Security by Design.

Privacy by Design

We built Mailchain as a unified Web3 inbox that safeguards user privacy, all without sacrificing convenience. How did we do it?

Identities

Messaging is often linked closely to identity. If you lose control of your identity, someone else can impersonate you, or you can be deplatformed. Protecting users from having their credentials compromised is a priority.  

Multi-Wallet Inbox

With Mailchain, users have access to a multi-wallet inbox.  

Mailchain makes it possible to register and manage multiple wallet addresses under the same Mailchain account identity. Messages can be sent to the primary Mailchain account, or any of these registered addresses. Via the Mailchain inbox application, a user can see and read messages sent to any address, or compose a message from any of their addresses.

Identity Inference

For privacy reasons, nobody except the account owner can know which wallet addresses are registered under the account. Hard key derivation is used to prevent any inferred ownership of accounts. Despite messaging keys being derived from your identity key, there is no way for anyone else, including Mailchain, to know that a registered key belongs to a Mailchain account.

Safeguarding Identities

A Mailchain user never has to enter seed phrase or private key that corresponds to a financial-backed or external wallet. In the event a Mailchain user’s account identity key is compromised, their messaging account is at risk, but assets related to the external address are not.  

How Login Works

Any login process requires two things:

  • Authentication—proving who you are who you say you are
  • Authorization—granting the correct level of access  

Web 2.0 applications commonly use login systems that authenticate you using a username and password, stored on a company’s server. Once authenticated, the company will give you the appropriate authorization to access your account and data. How a company treats your account and other private data depends on its own security policy and business goals.    

With Mailchain we opted for a different approach. We understand that people are comfortable with a traditional login experience, so we made that experience feel similar. What’s different is that Mailchain does not have access to your unencrypted login or account data. Your password is never sent to us, and we do not process it or store it. Instead, using your password, you are the only one who can access your account information. This means you have full ownership of your account, but it also means that you need to store your secret recovery phrase somewhere safe so in the event you forget your password, you can reset your account using the secret recovery phrase.

Encryption

All messages are end-to-end encrypted using unique keys known only to the recipient. Mailchain cannot see a user’s encrypted user profile or messages. This is all decrypted on the client side (in the browser). This means nobody, including Mailchain, can read sensitive user data.

Diverse Encryption Keys

Mailchain uses different encryption keys for different purposes in its application. For example, different encryption keys generated for each message. In the event a single messaging key is ever compromised, only one message would be decipherable. This ensures forwards and backwards secrecy of messages.

Storage Location Encryption

We don’t believe the location where messages are stored should be visible to everyone, even if messages are encrypted. To protect against arbitrary message harvesting, message location information is encrypted before being included in the delivery request.  

Metadata Encryption

Message metadata included in the delivery request is encrypted before sending. This ensures only the recipient can access it. Once a message has been delivered or it has expired as undelivered, it can be removed from its storage location, so it is no longer retrievable. The message metadata becomes obsolete.

Private Keys

In addition to never seeing your login details or application data used for Mailchain, you can communicate using your existing wallet addresses, without entering your private keys or putting your existing keys at risk.  

Storage

The Mailchain application encrypts messages before sending them to distributed storage locations. The application then encrypts the location metadata that is transmitted on-chain. This means no one can learn anything about the size or location of your messages.

Verifiable Addresses

Each message is cryptographically signed and can be proven to originate from the sender. If a signature has a mismatch, this can be flagged as a potential phishing threat. Verified projects can publish their official sending addresses to help users verify whether a message originated from the project.  

Security by Design

This article explains some of the concepts and considerations made by Mailchain when implementing a safe way for users to encrypt and access their Web3 communications.  

When interacting with blockchains, a private key pair can be used for signing or encryption. Carrying out both actions with the same key pair carries unknown risk. Here’s why.

Signing

When you use your wallet (a public/private key pair) to send transactions, you must first sign the transaction. This is how the blockchain protocol knows the transaction is authorised by you, and how other applications can prove you initiated an action (i.e. permission to spend, list, trade etc.). Most signing operations use a mathematic function using elliptic curve secp256k1.

Encryption

When you encrypt data using the public key of an Ethereum account, the owner of that Ethereum account can decrypt the data using their private key. Encryption uses different cryptographic functions from signing. Carrying out signing and encryption is not recommended due to the reuse of key material across the different elliptic curves. Theoretically, an attacker could learn some information about the private key from the combined use of signing and encryption with the same key.

Mailchain Accounts

At Mailchain, we believe users should be in control of their data. We implemented a login system where the authorisation is controlled by user’s ability to decrypt data.

When you create your Mailchain identity, you:

  • choose a username,
  • enter a password,
  • generate a secret recovery phrase (otherwise known as a private key).

Mailchain never processes your password or sees any unencrypted information. That means we do not know or store your password or private key. Only you do.

When you login:

  • you enter your username and password,
  • the application retrieves your encrypted profile bundle, then decrypts it in your browser.

Adding Wallets to Mailchain

In addition to never seeing your login details or application data used for Mailchain, you can communicate using your existing wallet addresses, without entering your private keys or putting your existing keys at risk.  

Here’s how this process works:

  • When you register an address in Mailchain, the application generates a unique messaging key for use with your external address.  
  • You sign a “proof” with your external wallet address, that contains the public details of this key information.  
  • This signed “proof” can be trusted by other users because the signature can be cryptographically proven to come from the registered address.  
  • Subsequently, the message key can be used to encrypt and sign messages. This proof also does not rely on Mailchain to verify.