Enclv

Hardware-Secured Account Abstraction via Apple Secure Enclave for Seed-Phrase-Free Ethereum Wallets Master's Thesis in Computer Science · By Alessio Rubicini

Enclv is an iOS Ethereum wallet developed as a Master's thesis in Computer Science. Private keys are generated and stored inside the Apple Secure Enclave, transactions are authorised via Face ID, and account recovery is built on Passkeys combined with a zero-knowledge proof of hardware attestation, without ever requiring a seed phrase.

View on GitHub SOON Read Full Thesis (PDF) SOON

Motivation

A persistent tension in wallet design.

The mnemonic seed phrase remains one of the principal barriers to broad adoption of self-custodial Ethereum wallets. A sequence of 12 to 24 randomly drawn words constitutes the sole credential for an account: if lost, the wallet is permanently inaccessible; if exposed, all associated assets can be transferred without recourse. There is no credential-reset mechanism and no custodial fallback.

Existing designs navigate a three-way tension between the properties below. Addressing any two tends to compromise the third, and no prior work resolves all three simultaneously within a non-custodial model.

🔑

Self-Sovereignty

The account owner holds exclusive control over private key material. No third-party custodian, escrow service, or recovery authority is involved.

⚡

Usability

Accessible onboarding, straightforward recovery, and authentication flows that do not presuppose cryptographic expertise.

🛡️

Security

Verifiable guarantees that private key material cannot be extracted or forged, even under full device compromise.

Approach

Composing Apple and Ethereum primitives.

The thesis proposes eliminating the seed phrase by composing three complementary primitives: hardware-backed key storage, programmable smart accounts, and an efficient on-chain signature verification precompile, each addressing a distinct side of the trilemma.

Apple Secure Enclave

Key pairs are generated inside isolated hardware and bound to the device chip.

The Apple Secure Enclave Processor (SEP) is a dedicated cryptographic co-processor physically isolated from the application CPU. Key generation and all signing operations occur exclusively within the SEP; the private key material is never exposed to the operating system or application layer. User authorisation is delegated to Face ID or Touch ID, removing the need for passwords or mnemonic transcription.

Addresses security and usability jointly.

ERC-4337 · ERC-7579

Modular smart account architecture based on ERC-4337 and ERC-7579.

Rather than a standard externally-owned account (EOA) bound to a single key, each Enclv wallet is implemented as a smart account. A Validator module verifies secp256r1 signatures from the Secure Enclave, an Executor module handles intent-based transaction dispatch, and Hook modules enforce policies such as spending rate limits and recovery timelocks. The modular design allows individual components to be replaced without altering the wallet's on-chain address or identity.

Addresses self-sovereignty and programmable recovery.

RIP-7212 Precompile

Efficient on-chain P-256 signature verification via the RIP-7212 precompile.

The Secure Enclave operates over the secp256r1 (P-256) curve, whereas Ethereum's native ECDSA implementation uses secp256k1. Pure-Solidity P-256 verification has historically required around 330,000 gas per operation. The RIP-7212 precompile, deployed on Polygon and several other L2 networks, reduces this to approximately 3,450 gas, making hardware-native signatures economically feasible within a realistic fee budget.

Reduces P-256 verification cost by roughly 99%.

Technical Architecture

Two design contributions beyond standard implementations.

The following components represent the primary research contributions of the thesis, distinguishing Enclv from a straightforward smart account wallet implementation.

ZK-Hardware Attestation

Verifying hardware provenance while preserving user privacy.

Apple's App Attest framework allows a device to demonstrate that a given key pair was generated inside a genuine Secure Enclave. However, the resulting attestation certificate contains identifiable metadata: device model, AAGUID, and a receipt, that cannot be published on-chain without privacy implications. To retain the cryptographic guarantee while discarding the identifying fields, Enclv wraps the attestation verification inside a ZK-SNARK circuit implemented with Circom and snarkjs. The on-chain validator receives only the proof, not the raw certificate.

App Attest · snarkjs · Circom · Groth16 proof system

Hybrid Recovery System

Time-locked, passkey-based account recovery with cancellation guarantees.

Device loss must not result in permanent account inaccessibility, yet a recovery mechanism cannot introduce an exploitable backdoor. The proposed scheme enforces a 48-hour timelock before any recovery transaction is executed, followed by a 7-day quarantine window during which the original key holder can submit a cancellation. Passkeys synchronised via iCloud Keychain serve as an out-of-band second factor, enabling access restoration on a new device without seed phrase involvement.

Passkeys · WebAuthn · ERC-7579 Hook modules · 48h timelock · 7d quarantine

Technology Stack

A three-layer monorepo architecture.

The implementation is structured as a monorepo comprising three layers: a native iOS application, a server-side backend responsible for ZK attestation verification and UserOperation relaying, and a set of on-chain Solidity smart contracts.

Blockchain

Ethereum L2 testnet & account standards

Polygon Amoy ERC-4337 ERC-7579 RIP-7212

Mobile

Native iOS wallet · SEP & Apple frameworks

Swift SwiftUI CryptoKit Passkeys AuthenticationServices DeviceCheck

Smart contracts

Solidity & Foundry · Certora for formal checks

Solidity Foundry Certora

Backend

Attestation & relayer APIs

Node.js TypeScript Express viem

Attestation / ZK

Apple attestation & circuit tooling

App Attest snarkjs Circom

Infra

RPC, bundler & deployment

Alchemy Pimlico Vercel