👋Intro

ZKSAFE

We created a kind of Safebox with password+private key to open, even if the private key is stolen, the asset remains safe

Users can have their own Safebox contracts, which can be understood as their own private banks. You can retrieve your assets even if you lost your private key and password by social recovery

You only need to install ZKSAFE extension, and no hard wallet is needed

Safebox and Wallet

We don’t save a large amount of money on gift card or bus pass in real life but small changes, but big money in the bank, same in the crypto world:

  • Small money into hot wallet, which can be used for transferring and DEFI investment

  • Large money into the Safebox, since safety first

ZKSAFE is a security partner of wallet. Take MetaMask as an example:

  • MetaMask deal with your private key

  • ZKSAFE deal with your password

ZKSAFE doesn’t store your private key or password, the withdrawal procedure as follows:

ZKSAFE confirmation box pops up and password is needed when withdrawing, and then ZK-SNARK Proof will be calculated by your computer through your password, and MetaMask confirmation box pops, to sign with your private key

What’s the differences between ZKSAFE password and MetaMask password

First, there are two completely different systems, MetaMask does not store your private key directly but the certificate of your private key. The password you enter when you open MetaMask is the password of the certificate for exporting the private key. If the certificate is lost (computer reinstall), the private key cannot be exported from the password and the asset cannot be withdrawn. If the private key is stolen, the hacker can steal the assets. Certificate + password are used to prevent the private key from being directly stored and hacked by the Trojan horse

Password ZKSAFE used is called ZKSAFE Password, which is another password for your account. This password is stored in smart contract, encrypted by Zero-knowledge proof, and no one can change your password but only yourself. Password is always online, and valid even if you changed another computer; Even if ZKSAFE is out of service, the password is still valid, and ZKSAFE Password will be valid as long as Ethereum exists. If the private key is stolen, the hacker cannot steal the assets without knowing the password

Where the assets are stored

See diagram as follows:

Wallet owns assets, each wallet can have its own ZKSAFE contract

Assets can be stored in the wallet and also ZKSAFE contract. The following 3 conditions need to be met when withdrawing assets from ZKSAFE contract:

  1. ZKSAFE contract can be called only by it's owner (wallet)

  2. Correct password

  3. No approve problem, every withdrawral leads to it's owner wallet

These guaranteed:

  1. No assets pool. DEFI usually put their users’ assets into an asset pool, therefore, all assets are stolen once the assets pool is hacked

  2. Hacker can't steal your money even if he has your private key

  3. No authorization and wrong transfers because all the assets can be only transferred into your wallet

Security

To use ZKSAFE to protect your assets safety as early as you can

Asset Security

The assets safety of ZKSAFE are with the following 3 possibilities:

  1. Private key is hacked, password is safe, and your assets are safe

  2. Password is cracked, private key is safe, and your assets are safe

  3. Password is cracked, private key is hacked, your assets are not safe

Tips: it’s suggested to write down your password on paper rather than on cell phone or computer, do not enter the password outside ZKSAFE.

Password Security

ZKSAFE doesn't store your password, can't change your password either, you can set Social Recovery before password is lost

ZKSAFE extension can be called if the partner wants to verify the user's password. After ZKSAFE verification, all parameters generated by the password (excluding the password) will be returned to the partner's website. The password will not be shown anywhere to ensure security

Note: Too simple a password like a 6 chars can be cracked in 9 days, 8 chars password now take decades for cracking, but it may take less time in the future as computer performance improves; So password of more than 12 characters (case sensitive letters+number+symbol) are recommended. We will upgrade password algorithm to ensure the security of the 12 chars password

Social Recovery

If you forget the password or private key, you can use Social Recovery by initiating multi-signing (no password needed)

Once The ownership of the safebox be transferred, the password and private key are replaced

Guardians can be your trusted relatives or friends, or your own wallets. For security, it’s better not login all guardians’ accounts on one device

Guardian can also be Gnosis-safe Multi-sign wallets, which is in our plan

If you feel your private key or password has been exposed, you should transfer your Safebox to a new wallet

Fee is needed for transferring the Safebox

Reminding: ZK-SNARK is still need time for testing, it’s strongly suggested that every user could set the Social Recovery

Last updated