4thTech enables spam & spoofing resistant E2EE web3 dMail framework (FOURdx Protocol)

4thTech Enables Spam & Spoofing Resistant E2EE Web3 dMail framework (FOURdx Protocol)

The internet changed the way we live, it opened the gates to unlimited communication, but it failed greatly regarding email privacy, data ownership and identity security. Emails are getting spammed with junk mail while identities are being stolen with email spoofing. There is also the matter of privacy, which is under question if free eMail web2 services are used instead of privacy dedicated email servers. To enable free eMail, the current web2 eMail providers resort to adding based models that by nature enable mass surveillance and data mining to enforce intrusive ad campaigns. Furthermore, all data exchanged and created within these centralised structures lose privacy and ultimately disassociates ownership from the user. Now more than ever secure private email communication is becoming more and more important. To address this issue, 4thTech enables E2EE (i.e. end-to-end encrypted) Web3 permissionless dMail deployed on public chains Ethereum, Tolar, Edgeware, Moonbeam, Solana & Tron.

The need for permissionless, immutable, private digital data exchange is imminent. Current centralised eMail systems or other web2 data exchange services are not secure and do enable any privacy whatsoever. Did you know that nearly 85% of all emails are spam? According to Dataprot statistics that translates into an average daily volume of 122.33 billion messages globally. Tessian research suggests that throughout 2020, 1 in every 4,200 emails was a phishing email. Keeping your email un-infected and out of the millions of subscription services is close to impossible these days and cleaning the inbox has become a daily time-consuming task.

4thTech addressed this issue already in 2017, and later developed a private, multi-blockchain-based solution, which leverages E2EE (i.e. end-to-end encryption) and trust provided by the blockchain to enable secure, immutable dMail (i.e. FOURdx Protocol). To enable on-chain digital identity, the 4thTech dID (i.e. FOURim Protocol) was later constructed in 2019. Data dNotary verification protocol (i.e. FOURns Protocol) was added in 2020 that acts as an essential part of the 4thTech ecosystem and enables unique dMail data timestamp and file checksum authenticity verification solution.

dMail Solution

At its core dMail prevents identity theft phishing, while enabling E2EE (i.e. end-to-end encrypted) Web3 dMail in the form of FOURdx protocol. FOURdx is an open-source protocol that leverages trust sourced from the blockchain and enables E2EE, immutable wallet-to-wallet dMail. The dMail framework is built on public blockchains, enabling organizations and individuals to collaborate and exchange data in a secure, transparent decentralised manner. The protocol records only the links to encrypted JSON metadata files and checksum of the encrypted JSON metadata file on the blockchain, which safeguards the rights of individuals to confidentiality and privacy while complying with GDPR. 4thTech’s dMail can also be defined as a decentralized network framework that supports text, data file or media exchange between wallet addresses of supported blockchains (i.e. Ethereum, Polkadot, HashNet, Solana & Tron). Supported by a modern intuitive UI-platform and thanks to multi-chain support, 4thTech dMail is accessible and affordable to all users.

Architecture & dMail Process

1. A JSON metadata file is created that includes dMail sender subject, content, attachment name, attachment URL, calculated hash (i.e., checksum) of data file content and Client B address.
2. In the form of JSON metadata file, dMail sent from Client Wallet A gets encrypted with a public key of the receiver Client B.
3. JSON metadata file URL & checksum are sent to Ethereum, Tolar, Edgeware, Solana, Moonbeam or Tron FOURdx Smart Contract.
4. Received Client B dMail is decrypted with Client B private key.
5. Attachments in the form of media & data files from Client A are encrypted with the public key of Client B.
6. Encrypted attachments files are sent to either 4thTech temporary GDPR compliant cloud storage or permanent decentralized storage (i.e. in development)
7. Received Client B attachments files are decrypted with Client B’s private key.

File encryption example:

// Symmetric encrypt
const symKey = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-cbc', symKey, iv);const symEncrypted = Buffer.concat([cipher.update(fileData), cipher.final()]).toString(
    'base64',
);// Asymmetric encrypt - encrypt just symmetric key & iv
const key = new NodeRSA();
key.importKey(publicKey, 'pkcs8-public');const symPrefix = `${symKey.toString('base64')}:${iv.toString('base64')}`;
const encrypted = key.encrypt(symPrefix, 'base64');// Join asymmetric and symmetric part
const data = Buffer.from(`${encrypted}:${symEncrypted}`);

Save to blockchain:

// Save data to blockcahin
const txDetails: TransactionDetails = await blockchainService.sendDocument(
    envelope.sender.account,
    envelope.recipient.account.address,
    envelopePath,
);

GDPR

As a result of extensive three years of legal and procedural GDPR research, the FOURdx protocol can be recognised as a GDPR compliant application as no personal data is stored on-chain but resides off-chain. FOURdx records links to encrypted files and hashes of the encrypted content on the blockchain.

dMail Availability

DMail JSON metadata file URL and checksum stay on-chain permanently as a part of the dMail wallet-to-wallet transaction verifying data exchange indefinitely. Encrypted dMail data and attachments files are sent to either 4thTech temporary GDPR compliant cloud storage or permanent decentralized storage. The current production version supports temporary storage with 30-day dMail availability. Permanent decentralized storage is in development.

dMail Attachments

Attachment media and data are stored in the 30-day temporary repository. The dMail recipient is provided with the “link” of the saved location JSON metadata file. The JSON metadata file that includes the link is sent to the blockchain, and the dMail recipient can download the data file and decrypt it with his private key saved in the browser’s 4thTech wallet (FOURwaL).

