ZKEmail using DKIM and new circuits

contracts/account/Cargo.toml

@@ -32,3 +32,4 @@ rsa                = { workspace = true }
 getrandom          = { workspace = true }
 p256               = { workspace = true }
 cosmos-sdk-proto   = { workspace = true }
+zkemail = {path = "../zkemail", features = ["library"]}

contracts/account/src/auth.rs

@@ -1,6 +1,6 @@
 use crate::auth::secp256r1::verify;
 use crate::error::ContractError;
-use cosmwasm_std::{Binary, Deps, Env};
+use cosmwasm_std::{Addr, Binary, Deps, Env};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
@@ -10,6 +10,7 @@ pub mod passkey;
 mod secp256r1;
 mod sign_arb;
 pub mod util;
+mod zkemail;
 
 pub mod testing {
     pub use super::sign_arb::wrap_message;
@@ -48,6 +49,12 @@ pub enum AddAuthenticator {
         url: String,
         credential: Binary,
     },
+    ZKEmail {
+        id: u8,
+        verification_contract: Addr,
+        email_hash: Binary,
+        dkim_domain: String,
+    },
 }
 
 impl AddAuthenticator {
@@ -59,18 +66,38 @@ impl AddAuthenticator {
             AddAuthenticator::Jwt { id, .. } => *id,
             AddAuthenticator::Secp256R1 { id, .. } => *id,
             AddAuthenticator::Passkey { id, .. } => *id,
+            AddAuthenticator::ZKEmail { id, .. } => *id,
         }
     }
 }
 
 #[derive(Serialize, Deserialize, Clone, JsonSchema, PartialEq, Debug)]
 pub enum Authenticator {
-    Secp256K1 { pubkey: Binary },
-    Ed25519 { pubkey: Binary },
-    EthWallet { address: String },
-    Jwt { aud: String, sub: String },
-    Secp256R1 { pubkey: Binary },
-    Passkey { url: String, passkey: Binary },
+    Secp256K1 {
+        pubkey: Binary,
+    },
+    Ed25519 {
+        pubkey: Binary,
+    },
+    EthWallet {
+        address: String,
+    },
+    Jwt {
+        aud: String,
+        sub: String,
+    },
+    Secp256R1 {
+        pubkey: Binary,
+    },
+    Passkey {
+        url: String,
+        passkey: Binary,
+    },
+    ZKEmail {
+        verification_contract: Addr,
+        email_hash: Binary,
+        dkim_domain: String,
+    },
 }
 
 impl Authenticator {
@@ -144,6 +171,21 @@ impl Authenticator {
 
                 Ok(true)
             }
+            Authenticator::ZKEmail {
+                verification_contract,
+                email_hash,
+                dkim_domain,
+            } => {
+                let verification = zkemail::verify(
+                    deps,
+                    verification_contract,
+                    tx_bytes,
+                    sig_bytes,
+                    email_hash,
+                    dkim_domain,
+                )?;
+                Ok(verification)
+            }
         }
     }
 }

contracts/account/src/auth/zkemail.rs

@@ -0,0 +1,37 @@
+use crate::error::ContractResult;
+use cosmwasm_schema::cw_serde;
+use cosmwasm_std::{from_json, Addr, Binary, Deps};
+
+#[cw_serde]
+pub struct ZKEmailSignature {
+    proof: zkemail::ark_verifier::SnarkJsProof,
+    dkim_hash: Binary,
+}
+
+pub fn verify(
+    deps: Deps,
+    verification_contract: &Addr,
+    tx_bytes: &Binary,
+    sig_bytes: &Binary,
+    email_hash: &Binary,
+    dkim_domain: &str,
+) -> ContractResult<bool> {
+    let sig: ZKEmailSignature = from_json(sig_bytes)?;
+
+    let verification_request = zkemail::msg::QueryMsg::Verify {
+        proof: Box::new(sig.proof),
+        dkim_domain: dkim_domain.to_owned(),
+        tx_bytes: tx_bytes.clone(),
+        email_hash: email_hash.clone(),
+        dkim_hash: sig.dkim_hash,
+    };
+
+    let verification_response: Binary = deps
+        .querier
+        .query_wasm_smart(verification_contract, &verification_request)?;
+
+    let verified: bool = from_json(verification_response)?;
+
+    Ok(verified)
+}
+

contracts/account/src/execute.rs

@@ -70,6 +70,12 @@ pub fn before_tx(
             Authenticator::Passkey { .. } => {
                 // todo: figure out if there are minimum checks for passkeys
             }
+            Authenticator::ZKEmail { .. } => {
+                // todo: verify that this minimum is as high as possible
+                if sig_bytes.len() < 700 {
+                    return Err(ContractError::ShortSignature);
+                }
+            }
         }
 
         return match authenticator.verify(deps, env, tx_bytes, sig_bytes)? {
@@ -220,6 +226,22 @@ pub fn add_auth_method(
             *(credential) = passkey;
             Ok(())
         }
+        AddAuthenticator::ZKEmail {
+            id,
+            verification_contract,
+            email_hash,
+            dkim_domain,
+        } => {
+            // todo: how does verification work in a situation like this?
+
+            let auth = Authenticator::ZKEmail {
+                verification_contract: verification_contract.clone(),
+                email_hash: email_hash.clone(),
+                dkim_domain: dkim_domain.clone(),
+            };
+            save_authenticator(deps, *id, &auth)?;
+            Ok(())
+        }
     }?;
     Ok(
         Response::new().add_event(Event::new("add_auth_method").add_attributes(vec![

contracts/treasury/Cargo.toml

@@ -17,8 +17,5 @@ cosmwasm-std       = { workspace = true }
 cw2                = { workspace = true }
 cw-storage-plus    = { workspace = true }
 thiserror          = { workspace = true }
-serde              = { workspace = true }
-serde_json         = { workspace = true }
-schemars           = { workspace = true }
 cosmos-sdk-proto   = { workspace = true }
 url                = { workspace = true }

contracts/zkemail/Cargo.toml

@@ -0,0 +1,32 @@
+[package]
+name = "zkemail"
+version = "0.1.0"
+edition = "2021"
+
+[features]
+# enable feature if you want to disable entry points
+library = []
+
+
+[dependencies]
+cosmwasm-schema    = { workspace = true }
+serde              = { workspace = true }
+serde_json = { workspace = true }
+cw-storage-plus    = { workspace = true }
+cosmwasm-std       = { workspace = true }
+cw2                = { workspace = true }
+thiserror          = { workspace = true }
+base64             = { workspace = true }
+cosmos-sdk-proto   = { workspace = true }
+getrandom          = { workspace = true }
+
+ark-crypto-primitives = { version = "=0.4.0" }
+ark-ec = { version = "=0.4.2", default-features = false  }
+ark-ff = { version = "=0.4.2", default-features = false, features = [ "asm"] }
+ark-std = { version = "=0.4.0", default-features = false }
+ark-bn254 = { version = "=0.4.0" }
+ark-groth16 = { version = "=0.4.0", default-features = false }
+ark-relations = { version = "=0.4.0", default-features = false }
+ark-serialize = { version = "=0.4.2", default-features = false }
+ark-poly = { version = "=0.4.2", default-features = false }
+poseidon-ark = {git = "https://github.com/arnaucube/poseidon-ark"}