Whitepaper
Draft - This document is a work in progress and subject to change.
Untrace: A Privacy-First Network for Sharded, Wallet-Gated Data and Verifiable Attestations
Version 0.1 - May 2026
Abstract
Untrace is a privacy protocol for storing, sharing, and proving facts about sensitive data without placing the full data object in one location. It combines client-side encryption, Shamir's Secret Sharing, erasure-coded payload shards, node-side wallet-signature verification, decentralized node distribution, and optional ZK proofs for dashboard attestations.
Our Roadmap is to build up to a Layer 1 gradually, reaching every privacy primitive in a practical path: private vault storage first, Rust-based sharding nodes, policy registries on existing chains, and Noir-based ZK proofs for selected file-derived claims such as bank statement PDF attestations.
1. Introduction
1.1 The Centralization Problem
Every data breach in history shared one architectural characteristic: the data existed in one place. Firewalls, encryption-at-rest, intrusion detection systems, and AI-powered SOC teams all operate under the assumption that data will be stored centrally and that security means defending that central location.
This model has failed systematically. The asymmetry is structural: attackers only need one path into the target, while defenders must secure every path forever.
1.2 The Untrace Thesis
The solution is a fundamentally different model for how data lives in the world:
- Sharded - split into encrypted, threshold-protected fragments
- Distributed - stored across independent nodes
- Wallet-gated - shards are returned only after nodes verify wallet-signed retrieval requests
- Provable - selected file-derived claims can be proven with ZK after dashboard access is granted
There is no master copy. No central database. No single point of failure. No administrator with unilateral plaintext access.
2. Protocol Architecture
2.1 Stack Overview
┌─────────────────────────────────────────────────────────────┐
│ APPLICATION LAYER │
│ Privacy Vault │ Bank Statement Proofs │ SBT Attestations │
├─────────────────────────────────────────────────────────────┤
│ ATTESTATION LAYER │
│ Noir Circuits │ Barretenberg Proofs │ ETH/Solana SBTs │
├─────────────────────────────────────────────────────────────┤
│ ACCESS POLICY LAYER │
│ Wallet Signatures │ On-Chain Grants │ Revocations │
├─────────────────────────────────────────────────────────────┤
│ STORAGE PROTOCOL │
│ Encryption │ SSS Key Shares │ Erasure-Coded Payload Shards │
└─────────────────────────────────────────────────────────────┘
2.2 Data Lifecycle
[ Raw Data ]
↓
[ Client-side symmetric encryption ]
↓
[ Key split into N shares via Shamir's Secret Sharing ]
↓
[ Encrypted payload erasure-coded into N shards ]
↓
[ Shard bundles distributed to Rust storage nodes ]
↓
[ Vault policy and manifest commitment anchored on-chain ]
↓
[ Reconstruction requires wallet-signed request + K-of-N shard retrieval ]
No node ever holds sufficient information to reconstruct the data independently. No entity, including Untrace, can access data without a valid wallet-signed retrieval request and enough authorized shard responses.
2.3 Cryptographic Primitives
| Primitive | Usage | Implementation Direction |
|---|---|---|
| AES-256-GCM / XChaCha20 | Symmetric encryption of data blobs | Client-side, ephemeral key per write |
| Shamir's Secret Sharing | Splitting symmetric key K into N shares | Threshold key recovery |
| Erasure Coding | Recoverable encrypted payload shards | Reed-Solomon-style encoding |
| ECDSA / Ed25519 | Wallet signatures and node identity keys | Secp256k1, Ed25519, or chain-native curves |
| Merkle Commitments | Shard manifest integrity | Root anchored on-chain |
| Noir + Barretenberg | Dashboard ZK proofs and EVM verifiers | Benchmark before production commitment |
Noir is a strong candidate for the first ZK proof layer because Noir inputs are private by default, Noir compiles to ACIR, and Barretenberg supports proof generation, circuit analysis, recursive proof work, and Solidity verifier generation.
2.4 Node Network
The initial Untrace node network should be built as a Rust service before any full Layer 1 work. Nodes are responsible for:
- Storing assigned encrypted shard bundles
- Maintaining node identity keys
- Verifying wallet-signed retrieval requests
- Checking vault policy and revocation state
- Returning encrypted shards with signed delivery receipts
- Participating in availability checks
Recommended Rust components include tokio for async runtime, QUIC or gRPC for transport, and RocksDB, object storage, or a similar backend for shard persistence. A permissioned or semi-permissioned node set is the realistic MVP; permissionless staking, slashing, and full storage proofs should come later.
3. Access and Identity Layer
3.1 Wallet-Signed Retrieval
Vault access requires a signed request from an authorized wallet. The request includes vault ID, shard generation, nonce, expiry, action, and policy context. Each node verifies the request independently before releasing a shard.
