CroVault Whitepaper

Introduction

In an increasingly digital world, safeguarding sensitive information including credentials, notes, cryptocurrency wallets, PINs, bank accounts, credit cards, insurance policies, identity documents, legal documents, assets, emergency contacts, and subscriptions. CroVault is a decentralized, blockchain-based privacy vault designed to securely store sensitive user data with robust encryption and blockchain technology.

Overview

CroVault allows users to securely store:

• Credentials (usernames, passwords, remarks)
• Notes (private encrypted notes)
• Wallet Addresses (including private keys and seed phrases)
• TOTP Secrets (for 2FA authentication)
• PIN Codes (for cards, devices, vaults)
• Bank Accounts (IBAN, SWIFT, bank details)
• Credit Cards (encrypted card info and usage)
• Insurance Policies (coverage, expiry, linked assets)
• Identity Documents (passport, driver's license, ID cards)
• Legal Documents (wills, powers of attorney, contracts)
• Assets & Ownership Records (property, vehicles, artwork)
• Emergency Contacts & Trustees (family, legal representatives)
• Subscriptions & Recurring Payments (Netflix, AWS, etc.)

Data is encrypted client-side using a combination of the user's chosen password and a cryptographic key derived from a signed wallet message, ensuring users maintain complete control and privacy of their data.

Smart Contract Infrastructure

CroVault consists of several smart contracts deployed on the Cronos blockchain:

CostManager.sol

• Centralized contract to manage fees related to vault creation and data operations.
• Provides functions to query current pricing (vaultCreationCost, vaultUpsertCost).

VaultFactory.sol

• Manages the creation of individual user VaultContracts.
• Maintains a mapping from wallet addresses to user-specific vault addresses.
• Emits events upon successful vault creation.

VaultContract.sol

• Individual contracts deployed per user.
• Stores encrypted user data including credentials, notes, wallet details, and TOTP secrets.

VaultContract2.sol

• Individual contracts deployed per user.
• Stores encrypted user data including PIN codes, Bank accounts and Credit cards.

VaultContract3.sol

• Individual contracts deployed per user.
• Stores encrypted user data including Insurances, Identity documents and Legal documents.

VaultContract4.sol

• Individual contracts deployed per user.
• Stores encrypted user data including Assets, Emergency contacts and Subscriptions.

Decentralized Application (dApp)

CroVault’s frontend is designed using HTML, CSS, JavaScript, and utilizes:

• Ethers.js for blockchain interactions
• Web3Modal for wallet connectivity
• Bootstrap and Font Awesome for UI/UX design

User Workflow

1. Wallet Connection
• Users connect their crypto wallet using Web3Modal.
2. Vault Creation
• Users create a vault by interacting with the VaultFactory smart contract.
3. Password Setup
• Users set a secure password used for client-side encryption of their vault data.
• Users are informed that the password cannot be recovered or changed.
4. Data Management
• Users can add or modify credentials, notes, wallet addresses, TOTP entries, PIN codes, bank accounts, credit cards, insurance policies, identity documents, legal documents, asset ownership records, emergency contacts, and subscription data.
• Data is encrypted client-side before being transmitted and stored in the user's VaultContract.
• Batch operations allow efficient updates with optimized transaction costs.
5. Data Encryption and Decryption
• Encryption uses AES-GCM with keys derived from the user’s password and a signed wallet message.
• Data remains securely encrypted at rest and is only decrypted client-side upon user request.
6. Fee Management and Transparency
• Users can view current fees for vault creation and data updates in-app, ensuring transparency.

Security and Privacy

• All sensitive data is encrypted client-side, ensuring only the user can decrypt it.
• Blockchain ensures data immutability and transparency of transactions.
• Users retain full custody of their data without reliance on centralized storage.

Risks and Disclaimers

• Users must securely manage their encryption passwords and wallet access; CroVault cannot recover lost passwords or vault access.

Conclusion

CroVault provides a secure, decentralized solution for storing and managing sensitive personal, financial, and legal information securely and privately using blockchain technology, ensuring privacy, security, and user autonomy.