Roadmap Open Source Guide Security Outline Technical Brief (New)
@frostcardKaspa

Roadmap

Security is not a feature we add at the end. Every milestone is a security milestone.

Phase 1 — Foundation
Feb – Mar 2026
JavaCard applet design — key generation, Schnorr signing, BIP-32 derivation on NXP J3R200
Constant-time cryptography — branchless modular multiplication to prevent power analysis side-channels
Secure channel protocol — ECDH key exchange + AES-256-CBC + HMAC-SHA256 for encrypted NFC
Access code system — SHA-256 hashed before NFC, constant-time comparison, escalating delays
Backup card system — 2-pack and 3-pack support, permanent backup lock after setup
Root attestation chain — manufacturer signature, challenge-response, applet hash verification
Flutter app architecture — transaction builder, UTXO selection, sighash computation, NFC interface
Phase 2 — Covenant Engine
Mar – Apr 2026
KIP-10 introspection opcodes — OP_TXOUTPUTSPK, OP_TXOUTPUTAMOUNT, OP_CHECKSEQUENCEVERIFY
Whitelist covenant — on-chain enforcement of approved destination addresses
Inheritance covenant — dead man's switch with relative timelock, no backend required
Kaspa Freeze covenant — permanent time-locked funds with inactivity fallback
Covenant simulator — stack-based VM that tests every script path before deployment
Mandatory script review — users see exact bytecode going on-chain before the card signs
Phase 3 — Hardware Validation
Apr – May 2026
Dev card testing — flash applet onto blank NXP J3R200 cards, validate all 22 APDU commands
NFC performance testing — batch signing (84 inputs), secure channel throughput, tap latency
Card flashing tool — production-ready flashing with root key signing and GlobalPlatform lock
Multi-card reset protocol — verify all-cards-required reset works across 2-pack and 3-pack
Attestation verification — end-to-end test of root signature, challenge-response, applet hash
Phase 4 — Security Audit
May – Jun 2026
Applet security review — independent audit of JavaCard applet code
Side-channel analysis — power analysis and electromagnetic emanation testing on card hardware
Covenant script audit — formal review of all KIP-10 script paths for edge cases
Secure channel audit — verify ECDH + AES-256-CBC implementation against known attacks
Open source release — full applet source, app source, and build instructions published on GitHub
Community bug bounty — invite security researchers to audit and test
Phase 5 — Manufacturing
Jun 2026
Production card order — NXP J3R200 cards, brushed metal PET finish, embedded NFC antenna
Production flashing — install applet, sign attestation key, permanently lock GlobalPlatform
Quality assurance — NFC range testing, signature verification, attestation chain validation on every card
Packaging — 2-packs and 3-packs, tamper-evident seals

Launch

Cards ship. App goes live. Code goes public.

June 30, 2026

FrostCard — The first fully open-source NFC cold wallet for Kaspa