ZK-ACE replaces ECDSA signatures with identity-bound zero-knowledge proofs. No private keys. No elliptic curves. Your identity is proven in zero knowledge — secure against both classical and quantum adversaries.
Every EVM wallet relies on elliptic curve signatures. Shor's algorithm on a fault-tolerant quantum computer breaks them completely. Your funds, your NFTs, your DeFi positions — all at risk.
NIST-standardized PQ signatures (ML-DSA, Falcon) are 2–5 KB per transaction. On rollups where calldata is the bottleneck, this is a 30–40x increase in authorization data.
Existing quantum-resistant projects require abandoning the EVM ecosystem. Users must bridge assets to new L1s, learn new tooling, and trust untested infrastructure.
Instead of signing transactions, you prove in zero knowledge that you know a secret consistent with an on-chain identity commitment. No signature object ever touches the chain.
A single STARK proof replaces the entire signature. Hash-only cryptography — no elliptic curves, no pairings, no trusted setup, nothing for Shor's algorithm to attack. Unlike lattice or one-time signatures, STARK proofs are stateless: the same identity works forever with no key exhaustion risk.
Works on every EVM chain today. No protocol changes. No new L1. Deploy a vault on Arbitrum, Base, Optimism, or Ethereum mainnet via a single factory call.
From identity creation to authorized transaction, the entire flow uses zero-knowledge proofs with no classical signing keys.
Derive your identity secret from a 24-word recovery phrase via PBKDF2. Compute your identity commitment: a cryptographic hash anchored on-chain.
IDcom = Hash(REV, salt, chainId)
Call the factory contract with your IDcom. You get a deterministic ERC-4337 smart wallet address — works the same on every EVM chain.
factory.createAccount(IDcom, 0)
To authorize a transaction, generate a STARK proof that you know the REV matching the on-chain IDcom. The proof uses only Keccak256 hashing — no elliptic curves anywhere. Binds to the specific transaction, chain, and nonce.
proof = STARK.prove(REV, tx, nonce)
The smart contract verifies the STARK proof using native EVM keccak256 and Goldilocks field arithmetic. Checks TxHash, domain, and Merkle commitments, advances the nonce, and executes your transaction.
verifier.verifyProof(proof, inputs)
Every component is implemented, tested, hardened, and deployed. Not a whitepaper — a working system.
FRI-based (Winterfell). Hash-only — zero elliptic curves. Keccak256 for Merkle trees and Fiat-Shamir. No trusted setup. Fully post-quantum.
p = 264 − 232 + 1. Native 64-bit arithmetic. EVM verification via mulmod/addmod opcodes (8 gas each).
Same hash as the EVM KECCAK256 opcode (30 gas). Merkle verification is native. Quantum-secure as a symmetric primitive (128-bit post-quantum).
44 FRI queries, blowup factor 8, quadratic extension field. 132-bit soundness with 20-bit grinding. Compact for a transparent proof system.
5.6M gas on Arbitrum One with full algebraic verification (Fiat-Shamir + OOD constraints + DEEP composition + Merkle + remainder). The only deployed PQ verification on any EVM chain.
Tests across Rust (43) and Solidity (87) including STARK E2E with real proofs. Circuit soundness, field arithmetic, Merkle verification, Fiat-Shamir cross-validation, replay prevention.
Every layer of the system is built to withstand both classical and quantum adversaries.
STARKs are fully transparent — no toxic waste, no MPC ceremony, no trusted third parties. Security depends only on hash functions.
Keccak256 + Goldilocks field only — zero elliptic curves, zero pairings. Nothing for Shor's algorithm to attack. 128-bit post-quantum security.
TxHash recomputed from calldata on-chain — never trusted from the prover. Domain checked against block.chainid. All public inputs validated as field elements.
Monotonic nonce internal to the account contract. Only advances after valid ZK proof through the EntryPoint. No external actor can manipulate it.
2-step timelock rotation: propose a new identity, wait 48 hours, confirm. Emergency pause halts all operations. Both require valid proof.
Identity secrets are zeroized on drop. No Clone or Debug derive. REV is wiped from memory after proof generation.
STARK verifier and vault factory deployed on multiple EVM chains with confirmed quantum-resistant transactions.
| Contract | Address | Network | Role |
|---|---|---|---|
| StarkVerifier | 0xE1B8750ED6Fd835e7D27a1A4F08532BDbFb9F6d4 | Arbitrum One | Proof Verification |
| Vault Factory | 0x5c7D026978Fa2D159dCC0Bb87F25DbaBfE872614 | Arbitrum One | CREATE2 Deployment |
| StarkVerifier | 0x6DE1A42fD9c1aB4A46D8Af388a212F772513E010 | Base | Proof Verification |
| Vault Factory | 0x01896D39682d9f95c801E286ed5abEB3D7738520 | Base | CREATE2 Deployment |
Deploy your quantum-resistant vault today. It takes one CLI command and costs less than a penny.