Vaulti

12‑Month Project Multi‑Auth (TOTP • WebAuthn • Google) ZK: Research Only

Non‑Custodial 2FA Vault for Cardano

A portable, self‑custodial 2FA layer for Cardano, supporting TOTP, WebAuthn, and Google login for easy onboarding. We are actively researching ZK techniques for future decentralization & anonymity — not implemented in this phase.

User Sovereign
Non‑Custodial
Cardano‑First
Security‑First

Three Core Components

End‑to‑end security loop that preserves self‑custody and works with existing Cardano wallets & dApps.

Identity Vault

Off‑chain conditional co‑signer (closed‑source, auditable)

  • • TOTP & WebAuthn
  • • Google OAuth Login
  • • Policy‑based co‑signing
  • • Zero asset custody
  • • ZK & threshold crypto: research phase

Asset Vaults

On‑chain smart contracts (open‑source)

  • • 2‑of‑2 multisig
  • • Escape hatch (time‑locked)
  • • Co‑signer (Identity Vault) updatable
  • • Auditable & transparent

Universal Connector

Browser extension

  • • Wallet proxy (CIP‑30)
  • • Transaction interception
  • • 2FA flow management
  • • Works with existing dApps

User Journey

Onboard with a Cardano wallet and add a second factor. No dApp or wallet changes required.

1

Onboarding Wizard

Browser Extension Setup
Install Universal Connector
Connect a CIP‑30 Wallet (e.g., Nami, Eternl)
3
Create your Identity Vault account
Identity Vault Registration
2

Choose Your Authentication Method

Scan QR Code

Use Google Authenticator, Authy, 1Password, etc.

Verify Setup
TOTP successfully configured
WebAuthn

Hardware keys, biometrics

G
Google Login

OAuth‑based co‑signing

ZK
Zero‑Knowledge

Under research, not available

3

Deploy Asset Vault (Testnet MVP)

Smart Contract Deployment
Cardano Testnet

Asset Vault contract (Aiken)

Owner Address:addr1q9x...7k2m
Co‑signer (Identity Vault):addr1q8y...9n3p
Est. Deployment Fee:~2.5 ADA
Deployment Status
Contract compiled
Transaction signed
Broadcasting to network…

Vault Address:

addr1q9vault2fa8x7k2m3n4p5q6r7s8t9u0v1w2x3y4z5a6b7c8d9e0f1g2h3i4j5k6l7m8n9o0p1q2r3s4t5u6v7w8x9y0z

4

Secure Transaction Flow

1. User signs

Sign with your existing Cardano wallet

Signature 1/2 ✓

2. Second factor

Enter TOTP / use WebAuthn / Google

TOTP WebAuthn Google
3. Identity Vault co‑signs

Only upon successful 2FA

Signature 2/2 ✓

Transaction complete

Example

From (Asset Vault):

addr1q9vault...x9y0z

To:

addr1q8recipient...a1b2c

Amount:

100 ADA

Status:

Confirmed

Built‑in Security Features

Multiple layers of protection without compromising user sovereignty.

Escape Hatch

Time‑locked emergency withdrawal if the co‑signer becomes unavailable.

Co‑Signer Updates

Change the Identity Vault address with proper authorization.

Non‑Custodial

Identity Vault never holds private keys or assets — only conditional signatures.

Open Source

Smart contracts, SDKs, and API specs will be open‑sourced. Backend is closed‑source but auditable.

12‑Month Roadmap

Cardano‑first MVP, multi‑auth expansion, and ZK research — not ZK implementation.

M1

Months 1–4: Cardano MVP

Testnet Asset Vault + TOTP + Extension interception + Landing page

Planned
  • • Deploy Asset Vault (testnet)
  • • TOTP authentication
  • • Browser extension (CIP‑30 interception)
  • • QA + community feedback
M2

Months 5–7: Multi‑Auth Expansion

WebAuthn, Google login, Dashboard MVP

Next
M3

Months 8–10: Prototype

Google‑auth‑derived wallet (with Asset Vault) + protocol spec + advanced dashboard

M4

Months 11–12: ZK Research & Public Release

Security audit • Mainnet release (contracts/SDKs/specs) • ZK research document

M5

Close‑Out

Final report & video

Note: Zero‑knowledge proofs and threshold signatures are exploratory research in this proposal and are not part of the implemented MVP.