User input password to EPS ZK Circuit (running at frontend), it output hash + proof, it proving that the hash is generate from the password, EPS contract can verify it, if the hash equals the one binging in EPS contract, that means the user input the right password.
Advanced, used proofs is recorded in EPS contract, to avoid Double Spent.
And, datahash\expiration\chainId are added to ZK Circuit, make (ZK) Password to sign data as PrivateKey.
Safebox is a Smart Contract Wallet, deployed by user.
User holds Wallet, Wallet holds Safebox, Safebox holds Assets.
Withdraw from Safebox need the ZK Password.
The withdraw to-address must be Safebox's owner.
The caller must be Safebox's owner.
- Where is the password store?
In your mind.
- If the project fail or be hacked, is my Safebox safe?
Yes, the Safebox is Smart Contract Wallet, you're the only owner of the contract, it's running forever and no one can control it except you.