A Web3 wallet with bank-grade security through TOTP-based two-factor authentication and zero-knowledge proofs.
Overview β’ Features β’ Getting Started β’ Architecture β’ Development β’ Deployment
ChronoVault brings Web2-style security usability to Web3 self-custody wallets. By integrating Time-based One-Time Password (TOTP) two-factor authentication with zero-knowledge proofs (ZKPs), users get transaction-level 2FA without compromising privacy or decentralization.
Built on ERC-4337 account abstraction, ChronoVault requires users to prove possession of a valid TOTP code for every transactionβwithout ever exposing the secret on-chain. The system combines client-side ZK circuit proofs with smart contract validation to create a secure, privacy-preserving authentication layer that prevents unauthorized transactions while maintaining the self-custody principles of Web3.
- Client-Side Proof Generation: The user's device generates a ZK proof demonstrating knowledge of a valid TOTP code for the current timestamp
- On-Chain Verification: Smart contracts verify the proof's validity without accessing the TOTP secret
- Replay Attack Prevention: Timestamp-based validation ensures each proof can only be used once
- Privacy-First: TOTP secrets never leave the user's device or touch the blockchain
Unlike existing TOTP wallet solutions that pre-compute and hash future codes into Merkle trees, ChronoVault implements the actual TOTP algorithm (RFC 6238) inside zero-knowledge circuits. This eliminates the need for client-side storage of authentication data, removes the vulnerability of brute-forcing pre-hashed values if the client is compromised, and provides true cryptographic proof of secret knowledge rather than just Merkle inclusion proofs. Our approach combines the usability of standard Google Authenticator with genuine zero-knowledge security guarantees.
- TOTP-Based 2FA: Authy-like time-based one-time password authentication for every transaction
- Zero-Knowledge Proofs: Privacy-preserving verification that never exposes secrets on-chain
- ERC-4337 Account Abstraction: Native smart contract wallet support with programmable security policies
- Replay Attack Protection: Synchronized timestamp validation prevents proof reuse
- Self-Custody: Complete user control over keys and authentication secrets
- Modern Stack: Built with Next.js, Hardhat, Wagmi, and Viem for a seamless developer experience
-
Node.js: Version 22 or higher (Download)
-
pnpm: Fast, disk space efficient package manager
npm install -g [email protected]
-
circom (optional, for circuit development): Zero-knowledge circuit compiler
# Linux wget https://github.com/iden3/circom/releases/download/v2.2.1/circom-linux-amd64 chmod +x circom-linux-amd64 sudo mv circom-linux-amd64 /usr/local/bin/circom # macOS wget https://github.com/iden3/circom/releases/download/v2.2.1/circom-macos-amd64 chmod +x circom-macos-amd64 sudo mv circom-macos-amd64 /usr/local/bin/circom
[!NOTE] circom is only required if you're modifying the zero-knowledge circuits. Pre-built circuits and keys are included for normal development.
Open this project directly in your browser with a fully configured environment:
-
Clone the repository
git clone https://github.com/WhyAsh5114/ethonline-2025.git cd ethonline-2025 -
Install dependencies
pnpm install
-
Start development
In separate terminal windows:
# Terminal 1: Compile and watch blockchain contracts pnpm dev:blockchain # Terminal 2: Start the frontend development server pnpm dev:frontend
-
Open your browser
Navigate to http://localhost:3000
ChronoVault follows a monorepo structure with three main packages:
ethonline-2025/
βββ blockchain/ # Smart contracts and blockchain infrastructure
β βββ contracts/ # Solidity smart contracts (including generated TOTPVerifier.sol)
β βββ test/ # Contract test suites with ZK proof integration
β βββ scripts/ # Deployment and utility scripts
β βββ generated.ts # Auto-generated TypeScript types
β
βββ circuits/ # Zero-knowledge circuits for TOTP verification
β βββ src/ # Circom circuit definitions
β βββ scripts/ # Circuit setup and proof generation
β βββ build/ # Compiled circuits and proving keys
β βββ test/ # Circuit-specific tests
β
βββ frontend/ # Next.js web application
β βββ src/
β βββ app/ # Next.js app router pages
β βββ components/ # React components
β βββ hooks/ # Custom React hooks
β βββ lib/ # Utilities and wagmi configuration
β
βββ package.json # Monorepo workspace configuration
Zero-Knowledge Circuits
- Circom 2.2.1 for circuit definitions
- snarkjs for proof generation and verification
- Groth16 proving system with Powers of Tau ceremony
- Automated Solidity verifier generation
Smart Contracts
- Solidity 0.8.28
- Hardhat for development and testing
- Viem for Ethereum interactions
- Wagmi CLI for TypeScript type generation
- Integrated ZK proof verification
Frontend
- Next.js 15 with App Router and Turbopack
- React 19
- Wagmi v2 for Web3 interactions
- TanStack Query for state management
- Tailwind CSS for styling
- shadcn/ui for component library
- Biome for linting and formatting
Build circuits and deploy artifacts (from project root):
pnpm build:circuitsThis command:
- Compiles the TOTP verification circuit
- Generates proving and verification keys using Powers of Tau
- Exports Solidity verifier to
blockchain/contracts/TOTPVerifier.sol - Automatically copies circuit artifacts to
frontend/public/circuits/
Or navigate to the circuits package for individual steps:
cd circuitsCompile circuit only
# Requires circom to be installed
pnpm compileGenerate proving and verification keys
# Downloads Powers of Tau, generates keys, and copies to frontend
pnpm generateGenerate a test proof
# npx tsx scripts/generate_proof.ts <secret> <timestamp> [totpCode]
npx tsx scripts/generate_proof.ts 12345 1729353600Tip
The circuit generation automatically copies all necessary files (WASM, zkey, verification key) to the frontend, so you don't need to manually sync artifacts between packages.
