The problem with current hot wallets is that the user has to store a mnemonic somewhere and manage the key. This opens the possibility of losing private keys and hence users' funds with it. We introduce a simple wallet recovery mechanism using OTPs integrated into our smart contract wallet. The wallet is now not only recoverable but also seamless due to the use of user friendly OTP system.
The main challenge that we faced was to rely on a trusted and centralized OTP verifying service which opens up the possibility of censorship. Ideally we'd want this OTP verification to be done on the smart contract itself making it trustless. Some possible solutions that could be used to address this issue:
-
Use of zk-proofs like Bulletproofs (a special optimized case of range-proofs) to prove that the OTP lies in a certain numeric range but without revealing it.
-
Using Shamir Secret sharing to split the OTP off-chain into 2 or more shares that can be recombined on chain to be verified. These shares would of course be homomorphically encrypted and verified using zk proofs.
We chose the second option for our v1.
Right now we haven't added encryption but it can be added- Add session key encryption
- @harsh4786 for contributing with the cryptography
- @abishekk92 for giving us the Idea