project screenshot 1
project screenshot 2
project screenshot 3
project screenshot 4
project screenshot 5
project screenshot 6

ZKWhisper

Fully ZKfied wallet with sovereign social recovery protocol.

Live DemoSource Code

ZKWhisper

Created At

Superhack

Project Description

Current wallet recovery mechanisms always come with a big trade-off. Either you rely 100% on yourself (push the responsibility to the user), or you sacrifice sovereignty by trusting your private key to some centralized entity.

With this project I present Zero Knowledge based Sovereign Social Recovery wallet, a non-custodial recovery mechanism that tries to bring the best of both worlds.

How it's Made

Sign Up

  1. wallet creation: user can create a new wallet/onboard an existing one with ZKWhisper contract.
  2. Signup returns a zk-identity proof for user. Wallet’s private keys are always kept off chain and never revealed. All the circom circuits are run on client side, never revealing any secrets of the calculation.
  3. User downloads this identity-proof.

Login(skip)

  • I need to submit my identity proof to log in
  • Only logged in users can start a recovery setup

ZK-social Recovery Setup

  • Since most wallet apps allow wallet importing with either private key or mnemonic phase- user can opt out to use any of these in recovery setup.
  • User selects number of guardians(N) and quorum(K) as the minimum number of threshold shares required to recover the wallet.
  • The key here is the disconnection between guardians. whole idea is build on the assumptions that guardians are not aware of each other and only the user can reach out to K guardians to be able to create the secret key
  • We also add a proof of inclusion in each share: that is the merkle root and merkle tree path; which will come handy in validating them later.
  • We distribute these shares to guardians offline and can delete the secret without any worries. Nothin else is required.

Recovery

  • user collects K number proofs from his guardians
  • Now these shares could be tempered with or simply invalid- invalid/malicious
  • So first we do validation of each share. For this we check if all of them contain the same values of merkle root(inclusion proof) and each of them the tree path can construct the same merkle tree. If not we can exit early and tell the users to collect from some other guaridans
  • Then the user tries to computes (in-browser) the recovery string in a verifiable way using the circuits. And send the resulting witnesses to the smart contract for verification.
  • If all goes through, the user is able to recover their sercret.
background image mobile

Join the mailing list

Get the latest news and updates