Proxying Is Enough

- Madhavan Malolan Special thanks to Kirill Kustenok and Zhongtang Luo for proof reading multiple versions of this draft. Recently Z. Luo et al released a paper titled “Proxying is Enough: Security of Proxying in TLS Oracles and AEAD Context Unforgeability” (Hash), where they discuss security of TLS Oracles. From the paper,"TLS oracles allow a TLS client to offer selective data provenance to an external (oracle) node such that the oracle node is ensured that the data is indeed coming from a pre-defined TLS server....

May 29, 2024

RFP - Investor's Assistant

This RFP if for a product that improves an investors’ deal flow without bombarding them with messages. Obviously, using AI. Train on DMs Train a model using an investor’s DMs on Whatsapp, Telegram, SMS or Email. Essentially try to figure out what data signals an investor is looking for before agreeing to speak. This could be a standard self hosted 70B Llama finetuned using DMs. A frontend Host a front end that is a chat interface....

March 28, 2024

Why Secret is Particularly Interesting for Reclaim

Reclaim Protocol lets users generate credentials without leaking private information. One thing we think about a lot is how to we make sure our users don’t get doxxed. Let’s define the problem more concretely. Say you, as a user, generated certain credentials for on-chain use. You created a credential from your Uber account, your Tinder account, your Doordash account, your Tax Records and so on. Let us assume that given enough data points on chain, it might be possible to triangulate the particular you, the user, that is interacting with a certain smart contract....

March 27, 2024

Reclaim Protocol RFPs

If you are building any of these, you should definitely consider applying for a grant on Questbook. Finance Discounts & Deals based on shopping history Shopping history has historically been proprietary information owned by the platform where the user did the shopping, like Amazon, Shopify, Ebay. However new applications can be built which poaches customers from other platforms by giving discounts and deals to power shoppers - by using reclaim Protocol to import shopping history....

March 14, 2024

RFP - AI friendly ZK Captcha

Madhavan (Mads) Malolan Which side is up? Captchas are getting so hard that only AIs will be able to solve it. The key premise of this post is that it is getting increasingly important for AI agents to be able to access web products on behalf of the user. Captchas are an antipattern. They are not any good at keeping AI bots out anyway, at the same time they’re detrimental to productivity....

March 12, 2024

RFP: Decentralized Oracles & Data Guilds

Chainlink, but for long tail data sources. Data Guilds A data guild is a DAO setup on chain to source certain data feeds. For example, there may be a Data Guild for Weather in Mumbai, another for NBA scores etc. In this DAO, there are two key participants. Subscribers - who use the data feeds Oracles - who provide the data onchain Coins Each Data Guild has its own coin. This coin governs the data feeds coming on chain....

March 11, 2024

Appclip and Instantapp

Most people assume that to generate proofs using Reclaim Protocol, you need to install a chrome extension or a mobile app. This is true for most zk-tls solutions out there, including Reclaim Protocol until early 2024. Not any more. All that you need is a mobile phone. You don’t need to install anything on it. You just scan a QR code, and the Reclaim Protocol proof generation starts. Check out the Demo Appclips and InstantApps Appclips and InstantApps are mini apps that can be opened on iOS and Android respectively without having to install an app....

February 7, 2024

Login Using Anything

Sign in with Google is all over the internet, but have you seen a Sign in with Uber, Sign in with Fortnite, or Sign in with Amazon? No - that’s because these websites don’t expose an OAuth API. Skip if you already know what OAuth is. OAuth API is an API that, for example, Google exposes. This OAuth API has two steps. The first step is to retrieve the Auth Token....

January 23, 2024

Try Reclaim

Developer App with Sample Integrations You can download the “Reclaim Protocol” app from Playstore and App Store Playstore Appstore Try without installing an app Coming Soon

January 22, 2024

Duplication Counting : Ensuring one proof is used only once, without doxxing the user

Introduction For many applications, it will be critical that multiple users are not able to claim the same credential, at least without being detected. For example, suppose a user proves they own some funds in a certain bank account, and then later shares that their banking login to another user who then proves the same credential. An application that requires users t have some minimum collateral will need to be able to detect if the same bank account is being claimed multiple times....

January 16, 2024