ShadowVault

ShadowVault is a zero-knowledge password vault that eliminates reliance on centralized managers. Instead of trusting a provider’s servers, ShadowVault ensures every encrypted backup is independently cryptographically verifiable. Secrets are encrypted client-side, bundled with zero-knowledge proofs (ZKPs), stored on Walrus, and their Merkle root is anchored on Zircuit.

The workflow is: Encrypt → Prove → Anchor → Verify.

1. Encrypt. Each credential is encrypted locally with AES-256-GCM. Keys are derived from the user’s wallet signature using HKDF and wrapped under a Master Key (MK). Plaintext never leaves the device.

2. Prove. A Noir ZKP is generated for each bundle proving:

   • the ciphertext corresponds to the committed plaintext under the derived DEK,
   • and the password meets strength.

3. Anchor. Encrypted bundles and proof objects are uploaded to Walrus, which returns immutable CIDs. The vault’s Merkle root (built over item commitments bound to those CIDs) is anchored on Zircuit by a lightweight VaultRegistry contract. Contracts and supporting cryptographic flows were authored and scaffolded using Nora Agent, reducing development time and improving correctness.

4. Verify. Anyone can fetch the Walrus bundle, recompute the Merkle root, validate the ZKP locally, and compare to the root anchored on Zircuit.

Why it matters. The LastPass 2022 breach highlighted how centralized vaults fail: metadata and encrypted vaults were leaked, and users had no cryptographic proof of integrity or freshness. ShadowVault closes that gap with decentralized storage, on-chain anchoring, and ZKPs. By leveraging Nora for contract authoring and encryption scaffolding, ShadowVault reached hackathon-ready deployment faster, freeing the team to focus on user-facing flows and cryptographic rigor. It shows password managers can evolve from “trust our servers” to “verify with math.”

1. Frontend & UX.

• Built in Next.js (React/TypeScript) with Tailwind.
• Screens: vault list, add/edit credential, anchor, verify, encrypted export/import.
• Wallet identity handled via Privy.
• MVP is a web app, designed to package as a browser extension post-hackathon.

1. Client Cryptography.

• Key derivation: DEK derived from wallet signature (HKDF), wrapped under MK for recovery.
• Encryption: AES-256-GCM with random IVs.
• Commitments: itemIdHash = keccak256(salt || domain || usernameHint). itemCommitment = keccak256(itemIdHash || walrusCid || encryptionKeyHash). Vault versions aggregate commitments into a Merkle root.
• ZK proofs: Noir circuits prove (a) encryption correctness and (b) password strength. Proofs are stored with ciphertext in Walrus.

1. Storage (Walrus).

• Ciphertext + ZKP bundles uploaded to Walrus → immutable CIDs returned.
• Commitments bind CIDs, so stale or tampered bundles fail verification.

1. On-Chain Contracts (Zircuit, Nora-authored).

• Lightweight VaultRegistry contract anchors vault roots and emits events.
• Minimal storage — only latestVersion[owner] is retained.
• All contracts were written and deployed with Nora Agent, which:

• Translated natural-language specs into Solidity contracts,
• Auto-generated unit tests and fixtures,
• Streamlined deployment to Zircuit testnet.

• Nora was also used to scaffold frontend encryption utilities, accelerating integration between client and contract logic.

1. End-to-End Flow.

2. Add credential → derive DEK → encrypt.

3. Generate Noir ZKP → bundle with ciphertext.

4. Upload bundle to Walrus → get CID.

5. Compute commitments and Merkle root → anchor on Zircuit.

6. Verification: fetch bundle from Walrus → recompute root + validate ZKP → compare to on-chain anchor.

7. Testing & Security.

• Unit tests generated with Nora validated event emissions and contract behavior.
• Integration tests seeded 10 items, bundled them, anchored, fetched from Walrus, recomputed roots, and validated proofs.
• Negative tests: stale bundle replay, malformed ciphertext, revoked items.
• HKDF for key derivation, AES-GCM for encryption, salted commitments.

1. Hackathon Pivots & Hacks.

• Abandoned The Graph (no Zircuit support) → refactored to Walrus + events-only model.
• CID-bound commitments to block stale-bundle replay.
• Nora-assisted rapid build: We used Nora not only for contract generation but also to generate encryption boilerplate, cutting implementation time and ensuring consistency across frontend/backend.
• Demo optimization: Mock credentials seeded for smooth demo loop (Encrypt → Prove → Anchor → Verify in ~2 minutes).

1. Future Work.

• Multi-device recovery via Lit PKP.
• Shared/team vaults with re-encryption.
• Noir circuits for breach-set membership proofs.
• Hardware-backed secure elements and mobile builds.