Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Email Based Account #15

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Email Based Account #15

wants to merge 5 commits into from

Conversation

rajeshb62
Copy link

My project creates an email based schnorr account in a aztec wallet (which was built in alpha build 1). User enters email ID and uploads .eml file. We use zkemail.nr to verify 2048b dkim signature, match sender email ID and signature key to create schnorr account. We hash sha256 the email ID into a encryption key for schnorr account.

@@ -70,4 +70,4 @@ assignees: ""

## Support Needed

**What kind of support or information do you need to resolve this issue?**
**What kind of support or information do you need to resolve this issue?**
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you remove this deletion/addition from your PR

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i am not sure what this deletion/ addition is from the PR. Just to be sure, i added the template afresh from ab2 repo and pushed it again.
Is it what you are looking for?

- create an account for an email address abc@xyz.com based on .eml file:
- verify header is valid using dkim signature verification
- check sender is 'abc@xyz.com'
- (additional check) check if subject contains a specific random string shown in UI
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is important 👍

- verify header is valid using dkim signature verification
- check sender is 'abc@xyz.com'
- (additional check) check if subject contains a specific random string shown in UI
- hash email into pedersen 2 hash (?), convert into field element type Fr and use it as encryption key in getSchnorrAccount(..) function and show the accoung wallet in UI (user can sign tx from this wallet as long as they know the signing key)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean a hash of non-private information would be used as private key? I might be missing something though

Copy link
Author

@rajeshb62 rajeshb62 Oct 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. That is exactly what is happening.
I mean I want to use a private key that is deterministic and derived from the email address (the goal is to avoid seed phrases/ hex entirely). I can use a salt/ randomness I guess from a password that the user creates, along with the email ID for the private key. to solve the (obvious) problem that you highlighted. Account recovery may become a problem if user forgets the password, but, maybe I can solve that problem later on.

Consider including:

- How does your project leverage Aztec's unique features? (programmable cryptography, private/public state, etc.)
- What is the potential real-world impact of your project?
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to know more about these

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added those points in my readme reproduced below:
This project uses zkemail.nr library for email verification on the user's device. The email ID is kept private and within the user's device.

While not directly within scope of AB2, the wallet is being built only because

it allows fully private state and activities, most importantly:
private transfers of stablecoins and eth
assets can stay fully private for user, as absolutely esstial for card games
account abstraction features that make possible
user friendly encryption and signing key namely, email based hash for private key and Face ID for signing key
email ID based token transfer (???)
transaction rules like 'allow only transactions below $100 / day by email(???)'
allow session ID based transaction approval
fee abstraction features: -allow for wallet provider to pay gas (needed for activities like card games)
What is the potential real-world impact of this project?

onboard web2 users using familiar account creation and signing methods like email ID and face ID -( there are other features relevant for web2 users in wallet but that are not directly within scope of AB2)

@0xrafi
Copy link
Collaborator

0xrafi commented Nov 4, 2024

please add a gitignore and exclude node_modules folders

@rajeshb62
Copy link
Author

Added .gitignore file to exclude node_modules and build artefacts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants