Cypher Wallet

Dual-Layer Privacy Wallet: Complete Project Description

The Problem We're Solving

Ethereum transactions are completely transparent - every wallet balance, transaction amount, sender, and receiver is publicly visible on the blockchain. This creates significant privacy concerns:

Financial Surveillance: Anyone can track your spending habits, income, and financial relationships

Security Risks: Large wallet balances are visible to potential attackers

Business Privacy: Companies can't hide transaction patterns from competitors

Personal Privacy: Users have no financial privacy equivalent to cash transactions

Existing privacy solutions force users to choose between convenience OR privacy – you either use normal Ethereum (convenient but public) or complex privacy tools (private but difficult).

Our Solution: Dual-Layer Architecture

We've built a revolutionary dual-layer privacy wallet that gives users the best of both worlds:

Layer 1: Public Alias Account

Functions like a normal Ethereum wallet

Compatible with all existing DApps and services

Transparent transactions for when privacy isn't needed

Easy to use for everyday crypto activities

Layer 2: Private Shielded Vault

Based on zero-knowledge (ZK) cryptography

Completely private transactions using commitments and nullifiers

Balances and transaction details are cryptographically hidden

Only mathematical proofs appear on-chain, not actual transaction data

Smart Routing System The wallet automatically chooses the optimal path for each transaction based on sender and receiver privacy preferences, creating four possible transaction flows.

Four Transaction Types Explained

Public → Public Transactions Use Case: Normal Ethereum transfers, DApp interactions, public payments How it Works: Standard Ethereum transactions through your alias account Visibility: Completely transparent on blockchain (like current Ethereum) Example: Paying for an NFT, swapping tokens on Uniswap

Public → Private Transactions (Deposits) Use Case: Moving funds into private storage for future anonymous use How it Works: Deposit ETH from alias account into shielded pool, creating a cryptographic commitment Visibility: Public can see deposit amount, but cannot track where funds go next Example: Moving salary into private savings before making anonymous purchases

Private → Private Transactions (Fully Shielded) Use Case: Completely anonymous transfers between privacy-conscious users How it Works: Zero-knowledge proofs verify transaction validity without revealing amounts, sender, or receiver Visibility: Only cryptographic commitments and nullifiers appear on-chain - no transaction details Example: Anonymous donations, private business payments, confidential transfers

Private → Public Transactions (Withdrawals) Use Case: Moving private funds back to public use while maintaining past transaction privacy How it Works: Generate ZK proof of ownership, burn private notes, receive public ETH Visibility: Public can see withdrawal but cannot trace transaction history Example: Converting private savings to public funds for DApp use

Technical Innovation: Zero-Knowledge Privacy

Cryptographic Components

Commitments: Mathematical representations of transaction outputs that hide amounts and recipients Formula: commitment = hash(amount + recipient_key + randomness) Stored in a Merkle tree on-chain for efficient verification

Nullifiers: Unique identifiers that prevent double-spending without revealing transaction details Formula: nullifier = hash(spend_key + secret) Tracked on-chain to prevent reuse while maintaining privacy

ZK Proofs: Mathematical proofs that verify transaction validity without revealing private information Proves: "I own unspent funds without revealing which ones" Proves: "This transaction is valid without revealing amounts or parties"

Key Management System

Spend Key: Used to generate nullifiers and authorize private transactions View Key: Allows scanning blockchain for incoming private payments without spending ability Stealth Addresses: Generate unique addresses for each private payment to prevent address linking

User Experience Innovation

One-Click Privacy Toggle Users can instantly switch between Public Mode and Private Mode within the same wallet interface.

