AnonAA is an ERC4337-based social recovery wallet that also implements privacy-preserving features, such as private ownership and private ownership transfer.

The problem AnonAA solves

AnonAA has three distinct privacy features which solve different problems. All of the solutions below are made possible with zk-ecdsa, ecrecover carried out through a zero-knowledge circuit. The zk-proof is verified on-chain. it replaces the ecrecover function which is commonly used in transaction signature verification in smart contract wallets.

  • Security-Enhanced Social Recovery
    One of the biggest unspoken risks associated with the current social recovery scheme is the possible corruption in which the "trusted" guardians communicate behind the scene and collude to take the account ownership and steal the owner's assets. Imagine a social recovery wallet with 3 guardians (one is your backup address and the other two are people you trust, like your family members and close friends) and the threshold is 2. As long as the stored guardian addresses are publicly known, it's not difficult for guardians other than you to collude. To prevent such actions, AnonAA allows you to store the guardian address masked(hashed) and they can interact with the wallet ( approve/ reject recovery proposals) without revealing their public identity ( eht address / public key ) so that they can't know who the other guardians are, making the corruption nearly impossible.

  • Private Ownership
    AnonAA only stores encrypted addresses which helps the owner hide the ownership of the account. Hence, as long as the owner manages the account without making any link to his/her other addresses on-chain, nobody can guess/know who controls the smart contract wallet.

  • Private Inheritance
    AnonAA allows for safe and private transfer of account ownership. Even if you are put into unexpected situations like death and imprisonment where you can't have access to your account/funds anymore, people such as your son, daughter, and wife can safely inherit your assets anonymously.

Challenges I ran into

  • Building Frontend
    Since Noir's JS library used for generating zk-proof is unusable as it hasn't been updated to the latest version of Noir, I couldn't build a fron-tend where users can locally generate proof and submit transactions to get his/her actions done.

  • Had to use hashing instead of Merkle proof
    AnonAA stores Pedersen-hashed addresses in smart contracts which is practically enough to preserve the privacy of the users: the owner, the guardians of social recovery, and the beneficiary of the inheritance. However, using Merkle root is more desirable and elegant as a solution to manage the user's identity as it reduces storage costs as the number of data increases.

Unfortunately, this is impossible at this point as the Noir JS library is still out of date as I mentioned above.

  • Proving time and Verifying cost
    Even though applying ZKP to privacy solutions is cool and effective, I think it's still hard to go into production as the proving time is too long ( abt 1.30mins for each ), and verifying the contract consumes tons of gas ( ~500k). But I believe these bottlenecks will be eased and removed as the technologies improve in Noir and its underlying proving system.