Operation​

πŸ” click to expand

Transaction Payload: Alter Wallet​

FieldTypeRequiredDescription
targetstringYesAddress of wallet to modify
enabledbooleanYesNew enabled status
authGroupsmapNoUpdated permissions

Authorization Rules​

ScenarioRequired Authorization
Parent altering childParent must have wallet.update or be admin
Wallet altering itselfMust have wallet.update or be admin
No parent existsOnly the wallet itself can alter

Cascading Disable​

Automatic Child Disabling​

When a parent wallet is disabled, all descendant wallets are automatically disabled:

πŸ” click to expand

Cascade Algorithm​

πŸ” click to expand

This ensures that:

  • No orphaned child wallets remain active
  • Enterprise account suspension cascades properly
  • Security revocation is comprehensive

Transaction Validation​

Pre-Validation Checks​

Before processing, transactions are validated against pending transactions:

πŸ” click to expand

Validation Requirements​

CheckDescription
Wallet ExistsTarget wallet must exist (for alter)
Wallet EnabledWallet must be enabled to transact
Key Type MatchTransaction key type must match wallet
Signature ValidCryptographic signature verification
Parent AuthorizationParent must authorize child operations

Wallet Identity​

Address Derivation​

Wallet addresses are derived deterministically from public keys:

πŸ” click to expand

This ensures:

  • Consistent address generation across nodes
  • No possibility of address collision
  • Address can verify public key ownership

Supported Key Types​

Key TypeAlgorithmQuantum Safe
secp256k1ECDSA❌
ED25519EdDSA❌
BLS12-377BLS Signatures❌
ML-DSA-87Dilithiumβœ…

API Reference​

Get Wallet​

GET /blockchains/{blockchain_id}/wallets/{address}

Response:

{
"publicKey": "04a1b2c3...",
"address": "abc123...",
"parent": "",
"enabled": true,
"satelliteWallets": ["def456...", "ghi789..."],
"authGroups": {
"admin": {"create": true, "read": true, "update": true, "delete": true}
},
"keyType": 0
}

Create Wallet Transaction​

POST /blockchains/{blockchain_id}/transactions

Request Body:

{
"from": "parent_address",
"to": "new_wallet_address",
"payloadType": "CREATE_WALLET",
"payload": "{\"publicKey\":\"04abc...\",\"keyType\":0,\"authGroups\":{}}",
"senderSignature": "signature_hex"
}

Alter Wallet Transaction​

POST /blockchains/{blockchain_id}/transactions

Request Body:

{
"from": "parent_or_self_address",
"payloadType": "ALTER_WALLET",
"payload": "{\"target\":\"wallet_address\",\"enabled\":false}",
"senderSignature": "signature_hex"
}

Enterprise Use Cases​

Organizational Hierarchy​

πŸ” click to expand

Access Revocation​

When an employee leaves:

  1. Disable the employee's wallet
  2. All their child wallets are automatically disabled
  3. No further transactions can be initiated
  4. Existing confirmed transactions remain on-chain

Department Management​

  • Department heads can create wallets for their teams
  • Team leads can create wallets for team members
  • Each level has appropriate permissions

Security Considerations​

Key Management​

PracticeRecommendation
Root WalletsUse HSM or secure key storage
Key RotationCreate new child wallet, disable old
BackupSecure backup of private keys
Access LogsMonitor wallet operations

Permission Best Practices​

PracticeRecommendation
Least PrivilegeGrant minimum required permissions
Admin SparinglyLimit admin group assignment
Hierarchy DepthKeep hierarchy manageable
Regular AuditsReview wallet permissions periodically

Disabled Wallet Behavior​

  • Disabled wallets cannot submit transactions
  • Disabled wallets cannot sign for child operations
  • Existing transactions remain valid
  • Re-enabling requires parent authorization

End of Technical Documentation Series