Phase 3 (Factory Contract) is open for contributors — see open issues
Introduction

Veil — Invisible Wallet

Veil is a passkey-powered smart wallet built on Stellar Soroban. It lets users register, authenticate, and authorize blockchain transactions using device biometrics — Face ID, fingerprint, or Windows Hello — with no seed phrases and no private key exposure.

Veil implements the WebAuthn / FIDO2 standard and the ES256 (P-256 ECDSA) signature scheme. All cryptographic verification happens on-chain inside a Soroban custom account contract.

Why Veil?

Traditional WalletVeil
24-word seed phraseFingerprint / Face ID
Private key fileSecure enclave (never exported)
User must back up keysDevice + guardian recovery
Complex multi-step UXSingle tap to authorize
Centralized custody riskFully self-custodied, on-chain

Core Concepts

  • WebAuthn — A W3C standard that lets browsers create and use P-256 key pairs stored in hardware secure enclaves.
  • Soroban Custom Account — A contract that implements __check_auth, called by the Soroban runtime for every transaction authorization.
  • Challenge Binding — The Soroban signature_payload (32 bytes) is used directly as the WebAuthn challenge, binding the biometric signature to the exact transaction.
  • P-256 ECDSA — The ES256 algorithm used by WebAuthn, verified on-chain using the p256 Rust crate.

Project Structure

invisible_wallet/
├── contracts/invisible_wallet/   # Rust/Soroban smart contract
│   └── src/
│       ├── lib.rs                # Entry points + __check_auth
│       ├── auth.rs               # WebAuthn ES256 verification
│       └── storage.rs            # Signer/guardian storage
└── sdk/
    └── src/
        ├── useInvisibleWallet.ts # React hook
        └── utils.ts              # Crypto utilities

Quick Navigation

Getting StartedArchitectureContract APISDK ReferenceSecurity

Development Status

PhaseStatusDescription
Phase 1CompleteContract, WalletError, 6 unit tests
Phase 2CompleteFull WebAuthn pipeline, DER to raw, key extraction
Phase 3In ProgressFactory contract, deterministic deployment
Phase 4UpcomingTestnet integration, end-to-end demo
Phase 5UpcomingGuardian recovery, multi-signer, replay protection
⚠️

Veil is under active development. The contract and SDK APIs may change before a stable 1.0 release. Do not use on Mainnet yet.

Getting Started