By using ZK Email, you can approve multisig confirmations through email replies. This project aimed to simplify 2FA and DAO management, especially for non-crypto users, and enhance the security of on-chain transactions. You can watch our Signature Singularity demo to see a video explanation and demo.
Multisig wallets are a cornerstone in decentralizing control and increasing security for DAOs, companies, and collaborative groups. Traditional multisig operations require participants to have web3 knowledge and use externally owned accounts (EOAs). Unfortunately, the steep learning curve means that less people can participate in the ecosystem. In addition, multisigs operate slowly because transactions that need to get approved by many people, require everyone to be able to access their wallet.
These were the main challenges in the current multi-signature transaction process:
Our solution introduces a simpler and more accessible approach by leveraging emails, making them direct signers on multisigs. This lets people use emails as signers for their own 2FA, or as signers on larger safes, where approving a transaction is as simple as replying to an email.
Once you have made an emailwallet.org account, send your address (found either in emails or on the 'Deposit Assets' page) to the multisig owners, who can add that as a signer.
ZK Email: This system uses RSA signatures to verify email data (such as from, to, subject) without revealing sensitive information. Each email is signed according to the DomainKeys Identified Mail (DKIM) protocol, ensuring the authenticity of the email.
Email Wallet: The email wallet utilizes account codes to protect user privacy and ensure decentralization. Users can approve transactions by simply replying to an email, and the system verifies the email's authenticity using ZK proofs.
Relayer: The relayer plays a crucial role by monitoring transactions, sending confirmation emails, and generating ZK proofs for on-chain verification. It ensures that the entire process is seamless and secure.
Safe Tracker: Our event tracker automatically detects Safes that have started transactions, added email wallet signers that the relayer is aware of, or removed email wallet signers that the relayer is aware of. Then, if a transaction is pending on any Safe for an email wallet signer that it knows about, it automatically emails a transaction confirmation.
userEthAddr= CREATE2(hash(userEmailAddr, accountCode))Note that as long as the account code is hidden, no adversary can learn the user's email address from on-chain data.
The transaction flow for 2FA in our multisig wallet system is designed to be a straightforward process, with the relayer acting as the central orchestrator.
When a transaction requiring multiple signatures for a certain threshold is initiated, the relayer plays a key role. It communicates with the users by sending an "Approve Transaction" email, which includes the transaction address directly to their registered email addresses.
We are planning to begin audit soon, and will soon natively integrate this into Safe Wallet's interface for users to directly add email addresses as signers!
The ZK Email system offers a streamlined and secure way to handle multi-signature confirmations via email, making 2FA more accessible and user-friendly. By leveraging zero-knowledge proofs, the system ensures privacy and decentralization, providing a robust solution for both crypto and non-crypto users.
For more information and to try the system yourself, visit emailwallet.org and join our Telegram group for further discussions and support.
We ensure the authenticity of these email responses using ZK Email on top of the DomainKeys Identified Mail (DKIM) protocol, which verifies that the emails sent and received are secure and unaltered during transmission.
Using ZK Email, we verify the RSA signature and SHA hash in the DKIM signature. This verification confirms that the response indeed originates from the correct email wallet account associated with the user.
rsa_sign(SHA256(from:<>, to:<>, subject:<>, <bodyHash>,...), RSA private key of domain)For other types of proofs, you can also verify any piece of arbitrary data in the email such as subject, body text, etc and make proofs selectively revealing what you choose to reveal.
Once the relayer recieves the response to the email, a zk proof is generated which is then sent to the email wallet that triggers the on-chain action of the user signing.
Signers receive a confirmation email with the transaction hash from the relayer, marking the successful completion of their signing action.