Universal Recovery: A Social Recovery Solution Utilizes ZK-Email
Next Generation Social Recovery: Universal Recovery
Universal Recovery: A Social Recovery Solution Utilizes ZK-Email
Web3 has revolutionized how we interact with the internet, shifting the ownership model entirely. This new paradigm allows users to connect directly, bypassing traditional intermediaries. By leveraging cryptography, Web3 removes these middlemen, shifting the responsibility of key (or password) security onto the users themselves. This change in dynamics marks a significant move towards greater user autonomy and responsibility in the digital space. This shift to Web3, while innovative, has introduced significant challenges. Users often lack the knowledge to properly store their keys, and modern devices are not sufficiently secure for storing keys in shared storage. This insecurity not only poses a risk to user data but also complicates the onboarding process. New users encounter numerous warnings and face a steep learning curve, making user education a critical yet challenging aspect for Web3 businesses. This situation highlights the need for more user-friendly and secure solutions in the Web3 ecosystem.
To address these issues, we've developed a hardware signer solution. This innovative approach simplifies the onboarding process for Web3 businesses, enabling users to sign up with just one click. It integrates hardware-level security into everyday devices, enhancing both security and user experience. However, this solution presents a significant challenge: if users lose their account, they also lose access to it. This underscores the need for a robust recovery mechanism to complement the enhanced security and streamlined user experience offered by the hardware signer. This is why we have introduced two distinct recovery methods, designed to different user profiles: Cloud-Based and Social Recovery. For newcomers to the crypto world, the cloud account recovery option is ideal, offering an easy setup. Conversely, seasoned Web3 users can opt for the Social Recovery method, allowing them to designate friends and other wallets as recovery options for their account. Each method is designed to cater to the specific needs and familiarity levels of users within the Web3 space.
Our goal is to extend social recovery to all internet users, but currently, it's limited because it requires guardians to have onchain wallets. This limitation means it's not suitable for the broader internet population. We're introducing "Universal Recovery" to address this issue. We aim to enable any internet user to become a guardian for an onchain account, even if they don't have one themselves. We'll now examine the current challenges with social recovery and how "Universal Recovery" offers a solution for this problem.
Existing social recovery mechanisms, where users appoint trusted individuals as guardians for account recovery, are highly functional but come with a critical limitation: guardians must have onchain wallets. This requirement narrows the pool of potential guardians, excluding individuals who are important to the user but not part of the blockchain world. For example, if someone wants to add a family member, like a grandparent or a friend who doesn't have an onchain wallet, as a guardian, the current system doesn't support it. This problem limits our recovery capabilities with only onchain wallets.
Fortunately, we have a solution: ZK Email. Considering that over 4 billion people have at least one email address, creating an onchain wallet using only a user's email could revolutionize the guardian system and ZK Email's tech stack makes this possible. Our Proof of Concept leverages ZK Email to address the issue of requiring guardians to have onchain addresses. Next, we'll delve into how we utilize ZK Email and our implementation’s details.
Our Implementation: How We Achieve Universal Recovery
We've developed a Proof of Concept (POC) for a recovery mechanism compatible with EIP-4337 standards. This mechanism employs passkeys for seamless onboarding and incorporates Universal Recovery for account recovery. A key feature of this system is the ability for users to appoint any of their friends with an email address as guardians, broadening the scope of accessible and secure account recovery options in our Clave wallet.
