Context on Harpie
Losing the key to your digital wallet means losing everything. Harpie is a wallet "insurance" (redundancy) provider that returns your crypto back to you if you lose your wallet. Harpie is already built and live--this is a feature of Harpie that we are submitting to the hackathon, not Harpie itself.
While we were working on Harpie, our customer interviews were all leaning towards a central idea of "trust," specifically, they didn't know whether or not they could trust our company. This was understandable due to the insecure nature of approval.
What it does
Cast: A (User) B (Harpie)--these are Ethereum wallets owned by their respective owner. A creates an account on harpie.io. A then locally generates B's wallet, then locally encrypts it with AES-256-CBC, generated with a random initialization vector and salt. The info that they use to encrypt B's wallet are based around security questions, which are concatenated and ran through a Keccak-256 hash. Then, A sends over the encrypted data, public address of B's wallet, IV, and salt to Harpie's server. When A would like to protect their assets, they sign an approval contract with the newly generated wallet. Since the access to this wallet was locally encrypted, at a later time, Harpie would need B's security question answers to unencrypt.
How we built it
Challenges we ran into
Ethereum interface is so primitive that it's almost necessary to put the brunt of coding on JS rather than Solidity. Also, this is live on a website, which means a lot of server work was necessary to make this possible.
Accomplishments that we're proud of
We made a ZKP! This is no small achievement.
What we learned
We learned about cybersecurity, secure cold storage, military-grade encryption algos, hashing algos, complexity of hacking into a system, creating unreadable data in a database, etc.
What's next for Harpie ZKP
The strength of Harpie's ZKP makes us confident to handle real money. This feature steps us into the closed beta stage, where we handle real crypto instead of testnet tokens.