Cypher Wallet

Problem Statement

Dual-Layer Privacy Wallet: Complete Project DescriptionThe Problem We're SolvingEthereum transactions are completely transparent - every wallet balance, transaction amount, sender, and receiver is publicly visible on the blockchain. This creates significant privacy concerns:Financial Surveillance: Anyone can track your spending habits, income, and financial relationshipsSecurity Risks: Large wallet balances are visible to potential attackersBusiness Privacy: Companies can't hide transaction patterns from competitorsPersonal Privacy: Users have no financial privacy equivalent to cash transactionsExisting privacy solutions force users to choose between convenience OR privacy – you either use normal Ethereum (convenient but public) or complex privacy tools (private but difficult).Our Solution: Dual-Layer ArchitectureWe've built a revolutionary dual-layer privacy wallet that gives users the best of both worlds:Layer 1: Public Alias AccountFunctions like a normal Ethereum walletCompatible with all existing DApps and servicesTransparent transactions for when privacy isn't neededEasy to use for everyday crypto activitiesLayer 2: Private Shielded VaultBased on zero-knowledge (ZK) cryptographyCompletely private transactions using commitments and nullifiersBalances and transaction details are cryptographically hiddenOnly mathematical proofs appear on-chain, not actual transaction dataSmart Routing System The wallet automatically chooses the optimal path for each transaction based on sender and receiver privacy preferences, creating four possible transaction flows.Four Transaction Types ExplainedPublic → Public Transactions Use Case: Normal Ethereum transfers, DApp interactions, public payments How it Works: Standard Ethereum transactions through your alias account Visibility: Completely transparent on blockchain (like current Ethereum) Example: Paying for an NFT, swapping tokens on UniswapPublic → Private Transactions (Deposits) Use Case: Moving funds into private storage for future anonymous use How it Works: Deposit ETH from alias account into shielded pool, creating a cryptographic commitment Visibility: Public can see deposit amount, but cannot track where funds go next Example: Moving salary into private savings before making anonymous purchasesPrivate → Private Transactions (Fully Shielded) Use Case: Completely anonymous transfers between privacy-conscious users How it Works: Zero-knowledge proofs verify transaction validity without revealing amounts, sender, or receiver Visibility: Only cryptographic commitments and nullifiers appear on-chain - no transaction details Example: Anonymous donations, private business payments, confidential transfersPrivate → Public Transactions (Withdrawals) Use Case: Moving private funds back to public use while maintaining past transaction privacy How it Works: Generate ZK proof of ownership, burn private notes, receive public ETH Visibility: Public can see withdrawal but cannot trace transaction history Example: Converting private savings to public funds for DApp useTechnical Innovation: Zero-Knowledge PrivacyCryptographic ComponentsCommitments: Mathematical representations of transaction outputs that hide amounts and recipients Formula: commitment = hash(amount + recipient_key + randomness) Stored in a Merkle tree on-chain for efficient verificationNullifiers: Unique identifiers that prevent double-spending without revealing transaction details Formula: nullifier = hash(spend_key + secret) Tracked on-chain to prevent reuse while maintaining privacyZK Proofs: Mathematical proofs that verify transaction validity without revealing private information Proves: "I own unspent funds without revealing which ones" Proves: "This transaction is valid without revealing amounts or parties"Key Management SystemSpend Key: Used to generate nullifiers and authorize private transactions View Key: Allows scanning blockchain for incoming private payments without spending ability Stealth Addresses: Generate unique addresses for each private payment to prevent address linkingUser Experience InnovationOne-Click Privacy Toggle Users can instantly switch between Public Mode and Private Mode within the same wallet interface.Public Mode:Shows standard Ethereum balance and transaction historyCompatible with all existing wallets and DAppsFast, cheap transactions using normal gas feesPrivate Mode:Shows private balance as encrypted notesTransaction history appears as cryptographic proofsEnhanced privacy with slightly higher computational costsIntelligent Routing The wallet automatically determines the best transaction path:If both users prefer privacy → private transactionIf recipient doesn't support privacy → public transactionIf sender wants privacy but recipient is public → deposit then public transferUsers can manually override automatic routingGasless Privacy (Advanced Feature) Using ERC-4337 account abstraction and