💡 Note: The current data exchange file size is limited to 20MB. All exchanged attachments data files are deleted after 30-days.

🔗 More FOURdx-related information

dNotary, dMail Data Verification Protocol

Blockchain data verification or notarisation can be described as a fraud prevention process that enables dMail data authenticity and guarantees that the data has not been changed in the course of a transaction between blockchain wallets. Usually, the physical notary acts as an intermediary and provides the needed trust factor between parties, but in the case of 4thTech dNotary, the system sources the needed trust directly from the blockchain. 4thTech dNotary can be also described as a digital notary of the decentralized world as it provides sensitive data file timestamp and origin verification. During the exchange from wallet A to wallet B, the data file hash is stored on the blockchain. In the case of future disputes over the data file authenticity, the user can match the data exchange transaction hash stored on the blockchain ledger.

dNotary Solution

As a by-product of dMail protocol (i.e., FOURdx), the FOURns can leverage the power of blockchain to facilitate source and time confirmation for any data files exchanged within the 4thTech ecosystem. dNotary is capable of; (1) timestamping digital data files; (2) providing the file checksum verification of the digital data authenticity, and; (3) providing access and review of the received data file details.

Data notarisation process;

(1) user account is created within the FOURwaL; (2) user account verification using 4thTech dID within the UI-platform (option); (3) on-chain checksum and timestamp verification of the received data file, using 4thTech dNotary within the 4thTech UI-platform.

Checksum calculation

calculateChecksum(data: BinaryLike): string {
  return crypto.createHash('sha256').update(data).digest('hex');
}

🔗 More FOURns related information

How to use 4thTech dMail?

Step 1: Download your 4thTech Google Chrome or Mozilla Firefox wallet

Step 2: Create and backup your wallet. To create your wallet, set up your password.

Step 3: Log into the 4thTech UI-platform

Step 4: Top up your account with gas (the 4thTech platform currently supports Ethereum, Edgeware, Tolar & Solana)

Step 5: In order to send dMails to friends and colleagues you will need to know your wallet address and the receiver’s wallet address (i.e. FOURwaL). Your wallet address works like your phone number or email address. It is uniquely yours!

💡 Note: FOURwaL is a 4thTech native wallet, specially designed to support dMail & dChat, other wallets won’t work! 4thTech UI-platform currently supports Ethereum, Edgeware, Tolar HashNet and Solana.

Step 6: Tap on the New tab located in the dMail menu folder, fill in the request form, attach the files and press Send.

💡 Note: 4thTech dMail currently supports up to 20Mb of attachments data file size, future platform updates will enable up to 1 GB.

Step 7: You can follow the dMail send transaction in the blockchain explorer of the chosen network by pressing the transaction Explorer link. When you receive a dMail, you can check it in your Inbox folder.

💡 Note: Check the file authenticity by clicking on the submenu dNotary details. If the Checksum Match is green, then the received file is authentic.

💡 Note: Remember to download the received dMails and attachment files to your computer's local storage as library storage is limited to up to 30-days. After 30-days, dMails and attachment files will be deleted.

Disclaimer

All content provided herein, including but not limited to text, graphics, logos, and images (the “Content”), is the property of Block Labs Luxembourg S.a r.l., a legal entity established under the laws of the Grand Duchy of Luxembourg, registered with R.C.S. Luxembourg under N B263508 at the following address: 41, rue du Puits Romain, z.a. Bourmicht (Atrium Business Park), L-8070 Bertrange, Luxembourg (the “Company” or “we”). It is protected by copyright and other laws that protect intellectual property and proprietary rights. You are granted a non-exclusive, non-transferable, revocable license to access and use the Content for the sole purpose of obtaining information about the 4thTech technology and other educational purposes. We have done our best to ensure that the Content is accurate, updated, complete, and provides valuable information, but neither do we guarantee nor take any responsibility for its accuracy and/or completeness. The Content is not intended as, and shall not be understood or construed as legal, financial, tax, or any other professional advice, sale or offer for sale of any securities, and/or crypto-assets. The Company is not engaged in rending of and/or is not licensed to render any of the crypto-asset services and/or financial services, such as investment or brokerage services, capital raising, fund management, or investment advice.

• 4thTech | Multi-chain Web3 dID, dMail, dChat & dNotary
• 4thTech, multi-blockchain data exchange

4thTech enables spam & spoofing resistant E2EE web3 dMail framework (FOURdx Protocol) was originally published in /4thtech on Medium, where people are continuing the conversation by highlighting and responding to this story.