Introducing zkSafe: A Privacy Tool for Safe Signers

by Valeriy ZamaraievPUBLISHED Oct 3, 2024
Select a section...

Today, 1kx proudly unveils zkSafe, a module designed to enhance privacy for Safe multisig signing for users while offering developers a seamless, backend-free interface, providing them greater customization and debugging capabilities.Wallet infrastructure plays a crucial role in our ecosystem, and Safe stands out as a leading solution for onchain asset management. With over $70 billion in assets spread across more than 10 million smart accounts, Safe’s active users are up 67% quarter over quarter as of Q2 2024. In her recent piece, "Safe Unlocking the Era of Programmable Ownership", our Research Principal Nichanan Kesonplat details how Safe's architecture supports feature expansions through third-party modules.

Safe is the most battle-tested decentralized solution for securely managing digital assets. But while multisig is the best safety guarantee in the market, privacy remains a consideration, given wallet signer identities are made public. As advocates and avid users of Safe, we wanted to address these privacy considerations and therefore decided to build zkSafe as a third-party module.

What is zkSafe?

zkSafe is a tool that enables better privacy for Safe multisig signing. Using zkSafe, Safe owners can collectively sign transactions without revealing who has signed the transaction. Privacy-forward crypto organizations, foundations, DAOs, and funds requiring robust security controls for asset management will find zkSafe valuable. In addition to the privacy benefits, the backendless Safe UI enabled by the zkSafe module allows developers to use Safe on forked chains seamlessly. Normally, Safe UI operates with an offchain backend operated by Safe's Core Contributors development studio, meaning it’s more than just a client-side webpage.

This setup poses significant challenges for two main reasons:

  1. Privacy Concerns: With an offchain backend, user signatures are collected and are fully exposed to the public. In a digital age where data security is paramount, this is an important consideration.

  2. Limited Fork Compatibility: While Safe Wallet canonical UI supports multiple blockchain networks, it does not extend support to development forks. This limitation is crucial because Safe is always evaluating which new chains to integrate next. However, forking is a frequent practice among open-source projects, allowing developers to experiment with new implementations with a sandbox environment that closely mirrors the original chain and debug vulnerabilities in a neutral testing ground. The ability to function within a forked environment is a tremendous benefit for developers, which is now made possible with zkSafe.

These issues underscore the need for a more robust, privacy-centric, and flexible backend solution for Safe UI, ensuring it can adapt to the dynamic nature of blockchain development while safeguarding user data.

How zkSafe Works

zkSafe is a module that operates under the following conditions:

  1. A threshold number of valid transaction signatures

  2. Each transaction signature is distinct (i.e., you can't reach thirre threshold by including a signature twice). These signatures must also be from one of the Safe's owners.

Once the zkSafe module verifies these conditions with a Safe transaction, it can safely execute the transaction without revealing the identity of the signers.

How to Use zkSafe

Currently, zkSafe is deployed on the following chains: Ethereum, Base, BSC, Polygon, Gnosis, Arbitrum One, Optimism Mainnet, Scroll, and Sepolia. Most users will find the best experience with zkSafe through our backendless UI: https://zksafe.1kx.io

For those who prefer the command line, detailed instructions are available on the project’s Github.zkSafe has also undergone an audit by Halborn, sponsored by Matter Labs, which you can review here.

For a narrated walkthrough, explore the resources at the end of this post.

Building in Public

At 1kx, we prioritize a hands-on approach to building. Our team consists of a strong technical bench, including engineers, former founders, and experts in cryptography and economics, all of whom work closely with our founders. The open-source nature of the crypto tech stack lets us dive in when we spot a gap or opportunity for improvement, with zkSafe being the latest example.

Since day one, building zkSafe has been a public endeavor. In June 2024, our CTO Valeriy Zamaraiev gave a talk on zkSafe at Safe{Con}2. This followed several months of collaborative product development with partners such as Matter Labs, who provided valuable insights as an early user of zkSafe.

In the spirit of building in public, we also sponsored developers at ZKHack Montreal to earn bounties by building on zkSafe. As a result, the team behind zksafeSpanishMafia solved the problem of concealing the identities of both multisig signers and owners. Check out their MVP here.

Both zkSafe circuits and contracts, as well as the Backendless UI, are completely open source. Contributors are welcome to submit their Pull Requests, bug reports, and feature requests to the project’s GitHub. For additional inquiries, reach out to @valeryz on X.

Documentation & Resources

Project Github:

Step-by-step video demo

This video delivers a step-by-step guide on using zkSafe as of September 2024, detailing key actions at the timestamps indicated below:

00:33 - Connecting a Safe Owner's Wallet

0:55 - Enable Prover Module for zkSafe Access

2:45 - Sending Transactions in zk

6:40 - Overview of Backendless UI

7:55 - Backendless UI Features