Evmos L1 Secured W2W dMail & dChat Communication Framework (Evmos hackathon submission 2022)

Published in

/4thtech

9 min readOct 10, 2022

On-chain EVMOS dMail & dChat with no ads & no data mining. 4thTech secures your W2W E2EE communication and enables 1000s of dMail & dChat dApps Blum on Web3, via SDKs & White-labels.

Inspiration

Whenever we speak about online security we consider it a topic important to us. Securing your digital communications should be your highest priority when going online. Blockchain has always offered the promise of enabling secure, immutable W2W communication while retaining data and identity ownership, it is by design the perfect security tool. However, it could never really take off due to early-generation blockchains’ scalability and cost constraints. EVMOS meets all the main parameters of low transaction cost and fast transaction finality to support private on-chain communication. At the same time, its thriving ecosystem would benefit from the social dMail & dChat communication layers.

Background key points:

⚡️ The right to online safety should be above all and provided for all online communications
⚡️ Blockchain protocols offered great promise but scalability, throughput and cost were always an issue
⚡️ Web3 projects & DAOs all use Web2 communication tools, which goes against the decentralization ethos
⚡️ Immutable on-chain W2W email & messaging are prime to become the future of secure communication — Not Your Keys, Not Your Message!

Solution key points:

⚡️ Establishing a Web3 Evmos on-chain communication framework that is web, desktop & mobile interoperable — One Email/Message = One Evmos L1 Transaction
⚡️ Bringing social communication to the Web3 Ecosystem
⚡️ E2EE secure, immutable, censorship-resistant, scalable & accessible »on-chain« email & messaging
⚡️ Web3 wallet login, no signup or personal information
⚡️ Resistant to Web2 data mining, data tracking, email spoofing & identity theft
⚡️ W2W private, group & community on-chain messaging with an option of curated chat groups
⚡️ dMail file & media sharing via decentralized storage
⚡️ Stand-alone app or White labelled (SDK)
⚡️ Interoperable with all significant Evmos wallets
⚡️ Due to heavy on-chain activity (i.e. 1 email/message = 1 TX), 4thTech enabled dApps can bring significant growth in daily Evmos transactions volume

What it does

Web3’s dMail & dChat framework enables privacy & data ownership within W2W communication:

W2W E2EE dMail, Data-file exchange & dNotary
W2W E2EE dChat & Group dChat
dMail, dChat SDKs & White-Labels

Value proposition

When you think about 4thTech and what value it delivers, it really is quite straightforward. There are four major value propositions.

4thTech utilises blockchain to enable Web3 security in online email and chat communication, which is now virtually non-existing in traditional Web2 applications.
Behind the scenes, 4thTech enables any project to integrate the dMail and dChat layers into their platform UIs or wallets using SDK framework.
4thTech multi-chain interoperability and deployment pave the way toward the first Web3 communication standard.
To ensure true on-chain security 4thTech protocols have to be transaction heavy as every message or email represents its own transaction. Due to this heavy on-chain activity (i.e. one email/message = one transaction), 4thTech dApps bring significant growth in daily L1 transactions.

⚡️ 10 message/email per day MainNet transaction projection

💡 If we take a look at the third row for example 25.000 EVMOS users sending 10 messages per day produce 7.5 Mio transactions a month.

Core Primitives

⚡️ One email/message = One L1 Transaction

The dChat W2W message exchange happens on-chain, as one short message represents one L1 transaction. As dMail is data heavier, lite encrypted JSON files are created to hold dMail metadata (i.e. subject, content & attachment location) while the link to this JSON metadata & checksum (i.e. dMail content structure SHA-256 hash) are recorded on-chain in the form of an L1 transaction. So again the core primitive “one email/message = one L1 transaction” applies.

⚡️ Not Your Keys = Not Your Email/Message

Every wallet becomes an on-chain identity & message data vault, accessible/decrypted only with users’ private keys!

⚡️ L1 security + Encryption + Decentralized storage = Web3 Secured W2W dMail & dChat Communication

True dMail & dChat security is achieved by utilising L1s security, encryption cocktail (i.e. AES, RSA, SHA-256, ECDH) and decentralized storage.

How we built it

Web3 security by design was our guiding approach, which means that we put into consideration how we could preserve privacy, guarantee protection, and obfuscate metadata to the largest possible degree at the forefront of all our Architectural decisions. At the same time, no personal data whatsoever is collected by the protocol.

