ZKWhisper

Screenshots

Problem Statement

Current wallet recovery mechanisms always come with a big trade-off. Either you rely 100% on yourself (push the responsibility to the user), or you sacrifice sovereignty by trusting your private key to some centralized entity.With this project I present Zero Knowledge based Sovereign Social Recovery wallet, a non-custodial recovery mechanism that tries to bring the best of both worlds.

Solution

Sign Upwallet creation: user can create a new wallet/onboard an existing one with ZKWhisper contract.Signup returns a zk-identity proof for user. Wallet’s private keys are always kept off chain and never revealed. All the circom circuits are run on client side, never revealing any secrets of the calculation.User downloads this identity-proof.Login(skip)I need to submit my identity proof to log inOnly logged in users can start a recovery setupZK-social Recovery SetupSince most wallet apps allow wallet importing with either private key or mnemonic phase- user can opt out to use any of these in recovery setup.User selects number of guardians(N) and quorum(K) as the minimum number of threshold shares required to recover the wallet.The key here is the disconnection between guardians. whole idea is build on the assumptions that guardians are not aware of each other and only the user can reach out toKguardians to be able to create the secret keyWe also add a proof of inclusion in each share: that is the merkle root and merkle tree path; which will come handy in validating them later.We distribute these shares to guardians offline and can delete the secret without any worries. Nothin else is required.Recoveryuser collects K number proofs from his guardiansNow these shares could be tempered with or simply invalid- invalid/maliciousSo first we do validation of each share. For this we check if all of them contain the same values of merkle root(inclusion proof) and each of them the tree path can construct the same merkle tree. If not we can exit early and tell the users to collect from some other guaridansThen the user tries to computes (in-browser) the recovery string in a verifiable way using the circuits. And send the resulting witnesses to the smart contract for verification.If all goes through, the user is able to recover their sercret.