Public Mode:

Shows standard Ethereum balance and transaction history

Compatible with all existing wallets and DApps

Fast, cheap transactions using normal gas fees

Private Mode:

Shows private balance as encrypted notes

Transaction history appears as cryptographic proofs

Enhanced privacy with slightly higher computational costs

Intelligent Routing The wallet automatically determines the best transaction path:

If both users prefer privacy → private transaction

If recipient doesn't support privacy → public transaction

If sender wants privacy but recipient is public → deposit then public transfer

Users can manually override automatic routing

Gasless Privacy (Advanced Feature) Using ERC-4337 account abstraction and relayer network:

Users can pay transaction fees directly from their private balance

No need to maintain ETH in public accounts for gas

Relayers batch multiple private transactions for efficiency

Privacy Metadata Registry

ENS Integration Users can register privacy preferences in a decentralized registry:

alice.eth → Accepts private payments, prefers privacy

bob.eth → Public only, no privacy features

company.eth → Private for payments over 1 ETH

Encrypted Metadata Storage Privacy preferences are stored encrypted on-chain:

Only the wallet can decrypt user preferences

Prevents public analysis of who uses privacy features

Allows gradual privacy adoption without revealing user identities

Security & Compliance Features

Viewing Keys (Regulatory Compliance)

Users can optionally generate "viewing keys" for auditing

Allows regulatory compliance without compromising day-to-day privacy

Users maintain full control over when and how to share viewing access

Recovery Mechanisms

Private keys can be recovered using standard seed phrase methods

Private transaction history can be reconstructed from blockchain data using view keys

No central authority holds user keys or transaction data

Audit Trail

All transactions remain cryptographically verifiable

Users can prove payment history when needed (for taxes, audits)

Privacy is selective, not absolute – users control disclosure

Real-World Use Cases

Individual Users

Privacy-Conscious Individuals: Hide spending patterns from surveillance

High-Net-Worth Individuals: Prevent targeted attacks based on visible wealth

Activists/Journalists: Protect financial privacy in authoritarian regions

Business Owners: Keep business transaction patterns confidential

Enterprise Applications

Salary Payments: Companies can pay employees privately

Supply Chain: Hide sensitive business relationships and payment amounts

Treasury Management: Manage corporate funds without revealing strategies

Competitive Intelligence: Prevent competitors from analyzing spending patterns

DeFi Integration

Private Liquidity: Add liquidity to AMMs without revealing amounts

Anonymous Lending: Borrowing and lending with identity protection

Privacy-Preserving DAOs: Vote and participate without revealing wallet connections

MEV Protection: Prevent MEV bots from front-running based on transaction analysis

Technical Architecture

On-Chain Components

ShieldedPool Contract: Core ZK verification, Merkle tree storage, nullifier tracking

AliasAccount Contract: Public transaction management, deposit/withdrawal interface

Registry Contract: Encrypted privacy preferences and metadata

Relayer Network: Optional gasless transaction processing

Off-Chain Components

Wallet Client: Key management, proof generation, transaction construction

Indexer Service: Scans blockchain for encrypted transactions relevant to user

Prover Service: Generates zero-knowledge proofs (local WASM or secure remote)

Cryptographic Primitives

PLONK/STARK Proofs: For transaction validity verification

Poseidon Hashing: Gas-efficient hash function for commitments and nullifiers

ECIES Encryption: For transaction metadata and stealth address communication

Implementation Phases

Phase 1 (MVP - Hackathon)

Basic ShieldedPool contract with deposit/withdraw

Simple wallet interface with privacy toggle

Mock ZK proofs for demonstration

Four transaction type support

Phase 2 (Beta)

Full ZK proof system implementation

Wallet client with local proof generation

Basic indexing and transaction scanning

Testnet deployment and community testing

Phase 3 (Production)

ENS/Registry integration for privacy metadata

Relayer network for gasless transactions

Mobile wallet support

Mainnet deployment with security audits

Phase 4 (Ecosystem)

DApp integration SDK

Privacy-preserving DeFi protocol integrations

Enterprise compliance tools

Cross-chain privacy bridges

Why This Matters

This project represents a fundamental shift in how we think about blockchain privacy:

For Users: Finally gives people a choice between convenience and privacy without sacrificing either For Ethereum: Adds a crucial missing piece – financial privacy – while maintaining full compatibility For Adoption: Removes a major barrier preventing mainstream users from using crypto due to privacy concerns For Innovation: Creates a platform for privacy-preserving DeFi and Web3 applications

