Instant SIM card based wallets for x402 protocol
smile is an early-stage C++ project in the AI payments / x402 ecosystem, focused on x402. It currently has 5 GitHub stars and 0 forks, and sits alongside related tools like nofx, ClawRouter, bitterbot-desktop.
Turn your SIM card into a x402 crypto wallet. No applets. No passwords. No KYC.
SMILE is a breakthrough protocol that derives x402 wallets directly from SIM cards, using open standards, 2G-5G telecom APIs, and the trusted cryptography already built into mobile networks.
Every SIM card already belongs to the world’s largest identity network. SMILE turns it into the world’s most universal x402 wallet.
With SMILE, your SIM card instantly becomes a secure, self-sovereign x402 identity — seamlessly integrated with the x402 protocol to enable trustless transactions, instant onboarding, and hardware-grade wallet security.
Your phone number is now your x402 wallet.
SmileSeedDerivation Class
Bip32Wallet Class
git clone https://github.com/skalenetwork/smile --recursive
./external/vcpkg/bootstrap-vcpkg.sh
./external/vcpkg/vcpkg install
cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_TOOLCHAIN_FILE=external/vcpkg/scripts/buildsystems/vcpkg.cmake -DVCPKG_FEATURE_FLAGS=manifests -DVCPKG_TARGET_TRIPLET=x64-linux
cmake --build build -j
build/smile
SmileSeedDerivation ClassUsage: #include SmileSeedDerivation.h
SmileSeedDerivation provides a unified cryptographic abstraction for deriving 32-byte deterministic master seeds (e.g., for BIP-32 hierarchical key systems) directly from cellular authentication primitives across multiple generations — 2G (GSM), 3G (UMTS-AKA), 4G (EPS-AKA), and 5G (5G-AKA).
Each generation uses the same conceptual structure:
| Generation | Underlying Standard | Key Algorithm | Output |
|---|---|---|---|
| 2G | GSM / TS 51.011 | COMP128-1 (A3/A8) → SHA-256 | 32-byte seed |
| 3G | TS 33.102 / TS 35.206 | Milenage → SHA-256 | 32-byte seed |
| 4G | TS 33.401 | EPS-AKA KDF → SHA-256 | 32-byte seed |
| 5G | TS 33.501 | 5G-AKA KDF → HKDF-SHA-256 | 32-byte seed |
| Function | Input | Core Algorithm | Output |
|---|---|---|---|
deriveBIP32MasterSeed2G |
RAND, Ki | COMP128-1 → HKDF-SHA-256(SRES ‖ Kc) | 32-byte seed |
deriveBIP32MasterSeed3G |
RAND, AUTN, K, OPc, AMF | Milenage → HKDF-SHA-256(RES ‖ CK ‖ IK) | 32-byte seed |
deriveBIP32MasterSeed4G |
RAND, AUTN, K, OPc, AMF, SNN | EPS-AKA KDF → HKDF-SHA-256(RES ‖ K_ASME) | 32-byte seed |
deriveBIP32MasterSeed5G |
RAND, AUTN, K, OPc, AMF, SNN | 5G-AKA KDF → HKDF-SHA-256(K_SEAF) | 32-byte seed |
deriveBIP32MasterSeed2Gstatic array32 deriveBIP32MasterSeed2G(const array16 &rand, const array16 &ki);
Derives a 32-byte BIP-32 master seed from GSM (2G) authentication results.
| Name | Size | Description |
|---|---|---|
rand |
16 bytes | Network random challenge (RAND) |
ki |
16 bytes | Subscriber secret key stored on the SIM card (Ki) |
deriveBIP32MasterSeed3Gstatic array32 deriveBIP32MasterSeed3G(
const array16 &rand,
const array16 &autn,
const array16 &k,
const array16 &opc,
const array2 &amf);
Implements 3G/UMTS-AKA (Authentication and Key Agreement), and derives a 32-byte BIP-32 master seed from the authentication results (RES, CK, IK).
| Name | Size | Description |
|---|---|---|
rand |
16 B | Network challenge RAND |
autn |
16 B | AUTN = (SQN ⊕ AK) ‖ AMF ‖ MAC-A |
k |
16 B | Subscriber long-term key K |
opc |
16 B | Operator variant constant OPc = OP ⊕ AES_K(OP). Fixed per operator. |
amf |
2 B | Authentication Management Field (typically 0x8000). Fixed per operator. |
deriveBIP32MasterSeed4Gstatic array32 deriveBIP32MasterSeed4G(
const array16 &rand,
const array16 &autn,
const array16 &k,
const array16 &opc,
const array2 &amf,
const std::string &snn);
Derives a 32-byte BIP-32 master seed from LTE/EPS-AKA authentication results (RES, K_ASME).
