The problem Chainmail solves
Chainmail empowers and incentivises whistleblowers that would otherwise be too afraid to reveal vital information for fear of safety or reputational damage. By using Zero-Knowledge Proofs, we can prove the authenticity of emails while ensuring the privacy and anonymity of the seller. By using a marketplace as a mechanism of delivery, Chainmail provides additional incentive structures for those in possession of this information.
Challenges you ran into
Philosophical: There are many challenges with Chainmail. By far the most important of which is to ensure that the platform is used for public good and not abused for the solicitation of dangerous secrets such as: -> state secrets -> blackmail campaigns -> sale of stolen data -> corporate espionage
The implementation of a DAO governance structure to ensure the right kind for censorship and a curated buyer list will help solve this issue.
Technical: We had to come up with a good delivery mechanism that ensures the most trust-minimised approach whilst also operating under the limitations of the ZK circuits Chainmail is built on. We decided on a flow where both the seller and the buyer provide a stake of authenticity as a declaration of good faith under the transaction. When the buyer purchases an email, they provide a public key that the seller then uses to encrypt the email body when fulfilling the order.
As the hash of the body is provided in the ZK proof, when the buyer decrypts the email they can verify that it is the same email they have purchased.
If there is anything wrong, they can open a dispute which will then be sent to the DAO for adjudication, with the malicious party losing their stake of authenticity if they lose the outcome.
Technology used
Zero Knowledge Proofs built on top of ZK-Email (https://zkemail.gitbook.io/zk-email) Solidity Smart contract for the marketplace and on-chain verification React front-end for the application (and client side proving)