Duplication Counting : Ensuring one proof is used only once, without doxxing the user

Introduction For many applications, it will be critical that multiple users are not able to claim the same credential, at least without being detected. For example, suppose a user proves they own some funds in a certain bank account, and then later shares that their banking login to another user who then proves the same credential. An application that requires users t have some minimum collateral will need to be able to detect if the same bank account is being claimed multiple times....

January 16, 2024

Honeypot Mechanism for additional protocol security

To discourage attestors from certifying false claims, we want to make this dishonest behavior as financially risky as possible. While the Reporting Mechanism already provides some such financial risk, even more risk can be added through the Honeypot Mechanism. This mechanism which allows users to prepare trap claims, and attestors who accept a bribe to certify a trap claim will get caught in the trap. Trapped attestors are then charged a penalty, and the penalty is given to the user who trapped them as a reward....

January 16, 2024

Onchain Attestations

Reclaim Protocol is available in any format the developer wants to consume proofs on chain. Below are adapters that are used by many dapps. Check out the demo video or live demo PolygonID, on Polygon Reclaim Proofs can be created using PolygonID. It can also be stored securely for later use on the PolygonID Wallet. EAS, on Ethereum, Optimism and Arbitrum Ethereum Attestation Service is a simple attestation framework. One can consume and publish Reclaim Proofs as EAS Attestations....

January 9, 2024

Proof of Personhood in Crypto

Proof of personhood is essential in may dapps including airdrops, DAO voting, and Quadratic funding. However, there are not great solutions to do proof of personhood at scale effectively. Until today. Existing Solutions WorldID World ID is probably the most well funded startup trying to give a unique ID to every user. However, World ID suffers from three problems - scaling the orbs to several millions so that everyone has access to an Orb, trust on the hardware of the Orb hasn’t been compromised or will not be compromised, sharing biometric data as a privacy concern....

January 9, 2024

Progressive KYC

KYC is a loaded term. Depending on your business, jurisdiction and usecase, you’d have different KYC requirements. Reclaim Protocol works with various customers across the spectrum. In this post, I’ll walk you through some of our customers and how they think about KYC - incase, some of it is suitable to you. Additionally, a few businesses where KYC requirements are unclear or uncertain - like crypto - we see customers taking the approach of progressive KYC....

January 9, 2024

Onboarding & Loyalty Using Reclaim Protocol

Most apps start with a zerostate for a new user, primarily because there is no data available about the said user. Not any more. Using Reclaim Protocol, app developers can ask their users to import their user profile and activity from a website they already use. Until today, it was not possible for a user to import their persona from one website into another. This is largely because of unavailability of APIs on most websites....

January 9, 2024

Proof of Provenance

The provenance of an object is the history of ownership or the origin or the object. Analogously, the provenance of data is the origin of the data, and the changes that may have been made over time by different owners. When you access a page on a website, the website sends you data to display on your screen. This data may contain information about you that you would like to share with others, like your age, residency, account balance, number of followers, etc....

December 8, 2023

Infeasibility of Fake Key Reveal attacks

The goal of an Adversary in the Fake Key Reveal attacks is to compute a key such that the result of decryption of the TLS response (that came from the Website) using this key will be a plaintext that contains some specific substrings on the Adversary’s choice. Let’s take a closer look at how the Reclaim’s selective disclosure of the Server’s TLS response works to understand how these attacks can potentially harm Reclaim:...

October 12, 2023

Reclaim Successfully Passed the ZK Circuit Security Audit

We are thrilled to announce a significant milestone in our journey towards providing robust and secure ZK proofs! Reclaim by Questbook has successfully passed the ZK Circuit Security Audit by David Wong, the author of Real World Cryptography. It is a crucial step in ensuring the reliability and safety of our cryptographic solutions, a foundational milestone. In this article, we’ll talk about the audit process, ChaCha20 algorithm, and why it’s gonna be vital for our users....

October 2, 2023

Reclaim Explained, Simply

By Maxwell Allman When you log in to your rideshare app, it might say that you’re a 5-star driver. Or when you log in to a banking website, it might say that you’ve never been late on a credit card payment. But how do you prove this information to someone else? The Reclaim Protocol lets you take ownership over the data that you receive online. Reclaim lets you share your data with others while:...

September 20, 2023