ZKSAFE: How to Safeguard User Assets Even When Private Keys Are Lost.

Currently, EOA wallets such as MetaMask still dominate the decentralized wallet market. On the other hand, despite the industry's significant efforts to educate users on the importance of keeping their mnemonic phrases and keys secure, the issue of this single point of failure remains a major obstacle to the widespread adoption of crypto wallets.

To solve this problem, two alternative key management solutions have become hotspots for wallet startups in the industry. They are Multi-Party Computation (MPC) protocols and Smart Contract Wallets (including Multi-Signature Wallets). In the future, they will provide more choices for individuals, DAOs, and institutions, and even encrypted wallets will no longer only involve secure storage, but also asset utilization in the new economy.

However, we will focus on introducing another representative solution for EOA wallet usage, ZKSAFE. Compared to MPC wallets that distribute private keys in shards to multiple nodes, there is still a centralization risk as nodes may be attacked and result in the loss of private keys. ZKSAFE, on the other hand, implements password functionality through pure ZK algorithms without storing users' private keys and passwords.

ZKSAFE is what

ZKSAFE is a free and open-source protocol-level Web3 security product that uses zero-knowledge proof (zk Proof) technology to protect user assets through on-chain password + private key multi-signature, even if the private key is lost.

Users do not need a hardware wallet, they only need to install a browser extension plugin. ZKSAFE has created a Safebox that is opened with a password and private key. Users can have their own Safebox contract, and assets can be stored in the wallet or in the Safebox contract. Even if the private key and password are lost, assets can be recovered through Social Recovery.

Product Line

ZKSAFE has divided its products into 3 modules: ZKSAFE Safebox, ZKSAFE Password, and ZKSAFE Wallet. They can operate independently, be combined with each other, or be used in conjunction with products from other projects.

ZKSAFE Safebox

Safebox is the first product created by the ZKSAFE system.

Each user can have a Safebox contract that can only be opened with a password and private key, which is like a private bank. ZKSAFE does not store users' private keys or passwords, but even if the private key is stolen, the assets are still secure. If the private key and password are forgotten, they can be reset through social recovery.

Installation Tutorial

1) Open app.zksafe, click Download, and you will be redirected to the Chrome Web Store to download the ZKSAFE plugin. After installation, the Download button will change to Connected, indicating that the ZKSAFE plugin has been successfully connected.

2) Then click the Connect Wallet button to connect your MetaMask wallet. Currently, ZKSAFE only supports the Polygon network, and will integrate with Ethereum, BSC, Optimism, and Arbitrum in the future.

3) New users need to activate Safebox first. Click Activate and a MetaMask confirmation box will pop up. Click confirm to deploy a user-specific Safebox smart contract.

After being deployed on the chain, the Safebox Address is the address of the contract that was just deployed. In the future, tokens and NFTs can be directly transferred to this address, and only the user themselves can withdraw them.

Owner Address is the user's wallet address, and all assets in the user's Safebox can only be transferred to this wallet in the future.

Withdrawal

1) To withdraw assets from Safebox, a on-chain password is required. Click "SET" to set up the on-chain password. Create the on-chain password in the ZKSAFE plugin pop-up window, and then click "confirm" in the MetaMask confirmation window that appears.

2) Click the orange arrow button, enter the Token amount in the pop-up box, and click the Confirm button. The ZKSAFE transfer confirmation box will appear, enter the password, and ZKSAFE will calculate the ZK-SNARK Proof based on the user's password. After clicking Confirm, the MetaMask confirmation box will appear. Click confirm and wait for the transaction to be confirmed on the chain.

Currently, the official version has been launched, and assets in Safebox can be transferred to any address to avoid the risk of private key theft and potential losses caused by users transferring assets back to their wallets. In the future, ZKSAFE will also develop a domain name project called ZKSAFE ID to prevent transfer errors.

Deposit

Click the green arrow button, enter the Token amount in the pop-up box, click the confirm button after the MetaMask confirmation box pops up, and wait for the on-chain process to complete.

However, compared to the one-to-one transaction during withdrawal, depositing involves multiple parties, and users can also transfer their own tokens directly from other wallets to the Safebox address.

Social Recovery

If the user forgets their password or private key, they can initiate a multi-signature (no password required) social recovery through the pre-set guardian, and the ownership of Safebox will be transferred to the new wallet, allowing assets to be transferred out using the on-chain password and private key of the new wallet. After Safebox is transferred to the new wallet, the management rights of the original wallet will become invalid.

Guardians can be the user's most trusted family or friends, or they can be other wallets of the user. However, to ensure security, do not have all guardians' wallets on the same device.

ZKSAFE Password（ZKPass）

ZKSAFE aims to create a protocol-level cryptographic solution, so the cryptographic system not only supports ZKSAFE, but also extends to support various asset management platforms, even non-private key wallets, which will greatly reduce the barrier for users to enter Web3.

