Maybe I’m missing something but the author mentioned using email instead of Facebook/Google login. Why come up with a complex crypto protocol instead of using email as the identity key?
Because email alone is vulnerable, without two-factor authentication. And keys are a great second factor, except for the risk of losing them. Phone numbers are commonly used, but that's more PII to share, and it can be bypassed. Also, with something like Keybase or Keyoxide, you can still use multiple email addresses.