Competitive Advantages

Unlike existing privacy solutions that require completely separate systems (Tornado Cash, Zcash, Monero), our dual-layer approach:

Maintains Ethereum Compatibility: Works with existing infrastructure

Gradual Adoption: Users can adopt privacy features incrementally

Network Effects: Privacy improves as more users adopt the system

Regulatory Friendly: Includes compliance features without compromising core privacy

Developer Friendly: Simple SDK for DApp integration

This isn't just another privacy coin – it's a privacy layer for the entire Ethereum ecosystem that users can adopt without changing their existing workflows or sacrificing the benefits of the broader Ethereum network.

ore Tech Stack We built this using Solidity smart contracts on Ethereum with a React/TypeScript frontend. The ZK proof system uses Circom circuits with Groth16 proving, and we deployed on Sepolia testnet with Alchemy RPC endpoints.

Smart Contract Architecture The heart is our ShieldedPool contract that manages a Merkle tree of commitments and tracks nullifiers to prevent double-spending. We use Poseidon hashing for ZK-friendly operations. The AliasAccount contract handles public transactions and deposits into the shielded pool. Our biggest hack here was optimizing the Merkle tree - instead of storing the full tree on-chain (super expensive), we store only leaf nodes and compute Merkle paths off-chain, then verify roots using cached historical states. This saves about 80% gas compared to naive implementations.

Zero-Knowledge Circuit Design We wrote Circom circuits that prove transaction validity without revealing private information. The withdraw circuit verifies you own unspent funds and computes nullifiers to prevent double-spending, all while hiding amounts and addresses. Originally proof generation took 15+ seconds on mobile, so we optimized with Web Workers, custom Rust-to-WASM compilation, and proof caching to get it down to 3-4 seconds.

Frontend Innovation Built with Next.js and Wagmi for Ethereum interactions. We use Zustand for state management and React Query for caching. The trickiest part was note discovery - helping users find their private transactions without revealing privacy. We scan blockchain events and try to decrypt transaction memos with the user's viewing key. If decryption works, it's their transaction; if not, we skip it. This preserves privacy while enabling wallet functionality.

Notable Hacks Our privacy-preserving indexer was necessary because The Graph doesn't natively support privacy features. We built a custom system that indexes only public commitments and nullifiers, never amounts or addresses. For mobile users who can't run WASM proof generation, we deployed Vercel Edge Functions as a fallback. We also implemented optimistic UI updates - transactions show as "pending" immediately while proofs generate in the background.

Partner Technology Integration Alchemy provides webhook notifications for real-time deposit detection and archive node access for historical Merkle root computation. We extended RainbowKit with custom privacy mode connectors. The Graph helps with general blockchain indexing, though we had to build privacy features on top.

Performance Optimizations Private balance computation requires scanning all notes, which is expensive, so we only compute it when users switch to private mode. We use lazy loading and cache results. For gas estimation on ZK transactions, we analyze historical similar transactions and add a 20% buffer for proof verification variance.

Security Measures We implemented commit-reveal schemes to prevent front-running of ZK transactions. Users first commit to a transaction, then reveal it after a delay. For the hackathon, we used development trusted setup parameters, but production would require a proper Powers of Tau ceremony.

Development Environment Used Hardhat for smart contract development with Foundry for gas optimization and fuzzing. Frontend deployed on Vercel with IPFS for metadata storage. We participated in testing on Sepolia and used OpenZeppelin contracts for security standards.

What Made This Challenging The hardest part was balancing privacy, performance, and user experience. Getting ZK proofs working smoothly in web browsers while maintaining security guarantees required significant optimization. The note discovery system needed to work without compromising privacy, and the dual-layer UX had to feel seamless despite complex cryptographic operations happening underneath.

Most Proud Technical Achievement The privacy toggle that seamlessly switches between public and private modes in the same interface, plus getting mobile ZK proof generation working smoothly. The gas-optimized Merkle tree implementation that other projects can easily integrate was also a major win.

This represents months of research condensed into a working hackathon demo, with careful attention to both cryptographic security and practical usability.