Verify DKIM signatures generated by Gmail/other providers (enables easier account recovery)

[Ivshti]

Challenge description:

Since most emails are signed cryptographically through DKIM, and contain enough data to prove who the sender is (from wikipedia: "the From: field must always be signed"), we can use that for recovering Ethereum accounts.

How it would help: it could enable a next-generation UX for dapps where you can sign up with an email/password, without making big security compromises, and with an ability to change your password and recover your account.

Of course, it's not a silver bullet, as you're ultimately trusting your email provider. But trusting the email provider is significantly more realistic for most people than trusting a startup to keep your private key.

The challenge is to build a proof of concept that verifies a real DKIM signature from an email generated by Gmail, via a Solidity smart contract, on-chain, within a reasonable gas limit.

Technical details

We basically need a solidity contract to verify the DKIM-Signature field based on a certain body; It needs to check the signature agianst the _domainkey TXT record for the domain, for which we'll need a key "oracle": for this PoC, it's sufficient to just hardcode the _domainkey records for gmail.com and any other large providers, but in the future, we'll need a proper oracle that can read the _domainkey record for any arbitrary domain.

• explainer: https://www.20i.com/blog/dkim-demystified/
• spec: http://dkim.org/specs/rfc4871-dkimbase.html

RSA and ed25519 crypto will be needed, which is not supported out of the box but these resources can help:

• https://github.com/javgh/ed25519-solidity
• https://github.com/HarryR/ethsnarks/blob/master/contracts/ETEC.sol this will work for all twisted Edwards curves, so if the modulus is changed it should work with ed25519
• RSA is easier cause of EIP 198 in byzantium: see https://github.com/adria0/SolRsaVerify
• various signature schemes are implemented by the dnssec-oracle: https://github.com/ensdomains/dnssec-oracle/tree/master/contracts/algorithms

Submission requirements:

• Gas cost: should be under 3 million gas
• Can verify a DKIM signature generated by Gmail
• Implement a script that takes a raw email as input and invokes a method on a solidity smart contract (on a local network, with ganache/truffle) to check this email's signature
• must be able to prove, on chain, that the From header (sender) is a particular email (NOTE: this requirement was omitted at the time of the hackathon launch so you won't be judged based on it)

Submission deadline:

• November 11

Judging criteria:

• Gas cost
• Correctness and elegance of the solution
• Support the signature schemes by large email providers (Gmail, Outlook, Yahoo, ProtonMail)
• Contributions to other open-source packages will be appreciated

Judging date:

• November 12

Bounty

• 1800 DAI

Further bonuses available if it works with multiple signature schemes and multiple email providers.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 1000.0 DAI (1000.0 USD @ $1.0/DAI) attached to it as part of the AdExNetwork fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $122,517.00 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

The funding of this issue was increased to 1800.0 DAI (1800.0 USD @ $1.0/DAI) .

• If you want to claim the bounty you can do so here
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $127,896.44 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 1 week, 3 days from now. Please review their action plans below:

1) ridesolo has started work.

• Implement nodejs script to handle e-mail reception.
• Implement solidty contract to parse and verify the email signature. while complying with all the described requirements. 2) man-jain has started work.

I Will learn about DKIM signatures and carry out steps to make the contract 3) bakaoh has started work.

My submission https://github.com/bakaoh/solidity-dkim 4) nionis has started work.

my submission: https://github.com/nionis/solidity-dkim

feel free to poke me on discord for any questions!

Learn more on the Gitcoin Issue Details page.

[RideSolo]

hello @Ivshti ,

hope you are doing well, I have tested on-chain verification for RSA-SHA256 and RSA-SHA1 with multiple providers and it worked fine since most providers use RSA-SHA256, for RSA-SHA1 I have used a personal mail server to generate the email with RSA-SHA1 the test was also successful

however for ed25519 I'm still working on it, the solidity contract provided as reference does not do the signature verification following my understanding also, do we need to check any kind of data inside the contract like the from field since it should be required to update the password hash for example ? except the hashing itself.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 1800.0 DAI (1800.0 USD @ $1.0/DAI) has been submitted by:

1. @ridesolo
2. @bakaoh
3. @nionis

@Ivshti please take a look at the submitted work:

• PR by @nionis
• PR by @bakaoh
• PR by @RideSolo

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $127,364.38 more funded OSS Work available on the Gitcoin Issue Explorer

[Ivshti]

Hey everyone (@RideSolo, @bakaoh, @nionis) - we are in the middle of the judging process. You all did a great job! We did not expect to have 3 independent full submissions.

