Zero Knowledge Proofs Based Protocol to Secure Private Keys with Low-entropy Passwords

Introduction. ZeroWallet is a cryptographic protocol designed to provide the convenience of brain wallets with a security guarantee comparable to third party multi-sig setups. It provides a novel non-custodial method of deriving private keys from passwords whilst ensuring brute force resistance. ZeroWallet relies on an Oblivious Pseudo Random Function (OPRFs) that is derived from the OPAQUE password authenticated key exchange protocol to ensure that clients never see the server key (a salt) while the server never sees the client’s passwords. Through an incorporated 2,3 threshold secret sharing scheme, the protocol also allows for private key recovery even in the absence of server interaction. ZeroWallet is implemented on Elliptic Curve Cryptography (ECC) and a fully functional public demo is available at

Key Words: password derived keys, multisig, oblivious transfer

The ZeroWallet protocol was developed by me with Dr Andrew Miller, Asst. Professor of ECE at University of Illinois, Urbana-Champaign (UIUC). The protocol is completely open source, with the code & documentation available at The project page is ZeroWallet has now been nominated for a ZCash Foundation Grant and will likely be included as part of a ZCash Improvement Proposal (ZIP). See the coverage by UIUC at and the Initiative for Cryptocurrencies & Contracts (IC3) at

Demo in front of Profs at Univ. Of Illinois Urbana Champaign