Sismo Docs

Sismo Vault

An encrypted privacy-preserving UX tool
The Sismo Vault is an encrypted stash of secrets—accessible only to its owner. Users can privately import accounts into the Vault and store the cryptographic secrets necessary to generate ZK Badges. In essence, the Sismo Vault is analogous to an encrypted password manager—functioning as a UX tool that preserves user privacy. Where password managers store passwords, the Sismo Vault stores cryptographic signatures used for private identity verification on web3.

Imported Accounts

The Sismo Vault allows users to prove claims about their imported accounts to third parties in a frictionless and privacy-preserving manner. Beyond the private transfer of data between imported accounts, users will utilize the Sismo Vault to access applications in the web3 social space.
Two different types of accounts can be imported into the Sismo Vault:
  • Web3 accounts (Ethereum addresses owned by a private key)
  • Web2 accounts (GitHub, Twitter)
Web3 accounts are imported into the Sismo Vault by signing messages that generate a deterministic seed used for decryption. Web2 accounts are imported via an OAuth authorization process that associates the account with a seed generated from a private key in the Vault.
Imported Web3 accounts are designated as Vault owners by default, though this can be modified in the app’s settings.

Encrypted Storage

When creating a Sismo Vault, users sign a message to generate a seed—derived deterministically from the user’s ECDSA wallet signature.
This seed is used to encrypt and decrypt the Sismo Vault, giving access to the secrets inside. The Sismo Vault only ever exists in its decrypted state in a user’s browser—remaining fully encrypted in the Sismo Vault backend.
As the Sismo Vault seed is deterministic, it ensures a user can always access their Vault with the same ECDSA wallet signature. If a user loses access to an imported web2 account, they can regain access to the Sismo Vault via a generated backup key.
In the Sismo app, users can grant Vault access to additional wallet addresses—making them owner accounts that can decrypt and access the Vault. Linking accounts has no implications on user privacy due to the encrypted nature of the Vault.

Stash of ZK Secrets

In addition to the decryption seed, the Sismo Vault stores the cryptographic secrets used in zero-knowledge proving schemes. When importing accounts into the Sismo Vault, users sign a message to generate an off-chain commitment.
After submitting a commitment to the commitment mapper, the Sismo Vault receives a commitment receipt. This receipt verifies proof of ownership and privately associates a single address with a commitment. The commitment receipt is subsequently used to verify ownership in the Hydra S1 proving scheme in a ZK SNARK.
As commitment receipts are stored in the Sismo Vault, users are not required to repeat the commitment process when generating ZK Badges.
In this sense, the Sismo Vault is a stash of secrets—resembling private cookies that allow users to leverage their data across web3 seamlessly.