How the mailbox-based recovery private key function will further enhance the user experience of Web3
Wallet developer Clave has launched a concept verification (SoC) for universal recovery, which combines traditional email verification mechanisms with blockchain protocols to create a social recovery private key function that simultaneously protects user privacy and security, enhancing the most important aspect of the Web3 user experience – private key management.
Table of Contents
Toggle
Private Key Management is Key to User Experience
Web3 Built on Key Pair Encryption Technology
Social Recovery Optimizes Private Key Management
The Challenge of Social Recovery is the Need for Guardians to Have Wallets
Introduction to Universal Recovery Mechanism
Traditional Email Verification Method: DKIM
Moving the Verification Mechanism to the Blockchain
ZKEmail Uses Zero-Knowledge Proofs to Protect Privacy
Web3 eliminates intermediaries and transfers responsibility back to the user through encryption technology and key pairs. While innovative, this has brought about many significant challenges, particularly in terms of poor user experience.
Users often lack the knowledge of storing keys correctly, leading to a high learning curve for existing Web3 usage, and reduced security due to the risk of key loss.
Advertisement – Continue reading below
The Web3 ecosystem requires a user-friendly and secure private key management solution.
Social Recovery Optimizes Private Key Management
If a user loses their account, they will lose access to their assets, making recovery mechanisms crucial for enhancing security and user experience. One of the existing mainstream recovery mechanisms is social recovery.
Social recovery requires users to designate trusted individuals as guardians for account recovery. When a user loses their private key, they can seek key fragments from their guardians, ultimately gaining access to the complete private key (with only the user knowing who to request it from).
This improves the user experience for general private key management and enhances the security of user assets.
However, the existing social recovery feature has a limitation as it requires guardians to have a blockchain wallet, making it difficult to extend this mechanism to a larger user base.
The social recovery mechanism requires guardians to have a blockchain wallet, limiting its user base.
To address this issue, the Clave team has developed the concept of universal recovery. The goal is to allow any internet user to become a protector of on-chain accounts, even if they do not have a blockchain wallet themselves.
Considering that over 4 billion people have at least one email address, creating an on-chain wallet using email could completely transform the social recovery system. The team refers to this as universal recovery, where specific email addresses are authorized to initiate the recovery process.
The Clave team has developed the concept verification of universal recovery based on the EIP-4337 standard. This implementation allows users to designate any friend with an email address as a guardian, expanding the range of account recovery options in the Clave wallet.
The traditional email protocol uses DomainKeys Identified Mail (DKIM) to ensure data integrity. DKIM uses RSA key pairs, similar yet different from Web3 key algorithms.
DKIM Verification Mechanism
The sender’s server uses a private key to generate a unique digital signature for each email, which is then attached to the email header.
The recipient’s server uses the sender’s public key provided in DNS records to verify the signature. If the public key successfully verifies the signature, the authenticity and security of the email can be confirmed.
To achieve this mechanism on-chain instead of the recipient’s mailbox server, a contract that triggers private key recovery under the intention of a guardian can be ensured, utilizing the email to provide the private key recovery function.
However, directly verifying DKIM on-chain would compromise privacy, as each email contains signatures, messages, public keys, and sender addresses. On the other hand, the blockchain itself does not support RSA signatures, and the cost of verifying signatures could be high.
Therefore, the Clave team needed an alternative approach and chose to use zero-knowledge proofs to solve the aforementioned problems.
ZKEmail Uses Zero-Knowledge Proofs to Protect Privacy
Through the off-chain ZKEmail protocol, the DKIM mechanism is verified by creating zero-knowledge proofs that demonstrate the message originates from a specific email address and is directly linked to the on-chain address of that email, simplifying the integration process between email and blockchain technology while ensuring privacy and efficiency.
ZKEmail verifies DKIM off-chain and submits zero-knowledge proofs on-chain.
Here is a summary of the ZKEmail protocol process:
1. Users sign messages with their email addresses.
2. The signed message, signature, and public key are sent to the verifier.
3. The verifier validates the email’s DKIM signature and generates a zero-knowledge proof based on that data.
4. The zero-knowledge proof is verified on the blockchain, establishing an on-chain account identity based on the email.
The proof verification in this implementation consumes a significant amount of gas fees. Fortunately, ZKEmail is primarily used for the purpose of recovering private keys. Therefore, it is only required during recovery, and the cost has no significant impact on user usage.
Clave
User Experience
Private Key Backup
Further Reading
Twitter Phishing Attacks, Automatic Detection of Content, Scamming Crypto Novices!
Don’t Know How to Store Bitcoin? Research Shows Hardware Wallets Are the Preferred Choice for Most People