| Name | Description |
|---|---|
rand |
16-byte network challenge RAND |
autn |
16-byte authentication token AUTN |
k |
Subscriber key K |
opc |
Operator constant OPc. Fixed per operator. |
amf |
2-byte Authentication Management Field. Fixed per operator. |
snn |
Serving Network Name (e.g., "mnc410.mcc310.3gppnetwork.org"). Fixed per operator. |
deriveBIP32MasterSeed5Gstatic array32 deriveBIP32MasterSeed5G(
const array16 &rand,
const array16 &autn,
const array16 &k,
const array16 &opc,
const array2 &amf,
const std::string &snn);
Computes a 32-byte BIP-32 master seed from 5G-AKA authentication results (RES*, K_SEAF).
| Name | Description |
|---|---|
rand |
16-byte RAND |
autn |
16-byte AUTN |
k |
16-byte subscriber key |
opc |
16-byte operator variant constant. Fixed per operator |
amf |
2-byte AMF. Fixed per operator. |
snn |
Serving Network Name (as per 3GPP TS 33.501). Fixed per operator |
| Standard | Document | Description |
|---|---|---|
| GSM / 2G | 3GPP TS 51.011 | SIM–ME interface, A3/A8 |
| 3G | 3GPP TS 33.102 / 35.205-207 | UMTS AKA / Milenage |
| 4G | 3GPP TS 33.401 | EPS AKA KDF for K_ASME |
| 5G | 3GPP TS 33.501 | 5G-AKA KDF for K_SEAF, RES* |
| KDF | RFC 5869 | HMAC-based Key Derivation Function |
Bip32Wallet ClassHeader: #include "Bip32Wallet.h"
Bip32Wallet provides a lightweight, standards-compliant implementation of the BIP32 hierarchical deterministic (HD) wallet key derivation process.
It exposes stateless cryptographic helpers for deriving:
| Function | Input | Output | Description |
|---|---|---|---|
deriveWalletPrivateKey |
seed (32 B), index (uint32) | child private key (32 B) | Derives a child private key from a BIP32 seed |
computePublicKeyFromPrivate |
private key (32 B) | compressed pubkey (33 B) | Computes compressed secp256k1 public key |
deriveWalletPrivateKeystatic array32 deriveWalletPrivateKey(const array32& seed, uint32_t index = 0);
Derives a child private key from a given 32-byte BIP32 seed, following the standard BIP32 key derivation procedure.
| Name | Type | Description |
|---|---|---|
seed |
array32 |
32-byte BIP32 master seed |
index |
uint32_t |
Child index; bit 31 (0x80000000) selects hardened derivation. Default = 0 |
array32). Throws exception on failure.computePublicKeyFromPrivatestatic std::array<uint8_t, 33> computePublicKeyFromPrivate(const array32 &privkey);
Computes a compressed public key (33 bytes) from a given private key.
| Name | Type | Description |
|---|---|---|
privkey |
array32 |
32-byte secp256k1 private key |
| Specification | Section | Description |
|---|---|---|
| BIP32 | §4–§5 | Hierarchical Deterministic Wallets |
| SECP256K1 | §2.7 | Elliptic Curve Parameters |
| RFC 2104 | — | HMAC Construction |
| OpenSSL EVP / EC API | — | Cryptographic primitives |
Standards:
This specification defines a set of deterministic algorithms for deriving a BIP32 master seed using SIM/USIM/ISIM-based authentication primitives from mobile communication systems (2G–5G).
The approach leverages cryptographically secure values generated during cellular authentication — such as SRES, Kc, CK, IK, K_ASME, and K_SEAF — as entropy sources for the BIP32 root seed.
The final seed derivation uses the standardized HKDF function (RFC 5869) over the authentication-derived keying material.
| Symbol | Meaning |
|---|---|
RAND |
Random challenge generated by the network |
AUTN |
Authentication token |
K |
Subscriber permanent key (stored securely in SIM/USIM/ISIM) |
OPc |
Operator variant key constant (Milenage parameter) |
AMF |
Authentication Management Field |
SNN |
Serving Network Name |
SRES |
Signed response (2G AKA output) |
Kc |
Cipher key (2G AKA output) |
CK |
Cipher key (3G/4G/5G AKA output) |
IK |
Integrity key (3G/4G/5G AKA output) |
AK |
Anonymity key (3G/4G/5G AKA output) |
K_ASME |
Access Security Management Entity key (4G) |
K_SEAF |
Security Anchor Function key (5G) |
HMAC_SHA256(key, data) |
HMAC using SHA-256 |
HKDF_Extract(salt, IKM) |
RFC 5869 extract stage |
HKDF_Expand(PRK, info, L) |
RFC 5869 expand stage |
‖ |
Byte concatenation |
RFC 5869 defines the HMAC-based Key Derivation Function (HKDF), a simple and secure method for deriving strong cryptographic keys from initial keying material using HMAC. It standardizes a two-step process—extract and expand—to ensure key separation, uniformity, and resistance to entropy loss or bias in the input material.
Let:
IKM be the input keying material (entropy source)salt be an optional context string (domain separation)info be an optional identifier for derived key usageL be the desired output length (32 bytes)Then:
PRK = HMAC_SHA256(salt, IKM)
OKM = HMAC_SHA256(PRK, info || 0x01)
Seed = OKM[0..31]
2G authentication (GSM AKA) yields:
(SRES, Kc) = A3/A8(K, RAND)
SRES: 32-bit signed responseKc: 64-bit session keyIKM_2G = SRES || Kc
(12 bytes total)
Seed_2G = HKDF_SHA256(IKM_2G, Salt, Info)
3G AKA (Milenage) yields:
(RES, CK, IK, AK) = f1..5(K, RAND, OPc, AMF)
CK: 128-bit cipher keyIK: 128-bit integrity keyIKM_3G = CK || IK
(256 bits)
ctx = RAND || AUTN || "SMILE|3G|salt|v1"
Salt_3G = SHA256(ctx)
Seed_3G = HKDF_SHA256(IKM_3G, Salt_3G, "SMILE|3G|seed|v1")
LTE AKA yields the derived Access Security Management Entity key K_ASME from CK and IK using:
K_ASME = HMAC_SHA256(CK||IK, FC||SNN||L0||(SQN⊕AK)||L1)
(Per 3GPP TS 33.401 §A.2.1, with FC = 0x10.)
IKM_4G = K_ASME
(256 bits)
ctx = SNN || "|" || "SMILE|4G|salt|v1"
Salt_4G = SHA256(ctx)
Seed_4G = HKDF_SHA256(IKM_4G, Salt_4G, "SMILE|4G|seed|v1")
5G AKA (TS 33.501) derives the following hierarchy:
K_AUSF = HMAC_SHA256(CK||IK, FC||SNN||L0||(SQN⊕AK)||L1), FC = 0x6A
K_SEAF = HMAC_SHA256(K_AUSF, FC||SNN||L0), FC = 0x6B
IKM_5G = K_SEAF
ctx = SNN || "|" || "SMILE|5G|salt|v1"
Salt_5G = SHA256(ctx)
Seed_5G = HKDF_SHA256(IKM_5G, Salt_5G, "SMILE|5G|seed|v1")
Entropy:
Forward Secrecy:
Domain Separation:
Compatibility:
(m, c) = HMAC_SHA512("Bitcoin seed", Seed)
Step 1: AKA → CK, IK, AK, RES
Step 2: K_AUSF = HMAC_SHA256(CK||IK, 0x6A||SNN||L0||(SQN⊕AK)||L1)
Step 3: K_SEAF = HMAC_SHA256(K_AUSF, 0x6B||SNN||L0)
Step 4: Salt = SHA256(SNN||"|"||"SMILE|5G|salt|v1")
Step 5: Seed = HKDF_SHA256(K_SEAF, Salt, "SMILE|5G|seed|v1")
Output: Seed_5G ∈ {0,1}^256
| Generation | Entropy Source | Algorithmic Base | Cryptographic Strength |
|---|---|---|---|
| 2G | (SRES‖Kc) | COMP128 / A3/A8 | Weak / Legacy |
| 3G | (CK‖IK) via Milenage | AES-128 | Strong |
| 4G | K_ASME (HMAC-SHA256) | AES-128 + SHA256 | Strong |
| 5G | K_SEAF (HMAC-SHA256 chain) | AES-128 + SHA256 | Very Strong |
Your AI trading terminal assistant for US stocks, commodities, forex, and crypto.
The agent-native LLM router for OpenClaw. 41+ models, <1ms routing, USDC payments on Base & Solana via x402.
A local-first AI agent with persistent memory, emotional intelligence, and a peer-to-peer skills economy.