The framework consists of six main parts. Due to the sheer size of the project, the EVMOS dMail was developed for the hackathon. The dMail is fully developed, deployed on EVMOS TestNet and ready for EVMOS MainNet. Other solutions are in development and a part of the project roadmap. 4thTech does not monetize any user data, personal data or metadata. To ensure true on-chain immutability and utilise the security of an underlining L1, 4thTech protocols have to be transaction heavy as every message or email represents its own transaction which comes with the cost of writing data on the blockchain. 4thTech protocols can strongly contribute to EVMOS transaction volume, while its solid fee model can support the project in the future. Let’s not forget one email/message = one transaction, which = one service fee.

⚙️ dMail Protocol (EVM SC): Solidity-based E2EE email protocol resilient to data mining & spoofing, that enables users to share content, files and media from wallet to wallet.

dMails are encrypted with AES encryption
All encrypted attachments are stored on either 4thTech temporary GDPR-compliant cloud storage or permanent decentralized storage (i.e. future option)
A JSON metadata file is created that includes sender and recipient details, dMail subject, content, and attachment details (i.e. name, stored location, and checksum).
A JSON metadata file is encrypted with AES encryption and stored in storage.
A JSON metadata file URL & checksum are sent to EVMOS Smart Contract.
After transaction finality, the recipient Client B load and decrypt a JSON metadata file and loads and decrypt all the attachments.

File encryption example:

// Symmetric encrypt
const symKey = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-cbc', symKey, iv);const symEncrypted = Buffer.concat([cipher.update(fileData), cipher.final()]).toString(
    'base64',
);// Asymmetric encrypt - encrypt just symmetric key & iv
const key = new NodeRSA();
key.importKey(publicKey, 'pkcs8-public');const symPrefix = `${symKey.toString('base64')}:${iv.toString('base64')}`;
const encrypted = key.encrypt(symPrefix, 'base64');// Join asymmetric and symmetric part
const data = Buffer.from(`${encrypted}:${symEncrypted}`);

Save to blockchain:

// Save data to blockcahin
const txDetails: TransactionDetails = await blockchainService.sendDocument(
    envelope.sender.account,
    envelope.recipient.account.address,
    envelopePath,
);

Smart Contract link: SC

⚙️ dChat Protocol (EVM SC): Solidity-based W2W messaging protocol that enables on-chain E2EE private messaging, group chat & curated community chats. FOURim docs

⚙️ dID Protocol (Typescript, Vue.js): Serves as a public key exchange point between users and connects wallets during the dMail & dChat data exchange process. FOURid docs

⚙️ UI platform (Typescript, Vue.js): Written with TypeScript, a superset of JavaScript and utilises Vue 3 framework. Serves as 4thTech native UI and White-label GUI framework. UI platform docs

⚙️ SDK framework (Typescript): EVM compatible dMail & dChat SDK framework enables back-end partner integration into their UIs or Wallets.

⚙️ Encryption (AES, ECDH): While the message or email is encrypted with Advanced Encryption Standard (i.e. AES), the Elliptic-Curve Diffie-Hellman (i.e. ECDH) key agreement protocol is used for generating a secret key (i.e. used in AES encryption). The implementation of the Elliptic-Curve Diffie-Hellman protocol will enable the interoperability of 4thTech communication protocols with EVMOS wallets. Encryption docs

Databases & Storage

Blockchain is used to store; (1) a link to the dMail JSON metadata, timestamp, checksum & sender address; (2) dChat encrypted message, timestamp & sender address. The overall security of the blockchain network depends on its decentralization, while access security depends on the user’s private key safety measures;
Decentralized storage is used for the temporary or permanent storage of encrypted data files, media and JSON files (i.e. dMail, subject & content attachment location) that are exchanged between wallets in the dMail or dChat process. The decryption and access to the data files are possible only with a private key of the user;
To comply with GDPR, the data file cloud repository is also an option that is used for the temporary 7-day storage of encrypted data, media and JSON files (i.e. dMail subject, content attachment location) that are exchanged between wallets in the dMail or dChat process. The decryption of the data files is possible only with a private key of the user. The data file cloud repository is protected by a firewall. In the case of a user request, it is possible to delete any user-related data to comply with GDPR regulations;
User local storage is used to store; (1) wallet private keys; (2) dMail & dChat content, and; (3) user-initiated backup of conversations, data files and reports. The security of local storage is in the user’s domain.