Navigate to the blockchain package:
cd blockchainCompile contracts
pnpm compileGenerate TypeScript types
pnpm generateRun tests
# Tests include real ZK proof generation and verification
pnpm testBuild (compile + generate)
pnpm buildImportant: The blockchain tests depend on the circuits being built first. The TOTPVerifier.sol contract must be generated by running the circuit setup before compiling blockchain contracts.
Navigate to the frontend package:
cd frontendStart dev server
pnpm devBuild for production
pnpm buildLint code
pnpm lintFormat code
pnpm formatFrom the root directory, you can run:
# Build everything (circuits β blockchain β frontend)
pnpm build
# Build circuits and generate blockchain types
pnpm dev:blockchain
# Start frontend dev server
pnpm dev:frontendDevelopment Workflow:
- Build circuits first to generate
TOTPVerifier.sol - Compile blockchain contracts (includes generated verifier)
- Generate TypeScript types for frontend
- Start frontend development server
ChronoVault supports deployment to multiple networks:
- Local Hardhat: For testing and development
- Sepolia Testnet: For staging and testing
- Optimism: Production deployment (configured via Hardhat)
Configure your deployment by setting environment variables:
export SEPOLIA_RPC_URL="https://..."
export SEPOLIA_PRIVATE_KEY="0x..."Deploy contracts:
cd blockchain
npx hardhat ignition deploy ./ignition/modules/Counter.ts --network sepoliaThe frontend can be deployed to any platform that supports Next.js:
- Vercel (recommended)
- Netlify
- AWS Amplify
- Self-hosted
Note
Before deploying the frontend, ensure you've built the blockchain package to generate the latest contract types.
The circuits package implements zero-knowledge proofs for TOTP verification:
- Circuit Definition: Circom circuit that proves knowledge of a valid TOTP code
- Proof Generation: Client-side proof generation without revealing the secret
- Verifier Generation: Automatically generates Solidity contract for on-chain verification
- Powers of Tau: Uses ceremony parameters suitable for 492 constraints (2^14)
- Groth16: Efficient proving system with constant-size proofs
Integration Flow:
- Circuit compiled to R1CS and WASM
- Proving and verification keys generated from Powers of Tau
- Solidity verifier contract (
TOTPVerifier.sol) auto-generated - Verifier imported by
TOTPWallet.solfor on-chain validation
The blockchain package uses Hardhat with the Viem toolbox for a modern Ethereum development experience:
- Contracts: Solidity smart contracts implementing ERC-4337 account abstraction with TOTP verification
- ZK Integration: Imports generated
TOTPVerifier.solfor proof validation - Type Generation: Wagmi CLI automatically generates TypeScript types from compiled contracts
- Testing: 35 comprehensive tests with real ZK proof generation and verification
- Network Configuration: Supports local, testnet, and mainnet deployments
The frontend is a modern Next.js application:
- App Router: Uses Next.js 15's app directory for routing
- Web3 Integration: Wagmi hooks for seamless blockchain interactions
- UI Components: shadcn/ui components built on Radix UI primitives
- Responsive Design: Mobile-first design with Tailwind CSS
- Type Safety: Full TypeScript coverage with generated contract types
Contributions are welcome! This project was developed for ETHOnline 2025.
- ERC-4337 Account Abstraction
- TOTP Algorithm (RFC 6238)
- Zero-Knowledge Proofs
- Circom Documentation
- snarkjs
- Groth16 Protocol
- Hardhat Documentation
- Wagmi Documentation
- Next.js Documentation
ISC