QuantumAuth — Account Abstraction with TPM‑Sealed Keys

QuantumAuth is an ERC‑4337 Account Abstraction (AA) smart‑contract system designed to eliminate traditional private‑key exposure by combining:

• Account Abstraction (ERC‑4337)
• TPM‑sealed cryptographic keys
• Policy‑driven authorization & recovery
• Hardware‑bound security guarantees

This repository contains the on‑chain contracts, deterministic build tooling, and Go bindings used by the QuantumAuth wallet and client stack.

---

🔐 Security Model

Traditional Wallets

• Private keys stored in software
• Vulnerable to malware, memory scraping, phishing
• Single point of failure

QuantumAuth

• Keys are generated and sealed inside a TPM
• Private key material never leaves hardware
• Smart contracts validate TPM‑backed signatures
• Recovery and authorization enforced on‑chain

Even a fully compromised operating system cannot extract or reuse the private key.

---

🧩 Architecture

On‑chain Contracts

• QuantumAuthAccount.sol ERC‑4337 compatible Account Abstraction wallet implementing:

  • TPM‑verified signatures
  • Multi‑mode authorization
  • Recovery logic

• TPMVerifierSecp256k1.sol Verifies secp256k1 signatures produced by TPM‑sealed keys.

• EntryPoint.sol Standard ERC‑4337 EntryPoint (pinned, deterministic build).

• QAERC20.sol Minimal ERC‑20 used for testing, tooling, and bindings generation.

Off‑chain

• Deterministic Solidity compilation via Dockerized solc
• Go bindings generated via abigen
• Client handles TPM interaction, policy evaluation, and UserOperation construction

---

📦 Repository Structure

contracts/
  account/QuantumAuthAccount.sol
  TPMVerifierSecp256k1.sol
  QAERC20.sol

abi/
bin/
bindings/go/

scripts/
  gen-solc.sh
  gen-abigen.sh

---

⚙️ Solidity Version

• Solidity: ^0.8.24
• Compiled using a pinned Docker solc image for reproducibility

---

🛠 Build & Code Generation

Generate ABI / BIN

pnpm run gen:solc

Generate Go bindings

pnpm run gen:abigen

Full generation pipeline

pnpm run gen

CI enforces that generated artifacts are always committed and up‑to‑date.

---

🧪 Testing

Tests are executed using Hardhat:

pnpm test

Tests cover:

• ERC‑4337 validation flows
• Signature verification
• Account recovery modes
• ERC‑20 interactions

---

📊 Coverage

Coverage reporting will be added using solidity-coverage.

Planned command:

pnpm run coverage

Badge will update automatically once enabled in CI.

---

🔄 Deterministic Builds

• Solidity compiled via pinned solc version
• ERC‑4337 EntryPoint pinned to a specific release
• Generated bytecode and bindings checked in
• CI guarantees reproducible outputs

---

🚦 CI Pipelines

• contracts — Solidity compilation & binding generation
• tests — Hardhat test suite

Both pipelines must pass for changes to be accepted.

---

📜 License

Licensed under the Apache License, Version 2.0.

See LICENSE for details.

---

🧭 Status

QuantumAuth is under active development. The core architecture is stable; authorization policies and tooling continue to evolve.

---

🤝 Contributions

Security reviews, audits, and protocol‑level feedback are welcome.

If you are an Ethereum developer interested in hardware‑backed Account Abstraction, your input is especially valuable.