zk email recovery

Introduction

Elytro wallet introduces a recovery mechanism using Zero-Knowledge (ZK) technology that securely binds a user's email address to a unique recovery process. This mechanism operates as follows:

  • Commitment Generation: For each user, a unique commitment is generated by combining their email address with a random number. This commitment uniquely determines a specific email recovery smart contract.

  • Binding to Recovery contact: The generated commitment links to a smart contract tailored for email recovery. This smart contract can be designated as a social recovery contact within Elytro wallet. By doing so, it integrates seamlessly with Elytro wallet's social recovery mechanism.

  • ERC1271 Signature Verification: The email recovery smart contract supports signature verification via ERC1271. This allows the smart contract to securely authorize recovery actions, ensuring the integrity and security of the recovery process.

This ZK email recovery feature provides a secure and privacy-preserving method for users to recover their wallets, ensuring that sensitive information remains protected while enabling robust recovery options.

Take Email Guardian as an example. This basically works as:

  1. User input his email_address. The relayer generate a random number email_commitment_rand and keep it private. Then compute email_commitment = hash(email_address, email_commitment_rand). This is to hide the email address.

  2. Deploy the EmailApprover.sol contract with email_commitment as the initialization parameter by using EmailApproverFactory.sol. Set this deployed contract as the guardian.

  3. During social recovery. User sends an email to the relayer with subject Approve address 0x{guardian wallet address} for hash 0x{social recovery hash}.

  4. The relayer generate a proof from email.

  5. The relayer trigger approver function of the Email Garidian contract. The contract will verify the email's DKIM signature and extract the approved hash.

  6. If the verify passes, the Email Guardian will approve the given hash. User can then continue to execute Social Recovery.

Trust assumptions

Although we have designed zkemail to make the recovery process as decentralized as possible, there are still some trust assumptions in place. For instance, the DKIM public keys of different email providers are set in the contract via a DKIM registry. Since zkemail verifies the DKIM signature of emails, the current setup of the DKIM registry is controlled by a Elytro wallet multi-sig, with a time-lock mechanism for setting the DKIM public keys. While this aspect cannot be fully decentralized at present, there is potential for these permissions to be handed over to community governance in the future, or for a better solution to be developed. The current DKIM keys set in the contract can be found here: DKIM_archive.md

PreviousSocial Recovery ModuleNextSpending limit

Last updated