We may run a few days late with the decision - we'll certainly be ready by Friday (15th)

[RideSolo]

@Ivshti thanks for the feedback

[Ivshti]

Again, sorry for the delay.

We'll be announcing the results on Monday, stay tuned!

[Ivshti]

Hello everyone,

What's great: you all implemented working solutions with proper tests! We were very impressed - we certainly didn't expect 3 working solutions.

What's still to be desired: none of the solutions actually checked for a particular From (sender), which is critical for a password recovery scheme based on this; furthermore, none of the solutions checked if the bodyHash is actually part of the canonicalizedHeaders that are getting signed

What we decided: all of the solutions had different advantages. We tried an elaborate points scoring system and you all came close to each other. So we decided, instead of rewarding only one solution, to increase the reward and split it between first/second/third places.

Here are the results:

1. @RideSolo - 1100 DAI - your solution scored the highest (52.5pts) due to being generally good in all categories, but especially good in algorithm support: it was the only solution to implement ed25519, which makes it future proof; also, it had an incredibly detailed test suite which compared off-chain results to on-chain results, and tested failing cases too (incorrect signatures)
2. @nionis - 750 DAI - your solution scored a close second (49pts) by virtue of good gas cost results and bonuses for having a demo app and OSS contributions
3. @bakaoh - 650 DAI - 40.5pts - your solution did a lot of parsing on-chain, which decreased the gas costs criteria - some emails we tested needed way more than 3 mil gas to be verified; however, we gave it a few bonus points for security, cause it makes it easier to add checks if the From header is a certain value; the code quality was also impressive, given the hard task

Here's what's included in the points scoring system (based on the "submission requirements" and "judging criteria"):

• README and presentation
• Tests: how easy were they to run and their quality
• Algorithm/provider support
• Gas usage score
• Correctness and security
• Elegance, simplicity and readability
• Bonuses - OSS contribution, demo
• "real world"/adaptability score - this graded how adaptable the code is for the purposes of the vision (recover your account via DKIM)

We will be distributing the actual rewards ASAP, it may require some assistance from Gitcoin because of the splitting.

Thanks to everyone involved in this bounty! Once again, you did an awesome job!

We still need more work to turn this into a working PoC, so stay tuned for updates!

[bakaoh]

thanks @Ivshti, it's so much fun working on this bounty

[RideSolo]

I'm really glad that I participated to this hackathon, and I will be happy to work further to maintain this project

[nionis]

@Ivshti thank you for taking time to look into it very thoroughly, much appreciated. Please let me know if you would like to collaborate!

[nionis]

@bakaoh I also believe the on-chain parsing implementation is very impressive. Great job!

[gitcoinbot]

⚡️ A tip worth 2.75000 ETH (502.25 USD @ $182.64/ETH) has been granted to @ivshti for this issue from @vs77bb. ⚡️

Nice work @ivshti! To redeem your tip, login to Gitcoin at https://gitcoin.co/explorer and select 'Claim Tip' from dropdown menu in the top right, or check your email for a link to the tip redemption page.

• $128414.38 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This Bounty has been completed.

Additional Tips for this Bounty:

• vs77bb tipped 2.7500 ETH worth 502.25 USD to ivshti.

---

• Learn more on the Gitcoin Issue Details page
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $126,963.41 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

⚡️ A tip worth 1100.00000 SAI (1100.0 USD @ $1.0/SAI) has been granted to @ridesolo for this issue from @Ivshti. ⚡️

Nice work @ridesolo! Your tip has automatically been deposited in the ETH address we have on file.

• $126963.41 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack

[gitcoinbot]

⚡️ A tip worth 750.00000 SAI (750.0 USD @ $1.0/SAI) has been granted to @nionis for this issue from @Ivshti. ⚡️

Nice work @nionis! Your tip has automatically been deposited in the ETH address we have on file.

• $126963.41 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack

[gitcoinbot]

⚡️ A tip worth 650.00000 SAI (650.0 USD @ $1.0/SAI) has been granted to @bakaoh for this issue from @Ivshti. ⚡️

Nice work @bakaoh! Your tip has automatically been deposited in the ETH address we have on file.

• $126963.41 in Funded OSS Work Available at: https://gitcoin.co/explorer
• Incentivize contributions to your repo: Send a Tip or Fund a PR
• No Email? Get help on the Gitcoin Slack