whitepaper.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  <meta name="description" content="CroVault Whitepaper. CroVault offers a secure, encrypted, blockchain-based alternative.">
  <meta name="keywords" content="whitepaper, white paper, crypto backup, decentralized vault, CroVault, secure crypto storage">
  <title>Whitepaper - Crovault secure blockchain privacy vault</title>
  <link rel="stylesheet" href="/css/vault.css">
  <link rel="canonical" href="https://crovault.com/whitepaper" />
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.7.2/css/all.min.css">
</head>
<body>
  <!-- Header with menu -->
  <header>
    <div id="headerDiv" class="header-content">
      <a href="/" title="CroVault homepage">
        <picture>
          <source srcset="../assets/images/Icon/crovault-logo.webp" type="image/webp">
          <img src="../assets/images/Icon/crovault-logo.png" 
                alt="CroVault secure data vault logo" 
                title="CroVault – blockchain-secured personal data storage">
        </picture>
      </a>
      <div>
        <span class="title">CroVault</span>
      </div>
    </div>
  </header>

  <div class="content">
    <div class="text-center mb-5">
        <h1><i class="fas fa-lock"></i> CroVault Whitepaper</h1>
        <p>April 26, 2025</p>
    </div>

    <section class="section">
        <h2>Introduction</h2>
        <p>In an increasingly digital world, safeguarding sensitive information including credentials, notes, cryptocurrency wallets, PINs, bank accounts,
           credit cards, insurance policies, identity documents, legal documents, assets, emergency contacts, and subscriptions. CroVault is a decentralized, 
           blockchain-based privacy vault designed to securely store sensitive user data with robust encryption and blockchain technology.</p>
    </section>

    <section class="section">
        <h2>Overview</h2>
        <p>CroVault allows users to securely store:</p>
        <ul>
            <li>Credentials (usernames, passwords, remarks)</li>
            <li>Notes (private encrypted notes)</li>
            <li>Wallet Addresses (including private keys and seed phrases)</li>
            <li>TOTP Secrets (for 2FA authentication)</li>
            <li>PIN Codes (for cards, devices, vaults)</li>
            <li>Bank Accounts (IBAN, SWIFT, bank details)</li>
            <li>Credit Cards (encrypted card info and usage)</li>
            <li>Insurance Policies (coverage, expiry, linked assets)</li>
            <li>Identity Documents (passport, driver's license, ID cards)</li>
            <li>Legal Documents (wills, powers of attorney, contracts)</li>
            <li>Assets & Ownership Records (property, vehicles, artwork)</li>
            <li>Emergency Contacts & Trustees (family, legal representatives)</li>
            <li>Subscriptions & Recurring Payments (Netflix, AWS, etc.)</li>
        </ul>
        <p>
            Data is encrypted client-side using a combination of the user's chosen password and a cryptographic key derived from a signed wallet message, 
            ensuring users maintain complete control and privacy of their data.
        </p>
    </section>

    <section class="section">
        <h2>Smart Contract Infrastructure</h2>
        <p>CroVault consists of several smart contracts deployed on the Cronos blockchain:</p>
        <h3><a href="https://explorer.cronos.org/address/0x50E2c7201d5714e018a33203FbD92979BC51eee4" rel="noopener" target="_blank">CostManager.sol</a></h3>
        <ul>
            <li>Centralized contract to manage fees related to vault creation and data operations.</li>
            <li>Provides functions to query current pricing (vaultCreationCost, vaultUpsertCost).</li>
        </ul>        
        <h3><a href="https://explorer.cronos.org/address/0x3a2649A49c8Bb5A9d0500bF0e43af27B706D084F" rel="noopener" target="_blank">VaultFactory.sol</a></h3>
        <ul>
            <li>Manages the creation of individual user VaultContracts.</li>
            <li>Maintains a mapping from wallet addresses to user-specific vault addresses.</li>
            <li>Emits events upon successful vault creation.</li>
        </ul>
        <h3><a href="https://explorer.cronos.org/address/0x3D47B247c139F55F5e01371d145d65d406c54A55" rel="noopener" target="_blank">VaultContract.sol</a></h3>
        <ul>
            <li>Individual contracts deployed per user.</li>
            <li>Stores encrypted user data including credentials, notes, wallet details, and TOTP secrets.</li>
        </ul>
        <h3><a href="https://explorer.cronos.org/address/0x15Dc7cb6641cddcF66C28Dfb86cdEffdBa3Bf0E8" rel="noopener" target="_blank">VaultContract2.sol</a></h3>
        <ul>
            <li>Individual contracts deployed per user.</li>
            <li>Stores encrypted user data including PIN codes, Bank accounts and Credit cards.</li>
        </ul>
        <h3><a href="https://explorer.cronos.org/address/0x44f46316616e6db886269Aedf495CB723CCf3dE6" rel="noopener" target="_blank">VaultContract3.sol</a></h3>
        <ul>
            <li>Individual contracts deployed per user.</li>
            <li>Stores encrypted user data including Insurances, Identity documents and Legal documents.</li>
        </ul>
        <h3><a href="https://explorer.cronos.org/address/0x39fCf13A75B3Cb2957620F3034fed7C2E6731e6a" rel="noopener" target="_blank">VaultContract4.sol</a></h3>
        <ul>
            <li>Individual contracts deployed per user.</li>
            <li>Stores encrypted user data including Assets, Emergency contacts and Subscriptions.</li>
        </ul>
    </section>

    <section class="section">
        <h2>Decentralized Application (dApp)</h2>
        <p>CroVault’s frontend is designed using HTML, CSS, JavaScript, and utilizes:</p>
        <ul>
            <li>Ethers.js for blockchain interactions</li>
            <li>Web3Modal for wallet connectivity</li>
            <li>Bootstrap and Font Awesome for UI/UX design</li>
        </ul>
        <h3>User Workflow</h3>
        <ol>
            <li>Wallet Connection
                <ul>
                    <li>Users connect their crypto wallet using Web3Modal.</li>
                </ul>
            </li>
            <li>Vault Creation
                <ul>
                    <li>Users create a vault by interacting with the VaultFactory smart contract.</li>
                </ul>
            </li>
            <li>Password Setup
                <ul>
                    <li>Users set a secure password used for client-side encryption of their vault data.</li>
                    <li>Users are informed that the password cannot be recovered or changed.</li>
                </ul>
            </li>
            <li>Data Management
                <ul>
                    <li>Users can add or modify credentials, notes, wallet addresses, TOTP entries, PIN codes, bank accounts, credit cards, 
                      insurance policies, identity documents, legal documents, asset ownership records, emergency contacts, and subscription data.</li>
                    <li>Data is encrypted client-side before being transmitted and stored in the user's VaultContract.</li>
                    <li>Batch operations allow efficient updates with optimized transaction costs.</li>
                </ul>
            </li>
            <li>Data Encryption and Decryption
                <ul>
                    <li>Encryption uses AES-GCM with keys derived from the user’s password and a signed wallet message.</li>
                    <li>Data remains securely encrypted at rest and is only decrypted client-side upon user request.</li>
                </ul>
            </li>
            <li>Fee Management and Transparency
                <ul>
                    <li>Users can view current fees for vault creation and data updates in-app, ensuring transparency.</li>
                </ul>
            </li>
        </ol>
    </section>

    <section class="section">
        <h2>Security and Privacy</h2>
        <ul>
            <li>All sensitive data is encrypted client-side, ensuring only the user can decrypt it.</li>
            <li>Blockchain ensures data immutability and transparency of transactions.</li>
            <li>Users retain full custody of their data without reliance on centralized storage.</li>
        </ul>
    </section>

    <section class="section">
        <h2>Risks and Disclaimers</h2>
        <ul>
            <li>Users must securely manage their encryption passwords and wallet access; CroVault cannot recover lost passwords or vault access.</li>
        </ul>
    </section>

    <section class="section">
        <h2>Conclusion</h2>
        <p>CroVault provides a secure, decentralized solution for storing and managing sensitive personal, financial, and legal information 
          securely and privately using blockchain technology, ensuring privacy, security, and user autonomy.</p>
    </section>

  </div>
  <footer class="mt-4">
    <p>
      <strong>&copy; 2025 CroVault. All Rights Reserved.</strong>
      &nbsp;|&nbsp;
      <a href="/privacy.html" class="text-light">Privacy Policy</a>
      &nbsp;|&nbsp;
      <a href="/terms.html" class="text-light">Terms and Conditions</a>
      &nbsp;|&nbsp;
      <a href="/license.html" class="text-light">MIT License</a>
    </p>
    <p>
      ⚠️ Disclaimer: CroVault is a decentralized application. You are solely responsible for your data, wallet, and password. We cannot recover lost vaults.
    </p>
    <div>
      <a href="https://x.com/Swerfter" title="Twitter/X" class="social-link sl-style">
        <i class="fab fa-x-twitter"></i>
      </a>
    </div>
  </footer>
</body>
</html>