Whisper-Vault
Anti-Corruption Decentralized Block-Chain App
Created on 18th January 2026
•
Whisper-Vault
Anti-Corruption Decentralized Block-Chain App
The problem Whisper-Vault solves
The problem it solves :
Modern whistleblowing systems force an impossible trade-off between trust and anonymity.
Fully anonymous reports are often dismissed as unreliable, fake, or malicious.
Verified reports expose whistleblowers to retaliation, job loss, legal action, or worse.
Even so-called “anonymous” platforms usually require trust in administrators, servers, or governments not to reveal identities.
As a result, many cases of corruption, abuse, and wrongdoing go unreported — not because people don’t care, but because the personal risk is simply too high.
How WhisperVault fixes this
WhisperVault eliminates the identity vs. anonymity trade-off.
It enables insiders to submit reports and evidence while providing cryptographic proof that they are authorized members of an organization — without revealing who they are, even to system administrators.
Using zero-knowledge proofs
With zero-knowledge cryptography, reporters can:
Prove “I am a legitimate insider”
Without revealing which insider they are
And without trusting any central authority to protect their identity
The result is whistleblowing that is both verifiable and truly anonymous.
Challenges we ran into
Challenges I ran into
- Zero-knowledge proofs in the browser
Generating ZK proofs client-side was one of the biggest challenges. Proof generation is computationally heavy, slow on low-end devices, and difficult to debug when something fails silently.
How I solved it:
Instead of writing custom circuits from scratch, I used Semaphore, a battle-tested ZK library that abstracts away most of the cryptographic complexity. I optimized the UX by clearly showing loading states during proof generation and keeping proofs small enough to be practical for a demo (~5–10 seconds).
- Proving authorization without leaking identity
A core challenge was ensuring that users could prove they were legitimate insiders without exposing wallet addresses, metadata, or allowing admins to deanonymize submissions.
How I solved it:
I designed the smart contract so it never stores user addresses or personal data. It only stores a Merkle root of identity commitments and verifies zero-knowledge proofs against it. This guarantees that verification happens purely through math, not trust.
- Secure file storage without central servers
Storing evidence directly on-chain was impossible due to cost and size limits, but using a traditional server would undermine anonymity and trust.
How I solved it:
I used IPFS for decentralized storage and only stored the content hash on-chain. This ensures evidence is tamper-resistant, verifiable, and not controlled by any single party.
- Balancing privacy with usability
Privacy-preserving systems are often confusing for non-technical users. Wallet connections, proof generation, and decentralized storage can easily overwhelm users.
How I solved it:
I focused on UX simplicity: a familiar upload flow, clear explanations, and minimal crypto jargon. All cryptographic steps happen behind a single “Generate Proof & Submit” action.
- Designing a system with zero trust in admins
It was challenging to ensure that even platform administrators could not identify or track whistleblowers.
How I solved it:
The system architecture assumes admins are not trusted. No logs, emails, IPs, or addresses are stored. Identity verification is enforced entirely by cryptographic proofs and smart contracts, not permissions or databases.
Tracks Applied (1)
Ethereum Track
ETHIndia