relayer network:Users can pay transaction fees directly from their private balanceNo need to maintain ETH in public accounts for gasRelayers batch multiple private transactions for efficiencyPrivacy Metadata RegistryENS Integration Users can register privacy preferences in a decentralized registry:alice.eth → Accepts private payments, prefers privacybob.eth → Public only, no privacy featurescompany.eth → Private for payments over 1 ETHEncrypted Metadata Storage Privacy preferences are stored encrypted on-chain:Only the wallet can decrypt user preferencesPrevents public analysis of who uses privacy featuresAllows gradual privacy adoption without revealing user identitiesSecurity & Compliance FeaturesViewing Keys (Regulatory Compliance)Users can optionally generate "viewing keys" for auditingAllows regulatory compliance without compromising day-to-day privacyUsers maintain full control over when and how to share viewing accessRecovery MechanismsPrivate keys can be recovered using standard seed phrase methodsPrivate transaction history can be reconstructed from blockchain data using view keysNo central authority holds user keys or transaction dataAudit TrailAll transactions remain cryptographically verifiableUsers can prove payment history when needed (for taxes, audits)Privacy is selective, not absolute – users control disclosureReal-World Use CasesIndividual UsersPrivacy-Conscious Individuals: Hide spending patterns from surveillanceHigh-Net-Worth Individuals: Prevent targeted attacks based on visible wealthActivists/Journalists: Protect financial privacy in authoritarian regionsBusiness Owners: Keep business transaction patterns confidentialEnterprise ApplicationsSalary Payments: Companies can pay employees privatelySupply Chain: Hide sensitive business relationships and payment amountsTreasury Management: Manage corporate funds without revealing strategiesCompetitive Intelligence: Prevent competitors from analyzing spending patternsDeFi IntegrationPrivate Liquidity: Add liquidity to AMMs without revealing amountsAnonymous Lending: Borrowing and lending with identity protectionPrivacy-Preserving DAOs: Vote and participate without revealing wallet connectionsMEV Protection: Prevent MEV bots from front-running based on transaction analysisTechnical ArchitectureOn-Chain ComponentsShieldedPool Contract: Core ZK verification, Merkle tree storage, nullifier trackingAliasAccount Contract: Public transaction management, deposit/withdrawal interfaceRegistry Contract: Encrypted privacy preferences and metadataRelayer Network: Optional gasless transaction processingOff-Chain ComponentsWallet Client: Key management, proof generation, transaction constructionIndexer Service: Scans blockchain for encrypted transactions relevant to userProver Service: Generates zero-knowledge proofs (local WASM or secure remote)Cryptographic PrimitivesPLONK/STARK Proofs: For transaction validity verificationPoseidon Hashing: Gas-efficient hash function for commitments and nullifiersECIES Encryption: For transaction metadata and stealth address communicationImplementation PhasesPhase 1 (MVP - Hackathon)Basic ShieldedPool contract with deposit/withdrawSimple wallet interface with privacy toggleMock ZK proofs for demonstrationFour transaction type supportPhase 2 (Beta)Full ZK proof system implementationWallet client with local proof generationBasic indexing and transaction scanningTestnet deployment and community testingPhase 3 (Production)ENS/Registry integration for privacy metadataRelayer network for gasless transactionsMobile wallet supportMainnet deployment with security auditsPhase 4 (Ecosystem)DApp integration SDKPrivacy-preserving DeFi protocol integrationsEnterprise compliance toolsCross-chain privacy bridgesWhy This MattersThis project represents a fundamental shift in how we think about blockchain privacy:For Users: Finally gives people a choice between convenience and privacy without sacrificing either For Ethereum: Adds a crucial missing piece – financial privacy – while maintaining full compatibility For Adoption: Removes a major barrier preventing mainstream users from using crypto due to privacy concerns For Innovation: Creates a platform for privacy-preserving DeFi and Web3 applicationsCompetitive AdvantagesUnlike existing privacy solutions that require completely separate systems (Tornado Cash, Zcash, Monero), our dual-layer approach:Maintains Ethereum Compatibility: Works with existing infrastructureGradual Adoption: Users can adopt privacy features incrementallyNetwork Effects: Privacy improves as more users adopt the systemRegulatory Friendly: Includes compliance features without compromising core privacyDeveloper Friendly: Simple SDK for DApp integrationThis isn't just another privacy coin – it's a privacy layer for the entire Ethereum ecosystem that users can adopt without changing their existing workflows or sacrificing the benefits of the broader Ethereum network.

Solution

ore Tech Stack We built this using Solidity smart contracts on Ethereum with a React/TypeScript frontend. The ZK proof system uses Circom circuits with Groth16 proving, and we deployed on Sepolia testnet with Alchemy RPC endpoints.Smart Contract Architecture The heart is our ShieldedPool contract that manages a Merkle tree of commitments and tracks nullifiers to prevent double-spending. We use Poseidon hashing for ZK-friendly operations. The AliasAccount contract handles public transactions and deposits into the shielded pool. Our biggest hack here was optimizing the Merkle tree - instead of storing the full tree on-chain (super expensive), we store only leaf nodes and compute Merkle paths off-chain, then verify roots using cached historical states. This saves about 80% gas compared to naive implementations.Zero-Knowledge Circuit Design We wrote Circom circuits that prove transaction validity without revealing private information. The withdraw circuit verifies you own unspent funds and computes nullifiers to prevent double-spending, all while hiding amounts and addresses. Originally proof generation took 15+ seconds on mobile, so we optimized with Web Workers, custom Rust-to-WASM compilation, and proof caching to get it down to 3-4 seconds.Frontend Innovation Built with Next.js and Wagmi for Ethereum interactions. We use Zustand for state management and React Query for caching. The trickiest part was note discovery - helping users find their private transactions without revealing privacy. We scan blockchain events and try to decrypt transaction memos with the user's viewing key. If decryption works, it's their transaction; if not, we skip it. This preserves privacy while enabling wallet functionality.Notable Hacks Our privacy-preserving indexer was necessary because The Graph doesn't natively support privacy features. We built a custom system that indexes only public commitments and nullifiers, never amounts or addresses. For mobile users who can't run WASM proof generation, we deployed Vercel Edge Functions as a fallback. We also implemented optimistic UI updates - transactions show as "pending" immediately while proofs generate in the background.Partner Technology Integration Alchemy provides webhook notifications for real-time deposit detection and archive node access for historical Merkle root computation. We extended RainbowKit with custom privacy mode connectors. The Graph helps with general blockchain indexing, though we had to build privacy features on top.Performance Optimizations Private balance computation requires scanning all notes, which is expensive, so we only compute it when users switch to private mode. We use lazy loading and cache results. For gas estimation on ZK transactions, we analyze historical similar transactions and add a 20% buffer for proof verification variance.Security Measures We implemented commit-reveal schemes to prevent front-running of ZK transactions. Users first commit to a transaction, then reveal it after a delay. For the hackathon, we used development trusted setup parameters, but production would require a proper Powers of Tau ceremony.Development Environment Used Hardhat for smart contract development with Foundry for gas optimization and fuzzing. Frontend deployed on Vercel with IPFS for metadata storage. We participated in testing on Sepolia and used OpenZeppelin contracts for security standards.What Made This Challenging The hardest part was balancing privacy, performance, and user experience. Getting ZK proofs working smoothly in web browsers while maintaining security guarantees required significant optimization. The note discovery system needed to work without compromising privacy, and the dual-layer UX had to feel seamless despite complex cryptographic operations happening underneath.Most Proud Technical Achievement The privacy toggle that seamlessly switches between public and private modes in the same interface, plus getting mobile ZK proof generation working smoothly. The gas-optimized Merkle tree implementation that other projects can easily integrate was also a major win.This represents months of research condensed into a working hackathon demo, with careful attention to both cryptographic security and practical usability.