Subhash Karri
When you log in to your rideshare app, it might say that you’re a 5-star driver. Or when you log in to a banking website, it might say that you’ve never been late on a credit card payment. But how do you prove this information to someone else? or share this information with a third-party app?
The Reclaim Protocol lets you generate an attestation of ANY of your data on the web and seamlessly share your data with third-party applications while:
So you can show that you’re really a 5-star driver without giving away your license plate number, or that you have great credit without giving away your bank account number.
Your first impression would be that this might be some sort of web-frontend scraping. Absolutely not!
Reclaim uses state of the art cryptographic technology, but the ideas are simple. Check out our video below to see how it works, or for more in-depth information:
In order to create a proof of a claim, a user must first login to the desired website. The HTTPS request to open the website, and the response, is routed through a HTTPS Proxy Server called an attestor. The attestor monitors the encrypted packets transferred between the user and the website. The user then shares keys that reveal non private information of the request to the Attestor.
The attestor looks at the request that has all the data in plain text, except the private data like authentication data. It can then sign off saying, indeed the right request was made. The encrypted response from the website is passed to a zkcircuit that will extract a regex match on the encrypted data using a decryption key as a private input. This is then again attested by the attestor that the public input to the zkp was indeed the encrypted data that came from the website. Given these signatures on the request and the encrypted response, and the zkproof itself - any third party app can verify the existence of data that exists on the user’s profile.