Challenges we ran into

We spent over four years developing the 4thTech multi-chain communication building blocks, which are built around security and ecosystem integrations deployed on various Layer 1s. As time passed, some of the chosen L1s did not pan out due to interoperability or scalability issues. So the main challenge is to find the most suitable underlying network that would fit all the main requirements and make on-chain private communication usable at scale.

E2EE group messaging was always difficult to achieve, this goes for Web2 and especially for Web3. Developing the tech to support on-chain E2EE group messaging was a challenge in itself. We solve it by random generation of the secret key, that is used to encrypt/decrypt messages. The secret key is distributed to all group members and separately encrypted with Advanced Encryption Standard (i.e. AES) over the Elliptic-Curve Diffie-Hellman (i.e. ECDH) key agreement protocol.

This opens a whole new chapter in Web3 on-chain communication and could disrupt traditional Web2 communication platforms.

Accomplishments that we’re proud of:

⚡️ 2018: Ethereum dID, dMail, dNotary deployment (EVM, Solidity) — Beyond 4.0 award
⚡️ 2020: SI-Chain dID, dMail, dNotary deployment (EVM, Solidity) — UNCEFACT use case
⚡️ 2020: Tolar HashNet, dID, dMail, dNotary (EVM, Solidity)
⚡️ 2021: Edgeware, dID, dMail, dNotary (Substrate, Rust)
⚡️ 2021: Solana, dID, dChat, dMail, dNotary (Rust) — Solana Ignition Hackathon Endorsement
⚡️ 2022: Moonbeam, dID, dMail, dNotary (EVM, Solidity)
⚡️ 2022: Tron, dID, dMail, dNotary (EVM, Solidity) — Tron Grand Hackathon Winner Web3 track
⚡️ 2022: EVMOS, dID, dChat, dMail, dNotary (EVM, Solidity)

What we learned

Blockchain has always offered the promise of enabling secure, immutable W2W communication while retaining data and identity ownership, it is by design the security privacy tool.
Due to stability and scalability issues, early-generation blockchains can not sustain the on-chain communication infrastructure.
User migration from “free” but not private Web2 communication platforms to payable but private Web3 infrastructure will be challenging, so new incentive onboarding models will have to be introduced.
With the rise of security awareness and Web3 adoption in general, the on-chain W2W email & messaging could become the dominant communication and as such can become the future of private online communication. The privacy and security of Web3 native features are just too good to be overlooked “Not Your Keys, Not Your Message!”

How to test?

Step 1: DL & setup FOURwaL (follow the link below)
Step 2: Login to the UI-staging (follow the link below)
Step 3: Airdrop EVMOS TestNet tokens to the FOURwaL account (address available in the accounts tab)
Step 4: Click the “dMail” TAB
Step 5: Add new contact by pasting the FOURwaL EVMOS TestNet recipient address
Step 6: Start sending dMails
Step 7: Check your transactions by clicking on the Explorer links available in the UI

🔗 FOURwaL Chromium DL
🔗 FOURwaL Mozilla DL
🔗 UI-staging
🔗 TestNet token mint

Built With

Try it out

All content provided herein, including but not limited to text, graphics, logos, and images (the “Content”), is the property of Block Labs Luxembourg S.a r.l., a legal entity established under the laws of the Grand Duchy of Luxembourg, registered with R.C.S. Luxembourg under N B263508 at the following address: 41, rue du Puits Romain, z.a. Bourmicht (Atrium Business Park), L-8070 Bertrange, Luxembourg (the “Company” or “we”). It is protected by copyright and other laws that protect intellectual property and proprietary rights. You are granted a non-exclusive, non-transferable, revocable license to access and use the Content for the sole purpose of obtaining information about the 4thTech technology and other educational purposes. We have done our best to ensure that the Content is accurate, updated, complete, and provides valuable information, but neither do we guarantee nor take any responsibility for its accuracy and/or completeness. The Content is not intended as, and shall not be understood or construed as legal, financial, tax, or any other professional advice, sale or offer for sale of any securities, and/or crypto-assets. The Company is not engaged in rending of and/or is not licensed to render any of the crypto-asset services and/or financial services, such as investment or brokerage services, capital raising, fund management, or investment advice.