Workers Auto Approve
Verify DKIM signatures generated by Gmail/other providers (enables easier account recovery)
Solidity, RSA, ed25519
### Challenge description:
Since most emails are signed cryptographically through DKIM, and contain enough data to prove who the sender is (from wikipedia: "the From: field must always be signed"), we can use that for recovering Ethereum accounts.
**How it would help: it could enable a next-generation UX for dapps where you can sign up with an email/password**, without making big security compromises, and with an ability to change your password and recover your account.
Of course, it's not a silver bullet, as you're ultimately trusting your email provider. But trusting the email provider is significantly more realistic for most people than trusting a startup to keep your private key.
The challenge is to build a proof of concept that verifies a real DKIM signature from an email generated by Gmail, via a Solidity smart contract, on-chain, within a reasonable gas limit.
#### Technical details
We basically need a solidity contract to verify the DKIM-Signature field based on a certain `body`; It needs to check the signature agianst the `_domainkey` TXT record for the domain, for which we'll need a key "oracle": for this PoC, it's sufficient to just hardcode the `_domainkey` records for `gmail.com` and any other large providers, but in the future, we'll need a proper oracle that can read the `_domainkey` record for any arbitrary domain.
* explainer: https://www.20i.com/blog/dkim-demystified/
* spec: http://dkim.org/specs/rfc4871-dkimbase.html
RSA and ed25519 crypto will be needed, which is not supported out of the box but these resources can help:
* https://github.com/HarryR/ethsnarks/blob/master/contracts/ETEC.sol this will work for all twisted Edwards curves, so if the modulus is changed it should work with ed25519
* RSA is easier cause of EIP 198 [in byzantium](https://github.com/ethereum/EIPs/blob/master/EIPS/eip-609.md): see https://github.com/adria0/SolRsaVerify
* various signature schemes are implemented by the dnssec-oracle: https://github.com/ensdomains/dnssec-oracle/tree/master/contracts/algorithms
### Submission requirements:
* Gas cost: should be under 3 million gas
* Can verify a DKIM signature generated by Gmail
* Implement a script that takes a raw email as input and invokes a method on a solidity smart contract (on a local network, with ganache/truffle) to check this email's signature
* must be able to prove, on chain, that the `From` header (sender) is a particular email (NOTE: this requirement was omitted at the time of the hackathon launch so you won't be judged based on it)
### Submission deadline:
* November 11
### Judging criteria:
* Gas cost
* Correctness and elegance of the solution
* Support the signature schemes by large email providers (Gmail, Outlook, Yahoo, ProtonMail)
* Contributions to other open-source packages will be appreciated
### Judging date:
* November 12
* 1800 DAI
Further bonuses available if it works with multiple signature schemes and multiple email providers.
Setup your profile
Tell us a little about you:
No results found for
Type to search skills..
Required [[totalcharacter]] / 240
Are you currently looking for work?
[[ option.string ]]
Setup your profile
Our tools are based on the principles of earn (💰), learn (📖), and meet (💬).
Select the ones you are interested in. You can change it later in your settings.
I'm also an organization manager looking for a great community.
Enable your organization profile
Gitcoin products can help grow community around your brand. Create your tribe, events, and incentivize your community with bounties. Announce new and upcoming events using townsquare. Find top-quality hackers and fund them to work with you on a grant.
These are the organizations you own. If you don't see your organization here please be sure that information is public on your GitHub profile. Gitcoin will sync this information for you.
Select the products you are interested in:
Out of the box you will receive Tribes Lite for your organization. Please provide us with a contact email: