The goal of an Adversary in the Fake Key Reveal attacks is to compute a key such that the result of decryption of the TLS response (that came from the Website) using this key will be a plaintext that contains some specific substrings on the Adversary’s choice. Let’s take a closer look at how the Reclaim’s selective disclosure of the Server’s TLS response works to understand how these attacks can potentially harm Reclaim:...

We are thrilled to announce a significant milestone in our journey towards providing robust and secure ZK proofs! Reclaim by Questbook has successfully passed the ZK Circuit Security Audit by David Wong, the author of Real World Cryptography. It is a crucial step in ensuring the reliability and safety of our cryptographic solutions, a foundational milestone. In this article, we’ll talk about the audit process, ChaCha20 algorithm, and why it’s gonna be vital for our users....

By Maxwell Allman When you log in to your rideshare app, it might say that you’re a 5-star driver. Or when you log in to a banking website, it might say that you’ve never been late on a credit card payment. But how do you prove this information to someone else? The Reclaim Protocol lets you take ownership over the data that you receive online. Reclaim lets you share your data with others while:...

How Reclaim is Revolutionizing Proof Metrics: A Guide for Forward-Thinking Developers In the context of both Web2 and Web3 applications, there exists a multifaceted need for establishing various forms of proof to address day-to-day use cases. These proofs serve as indicators of user engagement and commitment within digital ecosystems. The following are some key categories of proof, each with distinct criteria and utility: Proof of Stewardship (Proxy = Holding Toekns): This pertains to individuals who demonstrate care and dedication to the ecosystem....

Reclaim Protocol can be used to create numerous tools that can fastforward us towards a network state. We are going to be running hacker houses around the world for builders to hack on their ideas for a three to six months with all their basics covered. If you’re a builder who is passionate about network states and is building tools to fastforward the future, join our discord and tell us what you’re building....

Reclaim protocol enables various usecases that were previously never possible. It unlocks a new design space letting builders build novel solutions that leverages the identity and credentials of the user - identities and credentials the users have accrued over time all over the internet. If you are building any of these ideas or products in the periphery of these ideas, we’d love to support with grants, funding, and engineering. Verification Usecases Address verification Currently address verification is done in one of the following modes - either by sending a person physically to the said address, or by utilizing addresses on official documentation like national ID, financial documents....

Here is the list of audits in progress Phase : External Audit ZK Circuits (By ZkSecurity) Phase : Internal Audit TLS Libraries Reclaim SDKs Reclaim Wallet App Reclaim Wallet App Backend Reclaim Attestor

Reclaim Protocol values user security, privacy and self soverignity. None of the user data is visible to anybody, including the Reclaim Servers, without the explicit consent of the user. Client Side Proofs All the proofs of identity and credentials are generated using the https sessions. These https sessions are initiated and executed completely on client side. The ZK Proofs are also generated completely on client side. So the data encapsulated within the proofs are held exclusively in the user’s device....

Vitalik published a comprehensive study and opinions on Proof of Personhood here. Though I agree with most of the article, there are a few more points I’d like to add. Proof of Personhood and Sybil resistance Proof of Personhood is a subset of Sybil resistance schemes. A common mistake is to collate the two. From wikipedia - “A Sybil attack is a type of attack on a computer network service in which an attacker subverts the service’s reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence....