ZkMask

Traditional security measures, such as private keys, although robust, are not immune to breaches. Should a private key be compromised, the results can be catastrophic, enabling malicious transactions and draining valuable assets.

ZkMask is a pioneering 2-Factor Authentication (2FA) service, combining facial recognition technology with zk-SNARKs to deliver an additional layer of security to blockchain transactions. Our system is easy to integrate and enhances the safety of user interactions with dApps, without adding undue complexity to the user experience.

The flow of using Zk-Mask is straight forward. First you have to register your face and add your wallet to our mobile app. You can now go on to any Dapp and sign a transaction. When you do that, you get a notification from our mobile app requesting to authorise the transaction.

When you open the app you can scan your face and verify that the transaction is sent by you. When this is done, a proof is verified on-chain which triggers the function call and your transaction passes through.

Through our simple and intuitive 2 factor process, users can add a second layer of security to their transactions on top of their private key.

ZkMask leverages a face recognition library called DeepFace and Zk-SNARKS to enable decentralized 2 factor Authentication for blockchain transactions.

When the user logs into our app, they would have to register and connect their wallet through WalletConnect or Metamask. After that, they must scan their face to generate a unique key which is stored in their local environment.

When the user signs a transaction on any Dapp integrating us, it emits an event which is listened by our mobile app and it send a notification asking the user to authenticate the transaction. The user can see the transaction details through the app which generated by GPT API to explain the transaction simple to the user.

The user can now scan their face which generates the unique key. The client takes the Poseidon hash of the key and sends to a circuit which generates a ZK proof that the person sending the hash must be in possession of the unique key (which can only be generated through their face).

The response of this proof is verified on-chain, which when listened by the Dapp, allows the transaction to pass through. Not only that, we also leverage The Graph to show users the past authentications and denials. This is also used to send Push Notifications for Auth request and confirmation.

In case of your private key getting compromised, a malicious transaction would still require this ZK proof to pass which is impossible without access to your face when using a live model (your photos wont work, needs to be the real thing)