Authors: Jimmy Chu
Created: 2025-04-04
Abstract
Discuss the community need and feasibility of developing anonymous multi-sig wallet using Semaphore.
Proposal types
SEP ORBA type
Proposal details
Hi SAFE community, I would like to showcase a PoC I recently made and want to get the feedback from you in the forum here if it has any merit to bring some of the project features into SAFE wallet as a plugin. If yes, then we will draft up a proposal and proceed further.
Purpose and Background
Semaphore is a protocol that allow a user to prove their group membership and send signals, such as votes or endorsements, without revealing their original identity using zk proof. Furthermore, Semaphore checks that a member only send one signal on a given scope within the group. This is a project developed and maintained by Privacy and Scaling Exploration team.
So if we have use a transaction hash as the scope, a signal from a member can be seen as an approval (signature) for the transaction. When enough signals have been made, the transaction is approved and can be executed.
I recently completed such a PoC on integrating Semaphore as two smart account modules (a validator module and executor module) and could make a smart account behaves as an anonymous multi-sig wallet.
- Here is the PoC demo app (demo video)
- Project source code
- Project writeup with technical overview and overall architecture.
Effects and Impact Analysis
The benefit of such multi-sig account is giving additional privacy to the account members and prevent them from being targeted by hackers or social attacks (think about the multi-sig whale accounts). We still need one EOA as the owner of the smart account and that could be a totally new EOA.
With the proposal passed and the implementation completed there will be a new plugin users could choose to install in their SAFE wallet. With the plugin and extended UI (see below for discussion), they can sign a transaction using a Semaphore identity.
The risks is that users have an additional Semaphore identity/private key need to take care of.
We can then measure the impact by number of accounts that install this plugin and use it to sign transactions.
Implementation
Does the implementation of the proposal require new code? How is the security of the code ensured? How is the implementation of the proposal carried out?
Own implementation but with funding (how much % to implementation)
The implementation will need new code with funding support from SAFE dao. Both I and PSE team will be involved in the development work.
Open Questions
I would like to get the feedback from you, particularly on the following:
-
Is this something SAFE wallet community also feel valuable and something that could make into a formal proposal to support its development?
-
I am not sure if an ERC7579 Executor module is something SAFE allows as it may grant too much power on what a module can do in a SAFE wallet. Is there restriction on what an executor module can (or cannot) do in a SAFE wallet?
-
As shown in the demo video, we use a Semaphore identity to “sign” a tx. Is there a way to extend the SAFE wallet UI to perform the signing? Or a way to bring our own UI and integrate it in Safe wallet UI?
Copyright
Copyright and related rights waived via CC0.