ERC-7627: Secure Messaging Protocol

https://github.com/ethereum/ERCs/pull/268

Abstract

This proposal implements the capability to securely exchange encrypted messages on-chain. Users can register their public keys and encryption algorithms by registration and subsequently send encrypted messages to other users using their addresses. The interface also includes enumerations for public key algorithms and a structure for user information to support various encryption algorithms and user information management.

Objectives

1. Provide a standardized interface for implementing messaging systems in smart contracts, including user registration and message sending functionalities.
2. Enhance flexibility and scalability for messaging systems by defining enumerations for public key algorithms and a structure for user information.
3. Define events for tracking message sending to enhance the observability and auditability of the contract.
4. Using a custom sessionId allows messages to be organized into a conversation.

A few non-editorial related comments:

• I raised a similar idea for an on-chain key registry in Pretty good privacy (PGP / GPG) on-chain keyserver. Happy to see someone else exploring the same space!
• Using an enumeration for key types might limit the future expandability of the standard. What if a new algorithm comes along?
• It might be a good idea to allow users to store one public key per algorithm, instead of just one per user, and further, you might want to allow users to store separate signing/encryption keys for validation vs. encryption.

I agree, which also means the function sendMessage() and event MessageSent will probably need to specify which algorithm the message was encrypted with (or at least the associated public key) so that the recipient can properly decrypt it. This may also make it easier for indexers and clients to process incoming messages if it’s a lot and to switch which one is used if vulnerabilities or other issues are found.

As you mentioned, having a wallet store only one public key is not a good design. I modified the implementation to allow users to set multiple public keys and specify expiration times.