It can be simply divided, where the password system ZKPass is mainly for B2B, while zkSafe is for B2C.

It is worth mentioning that in traditional algorithms, only private keys can be used to sign data. However, ZKSAFE has implemented password signature for data by programming ZK-SNARK, which effectively prevents "sandwich attacks".

For example, if a user submits a withdrawal transaction with their password verification information attached, the transaction is public and can be copied by hackers while in the queue. The hacker can then replace the withdrawal address with their own and leave the password verification information unchanged, allowing the transaction to pass verification in the contract. The hacker can then submit the transaction with a higher gas price, allowing them to take the assets before the user.

However, when the user submits a withdrawal tx, the information of how much money to withdraw and to whom it should be sent can be signed with a password through ZKPass. If the information in the tx is tampered with, it can be verified in the contract.

For specific operations, you can open password.zksafe and click "Connect Wallet" to connect with MetaMask and set up ZKPass.

Enter the password twice, then click Set Password. The computer will perform ZK calculations. After waiting a few seconds for the ZK calculations to complete, a MetaMask confirmation box will pop up.

In addition, resetting a new password requires the old password. If a user resets their password, they will be able to view the most recent password setting records on the reset page.

1) About ZKPass:

- ZKPass does not store user passwords. Except for the user themselves, no one knows them.

- ZKPass has no administrator, and no one can help retrieve or reset the password.

- Do not save passwords on your computer or phone, write them down on paper.

2) Regarding the strength of ZKPass, it is currently unable to prevent being cracked, and the difficulty of cracking depends on the length of the password.

- It takes approximately 10 days to crack a 6-character password, so don't set it too short.

- With the improvement of computer performance, the future cracking of 8-character passwords may only take a few months.

- Recommended 12 characters, which can be a short sentence + a number; cracking requires thousands of pieces of 3090 graphics cards and 100 years of time.- If there are higher security requirements, a password length of 40 characters can be set, which will make it more difficult to crack than a private key. According to the current network computing power, it would take billions of years to crack a private key.

3) What is the difference between ZKPass and MetaMask passwords?

Indeed, during use, two passwords will be found: MetaMask password and ZKPass, but they are two completely different systems. MetaMask does not directly store the user's private key, but stores the certificate of the private key. The password entered by the user when opening MetaMask is the password for exporting the private key certificate.

If the certificate is lost (computer reinstallation), the password cannot export the private key, and the assets cannot be withdrawn. When the private key is stolen, hackers can easily steal the user's assets.

And the password used by ZKSAFE, ZKPass, is stored in the smart contract and encrypted through zero-knowledge proof, which can only be changed by the user. ZKPass is always online and remains valid even if the computer is changed. Even if ZKSAFE stops its service, it will still be effective as long as the Ethereum network exists. At the same time, if the private key is stolen, hackers cannot steal user assets without knowing ZKPass.

4) Specific working principle

On the user side, ZKPass only has the function of changing passwords; if only password verification is required, the hash value of the password (pwdhash) can be verified off-chain, while on-chain verification is usually done in conjunction with other contracts for data signing, such as the ZKSAFE contract: The ZKSAFE contract generates a datahash within the contract based on the parameters of "what the user wants to do" and passes it to the ZKPass contract.

After ZKPass verification succeeds, the ZKSAFE contract knows that the user's password is correct and that the parameters of "what the user wants to do" have not been tampered with (i.e. signed). Then the ZKSAFE contract can proceed with the next step (withdrawal) operation.

ZKSAFE Wallet

ZKSAFE will also develop a wallet based on ERC4337 (account abstraction) for convenient security and gas saving. The wallet will use ZKPass instead of private keys to achieve a keyless wallet and integrate a Dapp store, allowing users to freely and securely enjoy the world of encryption.

Summary

The MPC solution achieves complex verification methods such as "multi-signature" and "cross-chain" off-chain by performing multi-party computation on private keys. Specifically, it shatters a private key into multiple fragments and then submits them to a decentralized network for computation and encryption. When a private key signature is required, these fragments are reassembled to form a complete private key.

MPC decentralizes the control of private keys to achieve risk diversification and avoid security issues such as single point of failure. However, on the other hand, there may still be centralized risks in MPC key hiding and cross-chain bridging. Once a large amount of funds is controlled by a small number of nodes, especially when these nodes are controlled by the same person, an attack on the nodes can lead to the loss of private keys. In addition, the password used in the MPC scheme is at risk of brute force attacks if the single node that verifies the password is compromised, so users are required to input complex passwords.

The use of smart contract wallets requires higher fees because it requires verification of multiple signatures. Operations such as adding or removing owners and changing thresholds are all performed on the chain.

ZKSAFE adds a security suite to the EOA wallet, and avoids asset theft by storing zkproof on the chain instead of storing passwords themselves. Even if the private key and password are lost, users can recover their assets through social recovery.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia