Blockchain is an isolated environment by design, which means that it is difficult and expensive to move external existing data into it. Even if we lower (or accept) the cost of storage and transaction fees, the claim verification issue is still there. Let’s take the example of recovering smart contract wallets. The recovery mechanism must be secure enough to prevent bad actors from accessing wallets. Therefore, we want to find a way to verify the right to recovery in a manner that nobody else can fake it.
The web2 world offers one remedy. It’s called the “Forget password” functionality and it is used almost everywhere. Email is perfect for this because mail servers constitute a very important part of the online identity. No one gives strangers access to their personal or work mailboxes. It is used for social media interactions, paying bills, business relations, and banking. This makes it a viable and secure recovery solution.
But can we somehow apply this mechanism to the wallet recovery use case? How can blockchain have anything to do with email? As you will see, thanks to zero-knowledge cryptography, email messages can be turned into Email Proofs that can be securely verified on-chain.
Now that we know all of this, let's try to figure out how to use email for wallet recovery and why it can actually work.
To combat spam and impersonation attacks, email has a very useful feature called DKIM (DomainKeys Identified Mail). When an email is sent from a domain that uses DKIM, the mail server adds a cryptographic signature to the headers. This signature is created using the sender's private key, and along with a public key (which can be obtained from DNS records), allows the recipient to verify two things that are critical to recovery security. The verifier can be sure that the email was actually sent by the domain owner and that the content of the message wasn't tampered with in transit.
This means that, as long as we trust mail servers not to do weird things like secretly send mail on behalf of their clients, we can rely on them.
Now, in order to enable wallet recovery, we need to combine three things:
For security reasons, the protocol cannot allow recovery from any random email. The recoverable wallet must be assigned to a specific email address that is authorized for recovery. What is more, the message contents (body and subject) must match a certain pattern to avoid producing recovery intent by mistake.
The proving process also involves checking DKIM headers. Only emails with correct signatures and correct content can produce a valid proof. This proof, along with additional arguments, such as a new wallet address and email address hash (for on-chain privacy), can be sent to on-chain smart contracts. The proof is associated with specific arguments (in this case, the wallet address and email hash), so even if an email meets all the other conditions, it cannot recover an address different than the originally intended one.
In case of a positive verification, the target wallet address is changed to a new one and the wallet is recovered.
Email Proofs share a basic security model with email itself. If we can trust servers and their signatures, and assume bug-free implementation, we can also trust Email Proofs.
This article is just a brief introduction, if you want to dive deeper into the topic, I highly recommend checking our vlayer Verifiable Data Report: Email Proofs by zkMarek. The report covers security and protocol design considerations in depth.
We are sure that Email Proofs and Web Proofs can bridge the gap between the web2 and web3 worlds. Their complementary security properties and data availability make them a very attractive couple, poised to ignite the new era of exploration for dApp developers.
Join the revolution
.webp)