The basis of Universal Recovery is to authorize a specific email to initiate recovery. The owner of this e-mail can start this process by adding the necessary variables to initiate recovery to the subject of the e-mail and sending this e-mail to the relayer. We developed the Universal Recovery Module following the structure of Clave Module Contracts to make this possible. In short, this model keeps the emails that the user added as a guardian and ensures that the recovery can be initiated and executed by checking the zero-knowledge proof created by the relayer using the emails sent by the guardian. In the project developed as Proof of Concept, the stages of producing Zero Knowledge Proof and triggering the blockchain after it is produced are carried out by Email-Wallet. Since it is already a working structure, it does not make sense for PoC to run a separate Relayer again. However, this also results in a step that is not normally necessary. This means that the email to which the guardian will be added must create an Email-Wallet. Guardian first needs to send another email to create it. Since removing this step in a version that will be released to Production will greatly increase the user experience, the structure will be slightly different even though it is almost the same. In this way, the user can add the desired email directly by sending a transaction to the Universal Recovery module. After creating the Email-Wallet to be added as a guardian and the user adding it as a guardian, the process of adding the recovery is completed. If the user loses access to the account for any reason, all that is required to recover the account again is for the guardian to send an email to the relayer with the new public key in the subject of the email. Relayer can create a proof thanks to the incoming email and trigger the startRecovery function with this proof. In this way, the public key that allows the contract to be managed is changed and the user regains control of the account. So, how does ZK Email work?
Introducing ZK-Email - A Trusless Bridge Between Web2 <> Web3
How Email Protocols are Working?
Email protocols use DKIM for integrity assurance. This authentication method prevents email spoofing. DKIM employs an RSA key pair, similar yet distinct from Web3 key algorithms. The email sender's server uses a private key to generate a unique digital signature for each email, which is then attached to the email's header. The recipient's server uses the sender's public key, available in DNS records, to verify this signature. A matching signature confirms the email's authenticity and integrity, thus improving email security.
To enable this, each E-Mail has;
A Public Key
If we can verify this signature on blockchain, this can help us to generate an onchain account with only an E-Mail address and without any middleman. But verifying the DKIM directly onchain breaks the privacy and also RSA signature is not natively supported on blockchains, so verifying the RSA signature can also be expensive. This is why we need Zero Knowledge proofs to verify the DKIM onchain.
Each email includes a signature, message, public key, and the sender's address. When verifying the signature on the blockchain, the public key must be disclosed, potentially compromising privacy. This is because anyone examining the blockchain could see both the email address and the linked account address, creating a risk of personal information being exposed. Therefore, ensuring privacy while maintaining the integrity of email-based blockchain verification is a critical concern. With the ZKEmail protocol, proving that a message originates from a specific email address becomes possible onchain, enabling the creation of an onchain wallet directly linked to that email. This technique simplifies the process of integrating email-based identities with blockchain technology, ensuring both privacy and efficiency.
How does it work?
Here's a simplified overview of what happens with the ZKEmail protocol:
1. Users sign a message using their email addresses.
2. The signed message, along with its signature and the public key, is sent to a prover.
3. The prover verifies the DKIM signature of the email and then generates a Zero Knowledge proof from this data.
4. This ZK proof is verified on the blockchain, establishing the email-based account identity for use.
This process guarantees secure and private validation of email identities on the blockchain. However, it faces a challenge: proof verification is gas-intensive, exceeding 500,000 gas units. Fortunately, the utilization of ZK Email is primarily for recovery purposes. Therefore, it is only needed during recovery events, mitigating the impact of its high gas consumption on regular operations.
ZKEmail and Universal Recovery, while innovative, need some improvements:
1. DNS Key Rotation: DNS keys, essential for email verification, need to be fetched from frequently rotating DNS records. Without a mechanism like DNSSEC, there's no trustless way to track these changes on blockchains, necessitating a DAO or trusted entity for management.
2. Gas Costs: Transactions using ZK-Email are expensive, consuming around 1.2M gas, a cost too high even for Layer 2 solutions. It's essential to reduce these costs, even if ZK-Email is only used for recovery.
3. User Experience: The process of sending an email for account recovery could be more user-friendly and intuitive.
Addressing these problems will further enhance the potential of ZKEmail and Universal Recovery in onboarding Ethereum's next billion users.
This demo was developed as a result of internal research and development led by our developer Alim ; we hope to continue this work and, if we can address the concerns described, use it on the Clave wallet.