Chainmail

Chainmail is an zero-knowledge proof powered email marketplace / whistleblower platform that empowers users to sell authenticated emails without revealing their identity.

The project leverages ZK Email to generate ZKPs of emails via their DKIM signatures.

By analysing the DKIM signature in the header of an email, we can verify the public key of the sender’s domain.

After verification, a ZKP of the email is generated via a circom circuit to hide the recipient address, hash the email body and provide public signals for details such as the sender, subject & ETH address of the owner.

Chainmail then provides a smart-contract backed marketplace to facilite the sale and transmission of these emails between buyers & sellers.

Transaction disputes are mediated via an implemented DAO (Chainmail DAO).

Team's submissions

Chainmail Defensive Tooling Social Impact

The problem Chainmail solves

Chainmail empowers and incentivises whistleblowers that would otherwise be too afraid to reveal vital information for fear of safety or reputational damage. By using Zero-Knowledge Proofs, we can prove the authenticity of emails while ensuring the privacy and anonymity of the seller. By using a marketplace as a mechanism of delivery, Chainmail provides additional incentive structures for those in possession of this information.

Challenges you ran into

Philosophical: There are many challenges with Chainmail. By far the most important of which is to ensure that the platform is used for public good and not abused for the solicitation of dangerous secrets such as: -> state secrets -> blackmail campaigns -> sale of stolen data -> corporate espionage

The implementation of a DAO governance structure to ensure the right kind for censorship and a curated buyer list will help solve this issue.

Technical: We had to come up with a good delivery mechanism that ensures the most trust-minimised approach whilst also operating under the limitations of the ZK circuits Chainmail is built on. We decided on a flow where both the seller and the buyer provide a stake of authenticity as a declaration of good faith under the transaction. When the buyer purchases an email, they provide a public key that the seller then uses to encrypt the email body when fulfilling the order.

As the hash of the body is provided in the ZK proof, when the buyer decrypts the email they can verify that it is the same email they have purchased.

If there is anything wrong, they can open a dispute which will then be sent to the DAO for adjudication, with the malicious party losing their stake of authenticity if they lose the outcome.

Technology used

Zero Knowledge Proofs built on top of ZK-Email (https://zkemail.gitbook.io/zk-email) Solidity Smart contract for the marketplace and on-chain verification React front-end for the application (and client side proving)