ICBC2023 "Contract Wallet Using Emails"

Transcript

1. Contract Wallet Using Emails Sora Suegami1, Kyohei Shibano2 Dept. of

   Information and Communication Engineering1 Dept. of Technology Management for Innovation2 The University of Tokyo, Japan 

2. Introduction Have you ever tried to send crypto assets to

   non-crypto users? When you ask them to install a wallet software, they often say… •Is this software trustworthy? •Installing a new software is troublesome! •Why don’t you set up a wallet for me?  Users cannot manage their crypto assets only with existing familiar tools!

3. Proposed System: Email Wallet • Simplicity: A User can make

   a transaction simply by sending an email without new software installation or key management. • Security: The user’s crypto assets are secure as long as existing sender domain servers (SDS), e.g., Gmail, are honest. • Functionality: The users can not only transfer their assets but also manipulate them on-chain in arbitrary manners by changing the message format. 

4. ZK-Email: Verifying emails with ZKP on-chain [1,2]  &NBJM 34"
   EJHJUBM
   TJHOBUVSF

   6TFS 4FOEFS
   %PNBJO
   
   4FSWFS
   4%4 "UUBDIFE ;,1 1SPPG &UIFSFVN
   #MPDLDIBJO #SPBEDBTU Domain servers that support the DKIM protocol, e.g., Gmail, attach RSA digital signatures to ensure that the sender and content of the email are not forged. A smart contract can securely authenticate the sender and content of the email by verifying the RSA digital signature and the contents in the email with zero-knowledge proof (ZKP), as long as the sender domain server (SDS) does not forge the user’s email [1,2].

5. Email Wallet: Applying ZK-Email to construct Wallet Contracts  A

   wallet contract stores each user’s email address and balance per currency unit. A user can transfer the user’s crypto assets deposited to the contract wallet by sending an email with the message “Transfer X ETH to [email protected]”. A user can exchange the user’s ETH to DAI via Uniswap by sending an email with the message “Swap X ETH to DAI via Uniswap”. Transfer X ETH to [email protected] om Swap X ETH to DAI via Uniswap Example 1 Example 2 [email protected] [email protected] [email protected] [email protected] [email protected]

6. Email Wallet: System Architecture An aggregator does additional work in

   our system, i.e., proof generation and interaction with the wallet contract. Developer Aggregator SDS User Contract Distribute a ZKP circuit Deploy a contract %FWFMPQN FOU
   QIBTF 0QBSBUJPO
   QIBTF Send an email to the aggregator’s email address. Attach a digital signature. (DKIM) Generate a proof and submit it to the wallet contract. • Users do not need to install new software or access new web pages. • Existing SDSs that adopt the DKIM protocol can be used without modification.

7. Demo Scenario  Alice transfers 0.005 ETH to Bob by

   sending an email to the aggregator’s email address with the message “Transfer 0.005 ETH to [email protected]”. Bob exchanges 0.005 ETH for DAI via Uniswap by sending an email to the aggregator’s email address with the message “Swap 0.005 ETH to DAI via Uniswap”. Transfer 0.005 ETH to emaiwallet.bob @gmail.com Swap 0.005 ETH to DAI via Uniswap Scenario 1 Scenario 2 Alice Alice deposits 0.01 ETH to the wallet contract before the demo scenario. Alice Bob Bob Bob

8. Demo Specification  Environment • Blockchain Network: Arbitrum One on

   the Ethereum mainnet • Sender Domain Server: Gmail (@gmail.com) • Decentralized Exchange: Uniswap V3 Development libraries used in the demo implementation • ZKP library: PSE’s fork of halo2 
 https://github.com/privacy-scaling-explorations/halo2 • A library to generate a halo2 verifier smart contract: Axiom’s fork of snark-verifier 
 https://github.com/axiom-crypto/snark-verifier • A library of ZK-Email: halo2-zk-email (Sora Suegami is one of the main contributors of this library.) 
 https://github.com/zkemail/halo2-zk-email

