Development resources at your finger tips
Build with the coolest Web3 projects
Recurring funding for Open Source
Ethical ads to power Open Source
Learn about Web3 & earn rewards
Show appreciation for each other
Meet fellow developers, designers, futurists and more. Collaborate and BUIDL awesome projects together.
Discover great web3 organizations, work on meaningful projects and build relationships with like minded people. Browse Tribes
Meet the top hunters and contributors from our community.
Aloha, Gitcoiners! How do you feel about Data Dignity, Quadratic Voting, Quadratic Finance and Decentralized Identity?
KERNEL is an 8-week, invite-only program for top tech talent looking to build relationships, products, and companies in blockchain and Web 3. 100 tal…
Type in [[ 2- term.length]] more characters to get results
[[ result.title ]]
[[ result.description | truncate(70) ]]
No matches found
Gitcoin is GDPR complaint. Learn more in
Gitcoin's Terms & Conditions.
Check out the Issue Explorer
Looking to fund some work? You can submit a new Funded Issue here.
### Challenge description:
Since most emails are signed cryptographically through DKIM, and contain enough data to prove who the sender is (from wikipedia: "the From: field must always be signed"), we can use that for recovering Ethereum accounts.
**How it would help: it could enable a next-generation UX for dapps where you can sign up with an email/password**, without making big security compromises, and with an ability to change your password and recover your account.
Of course, it's not a silver bullet, as you're ultimately trusting your email provider. But trusting the email provider is significantly more realistic for most people than trusting a startup to keep your private key.
The challenge is to build a proof of concept that verifies a real DKIM signature from an email generated by Gmail, via a Solidity smart contract, on-chain, within a reasonable gas limit.
#### Technical details
We basically need a solidity contract to verify the DKIM-Signature field based on a certain `body`; It needs to check the signature agianst the `_domainkey` TXT record for the domain, for which we'll need a key "oracle": for this PoC, it's sufficient to just hardcode the `_domainkey` records for `gmail.com` and any other large providers, but in the future, we'll need a proper oracle that can read the `_domainkey` record for any arbitrary domain.
* explainer: https://www.20i.com/blog/dkim-demystified/
* spec: http://dkim.org/specs/rfc4871-dkimbase.html
RSA and ed25519 crypto will be needed, which is not supported out of the box but these resources can help:
* https://github.com/HarryR/ethsnarks/blob/master/contracts/ETEC.sol this will work for all twisted Edwards curves, so if the modulus is changed it should work with ed25519
* RSA is easier cause of EIP 198 [in byzantium](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-609.md): see https://github.com/adria0/SolRsaVerify
* various signature schemes are implemented by the dnssec-oracle: https://github.com/ensdomains/dnssec-oracle/tree/master/contracts/algorithms
### Submission requirements:
* Gas cost: should be under 3 million gas
* Can verify a DKIM signature generated by Gmail
* Implement a script that takes a raw email as input and invokes a method on a solidity smart contract (on a local network, with ganache/truffle) to check this email's signature
* must be able to prove, on chain, that the `From` header (sender) is a particular email (NOTE: this requirement was omitted at the time of the hackathon launch so you won't be judged based on it)
### Submission deadline:
* November 11
### Judging criteria:
* Gas cost
* Correctness and elegance of the solution
* Support the signature schemes by large email providers (Gmail, Outlook, Yahoo, ProtonMail)
* Contributions to other open-source packages will be appreciated
### Judging date:
* November 12
* 1800 DAI
Further bonuses available if it works with multiple signature schemes and multiple email providers.