This approach keeps shard release close to the storage boundary. It also avoids making ZK proof verification a dependency for ordinary file retrieval.
3.2 On-Chain Policy Registry
Vault policies record ownership, grants, revocations, thresholds, and expiration rules. Policies can live first on Ethereum-compatible testnets, then expand to Solana or other chains as integrations mature.
3.3 Dashboard ZK Proof System
ZK proofs are used when the user already has dashboard access and wants to prove a fact from a document without disclosing the document.
Example: a user can prove from a bank statement PDF that their balance is above a threshold or that their income falls inside a required range. The proof can be generated with a Noir circuit and verified on EVM through a Barretenberg-generated Solidity verifier when gas and proof size benchmarks are acceptable.
3.4 Soulbound Attestations
After a proof or document-derived claim is approved, the user may sign an attestation that mints a soulbound token on Ethereum or Solana.
Ethereum path:
- Use an attestation registry or non-transferable ERC-721 pattern
- Consider ERC-5192-style locked NFTs for simple SBT semantics
- Keep raw document data off-chain
Solana path:
- Use Token-2022 extensions or program-owned attestations
- Consider non-transferable token behavior where supported by the selected implementation
- Benchmark full ZK verifier execution separately; do not assume it is MVP-ready
4. Future dApp Ecosystem
The Untrace base layer can support a future ecosystem after the core vault network is validated.
| dApp | Description | |
|---|---|---|
| Privacy Vault | Enterprise-grade encrypted document storage | Subscription + storage fees |
| Statement Proofs | ZK proofs over bank statement PDFs and dashboard files | Per-proof fee |
| SBT Attestations | Signed credentials minted on Ethereum or Solana | Attestation fee |
| Escrow | Crypto escrow payments linked to signed agreements | % of transaction volume |
| Tokenization | Fractional tokenization of real-world assets | Issuance + management fee |
5. Security Analysis
5.1 Threat Model
| Threat | Mitigation |
|---|---|
| Compromised node | K - 1 nodes cannot reconstruct the encryption key |
| Missing payload shards | Erasure coding allows recovery from threshold shard sets |
| Replay attack | Retrieval requests include nonce and expiry |
| Malicious node response | Shards are authenticated and checked against committed manifests |
| Legal compulsion of nodes | Jurisdictional diversity and threshold requirements |
| Wallet compromise | User risk remains; support revocation, rotation, and recovery policies |
| ZK proof forgery | Depends on the selected proving system and circuit review |
| Chain reorg or stale state | Nodes must wait for finality and track revocations |
5.2 Comparison
| Property | Traditional Cloud | Existing Public Storage | Untrace |
|---|---|---|---|
| Single point of failure | Yes | Partial | None in storage model |
| Data breach possible | Yes | Partial | Not from one node |
| Privacy by default | No | No | Yes |
| Wallet-gated shard retrieval | No | Rare | Native |
| Dashboard ZK attestations | No | Partial | Planned |
| Multi-chain SBT support | No | App-specific | Planned |
6. Roadmap
| Phase | Milestone | Target |
|---|---|---|
| Phase 0 | Protocol spec, threat model, crypto design review | Q2 2026 |
| Phase 1 | Client encryption, SSS, erasure coding prototype | Q3 2026 |
| Phase 2 | Rust node MVP with signed retrieval and shard receipts | Q3 2026 |
| Phase 3 | Ethereum policy registry and wallet-gated retrieval testnet | Q4 2026 |
| Phase 4 | Noir bank statement proof prototype and EVM verifier | Q4 2026 |
| Phase 5 | Ethereum and Solana SBT attestation proofs of concept | Q1 2027 |
| Phase 6 | Security review, node hardening, beta vault dashboard | Q2 2027 |
7. Conclusion
Untrace represents a shift in how sensitive data can be stored and proven. The feasible near-term protocol is a wallet-gated private vault network with signed shard retrieval and optional ZK attestations. A full Layer 1, permissionless storage economy, generalized private transactions, and production storage proofs are possible future phases, but they should follow a validated vault and attestation MVP.
References
- Shamir, A. (1979). How to Share a Secret. Communications of the ACM.
- W3C. (2022). Decentralized Identifiers (DIDs) v1.0. W3C Recommendation.
- Noir documentation: private-by-default circuit inputs, ACIR compilation, Nargo testing, and Barretenberg Solidity verifier generation.
- Solana Token-2022 documentation: token extensions including metadata, default account state, and programmable transfer behavior.
- OpenZeppelin Contracts documentation: secure smart contract building blocks for Ethereum-compatible deployments.
This whitepaper is a draft. All specifications, figures, and timelines are subject to change as the protocol evolves.