Nihilium
A protocol for universal, uncensorable secret recovery
The Web3 equivalent of "forgot my password" — making self-sovereign, UX-friendly secret recovery possible for the first time
The Problem
Today, users face a binary choice: full self-custody with no recovery, or custodial solutions that sacrifice autonomy. There is no middle ground. Existing recovery approaches suffer from three fatal flaws:
Context-Locked
Recovery is tied to a single wallet, blockchain, or service. Your Ethereum wallet recovery doesn't help you access an encrypted backup.
Orchestration Burden
Solutions like social recovery require users to coordinate backups or validators manually. This is where UX problems originate.
Censorship-Prone
Custodial recovery, KYC checks, or service denial introduce points where access can be denied under regulatory pressure.
The Solution: Sealed Packages
At the core of Nihilium is the sealed package: a public key that encrypts a secret, paired with a private key that no party has ever seen.
Recovering the secret — unsealing — is only possible when the requesting party proves that specific conditions are met. Processors are cryptographically committed to these conditions and bound to execute when valid proofs are provided.
Context-Agnostic
The same primitive works for wallets, files, credentials, or identity proofs across any blockchain or application.
User-Friendly
No coordination required. The burden of proof lies with the recovering party, not with custodians or intermediaries.
Censorship-Resistant
Game-theoretic incentives ensure processors cannot selectively refuse requests without provable slashing.
Observable
Every recovery attempt is timestamped and observable on-chain, ensuring full transparency and auditability.
Applications
Web3 "Forgot My Password"
Universal key recovery for passwords, seed phrases, or private keys using ZKEmail, ZKPassport, or other verifiable proofs. Live demo
Password Manager Recovery
Seal your master password under an identity proof. Recovery is proving who you are — no custodian required.
Emergency Medical Data
Privacy-preserving access to critical medical data during emergencies with full auditability of access attempts.
Compliance & Oversight
"Break-glass" procedures requiring multiple verifiable proofs. Keeping honest people honest through transparent access logging.
Dead Man's Switch
Automatic data release after a configurable inactivity period. Stay in control by periodically signaling liveness.
Regulatory Viewing Keys
Verifiable non-access for oversight. Every access attempt is publicly observable. Neither side depends on the other's honesty.
How It Works
Four-Actor Architecture
Nihilium operates through Clients (who generate proofs), Processors (who validate and execute), the Datastream (which timestamps and makes every recovery attempt publicly observable), and the Enforcement Layer (blockchain arbiter of last resort).
In normal operation, the protocol runs entirely off-chain and scales indefinitely. On-chain execution is only required when something goes wrong.
It utilizes a combination of zero-knowledge proofs, homomorphic encryption and financial incentives to ensure that the protocol is censorship resistant, scalable, and secure.
Modular Conditions
The protocol enables high modularity for proof aggregation, allowing complex combinations of conditions to be created.
Unseal conditions could include ZKEmail, ZKPassport, ownership proofs, time-locks etc, and any combination of these.
Economic Security
Sealing is prepaid. Unsealing is free. Processors are economically bound to execute without extortion risk.