9. Demo Movie  IUUQTESJWFHPPHMFDPN fi MFE&15FSQM;6N6#H,(WX2"47-$"%:ZEZ4WJFX VTQTIBSF@MJOL

10. A ZKP circuit of ZK-Email specializes in regular expressions (regex)

    for message formats in email defined for each manipulation method.  Variable-regex mapping (VRM) allows the developer to define a new manipulation method without writing any ZKP circuit! Developer Aggregator SDS User Contract Distribute a ZKP circuit Deploy a contract %FWFMPQN FOU
    QIBTF However, it is not easy for many developers to write a ZKP circuit by theirselves. Variable-Regex Mapping (VRM)

11. Variable-Regex Mapping (VRM)  
    0OF
    KTPO
    fi MF
    UP
    EFTDSJCF
    EFDPNQPTFE
    SFHFY
    EF fi OJUJPOT

    
    0OF
    FYBNQMF
    FNBJM
    XIPTF
    NFTTBHF
    TBUJT fi FT
    UIF
    SFHFY 
    "
    4PMJEJUZ
    JNQMFNFOUBUJPO
    PG
    B
    QSPDFTT
    GVODUJPO
    UIBU
    EF fi OFT
    IPX
    UP
    NBOJQVMBUF
    UIF
    VTFS`T
    DSZQUP
    BTTFUT
    BGUFS
    UIF
    FNBJM
    WFSJ fi DBUJPO "
    EFWFMPQFS
    POMZ
    OFFE
    UP
    QSFQBSF
    GPMMPXJOH
    UISFF
    UIJOHT
    UP
    EF fi OF
    B
    OFX
    NBOJQVMBUJPO
    NFUIPE
    The VRM automatically generates a new ZKP circuit to verify the specified regex and the Solidity code of its verifier contract.

12. Conclusion • We propose a contract wallet that allows users

    to operate their crypto assets simply by sending emails to an aggregator’s email address. • The user only needs to trust existing SDS, e.g., Gmail, without managing any private key. • The user can specify how to manipulate their crypto assets by changing the message format in the email. • We built a demo of the email wallet and confirmed that users can transfer their deposited ETH and exchange them for DAI just by sending emails. • We also built VRM, which allows developers to build a new manipulation method without writing any ZKP circuits. 

13. Acknowledgement  8F
    BQQSFDJBUF
    UIF
    HFOFSPVT
    UFDIOJDBM
    BEWJDF
    BOE
    JNQMFNFOUBUJPO
    IFMQ
    GSPN
    .S
    "BZVTI
    (VQUB
    *O
    QBSUJDVMBS
    
    w 5IF
    JEFB
    PG
    IPX
    UP
    WFSJGZ
    UIF
    SFHFY
    NBUDIJOH
    PG
    UIF
    FNBJM
    NFTTBHF
    XJUI
    ;,1
    <>
    w $POUSJCVUJPO
    UP
    UIF
    EFWFMPQNFOU
    PG
    IBMP[LFNBJM
    w

    $POUSJCVUJPO
    UP
    UIF
    EFWFMPQNFOU
    PG
    UIF
    BHHSFHBUPS
    TFWFS
    JNQMFNFOUBUJPO 0VS
    EFNP
    JNQMFNFOUBUJPO
    XJMM
    CF
    QVCMJTIFE
    JO
    UIF
    GPMMPXJOH
    (JUIVC
    PSHBOJ[BUJPO
    IUUQTHJUIVCDPN[LFNBJM

14. References   "(VQUB
    l"O
    FDETB
    OVMMJ fi FS
    TDIFNF
    BOE
    B
    QSPPG
    PG
    JEFOUJUZ
    BQQMJDBUJPO z
    .BTUFS`T
    UIFTJT
    .BTTBDIVTFUUT
    *OTUJUVUF
    PG
    5FDIOPMPHZ

    
    4FQUFNCFS
    
    
     4
    4VFHBNJ
    l3TB
    WFSJ fi DBUJPO
    DJSDVJU
    JO
    IBMP
    BOE
    JUT
    BQQMJDBUJPOT
    
    QSJWBDZ
    BOE
    TDBMJOH
    FYQMPSBUJPOT z
    
    <0OMJOF>
    "WBJMBCMF
    IUUQTNJSSPSYZ[ QSJWBDZTDBMJOHFYQMPSBUJPOTFUINNL(V#13
    QF(VD6-"B[)BH
    K[:CJ;)8,-:.