ZKVoiceKey is a protocol that allows users to recover their private keys using only their voice; by using Fuzzy Commit and ZKP, authentication is possible through a fuzzy match of voice without storing voice information directly on the blockchain.
This project combines technologies such as zero-knowledge proof, machine learning, and smart contracts to enable users to recover their private keys. Traditionally, private key recovery methods have been limited by social recovery and device dependence. However, ZKVoiceKey allows users to register their own voice (biometric information) on the blockchain in advance, making it possible to recover the private key with just their voice in case it is lost.
Among the many types of biometric information, voice was selected for this project because it can be used to link a person's voice to a message (in this case, the transfer of an address).
At the time of registration
The user registers his/her voice (biometric information) in advance via a browser. Fuzzy Commitment is not biometric information itself, but rather a commitment, which increases security. Fuzzy Commitment is a secure way to manage biometric information as a commitment, not as a biometric itself.
Restoration.
The user extracts features through a machine-learning model of speaker authentication as at the time of enrollment. Next, the user compares his/her biometric information with that stored on the blockchain. Fuzzy Commitment is able to recover the biometric bit sequence at the time of enrollment using error correction codes. This allows only the individual to authenticate, and creates a halo2-based zero-knowledge proof at the time of authentication. The created proof is sent to the on-chain contract for verification.
This allows the wallet to be tied from the old address to the new address.
[Front-End].
Built using React. The screen accepts voice input for voice registration and authentication, and the data is sent to the backend, where it can be checked for the sign obtained during authentication.
[Back-End]
The backend is built mainly in Python, using a web framework called Flask.
We also used a machine learning model for speaker authentication called RawNet. This model takes raw speech data as input and outputs a feature vector of speech. This model is suitable for this biometric authentication scheme using Fuzzy Commitment. In addition, the ability to use raw voice data as input makes the model more suitable (compared to models that require preprocessing) for creating zero-knowledge proofs of inputs and outputs, which was not accomplished during the hackathon, but is the future work that we are considering.
Fuzzy Commitment is a technique that stores biometric information as a commitment and restores it when another biometric information sent during authentication is below a certain threshold using error correcting codes. This provides an increased level of security.
The part of the system that creates the zero-knowledge proof and sends it to the smart contract is built by Rust. halo2, a zero-knowledge proof protocol, is used.
[Smart-Contract]
Solidity
There are two types of smart contracts deployed on Arbitrum: Voice Recoder Contract and Wallet Contract. The Voice Recoder Contract enrolls and stores the user's submitted biometric information.
One Wallet Contract is assigned to each user who has registered his/her voice.