Reclaim Protocol lets users generate credentials without leaking private information. One thing we think about a lot is how to we make sure our users don’t get doxxed.

Let’s define the problem more concretely.

Say you, as a user, generated certain credentials for on-chain use. You created a credential from your Uber account, your Tinder account, your Doordash account, your Tax Records and so on. Let us assume that given enough data points on chain, it might be possible to triangulate the particular you, the user, that is interacting with a certain smart contract. If that is true, you are doxxed which can lead to various downstream problems including censoring and off-chain penalties. And this is a doxxing of a special kind - it is permanent. Because it is onchain.

That sucks.

One solution is to have different wallets for different credentials and different contracts. But, these days it’s easy to figure out the owner of all the wallets using some advanced chain analysis. Particularly, tracing back where the eth for transaction fees came from.

Reclaim has a way to solve this problem. That is, whenever you create a credential, you add yourself to a Merkel tree. At any point, this Merkel tree represents the set of users who have generated the credential. Now, when interacting with a smart contract, you don’t submit the reclaim proof - but rather a merkel tree membership zkproof. So, all that the contract or someone doing the chain analysis learns is that you were one of the several members of the merkel tree, but never know which one in particular. This is works. It is live on our EVM smart contracts.

However, this converts what is a one step process into a two step process with additional delay. That is, you first need to add yourself to a merkel tree using a reclaim proof and then share the zkp of merkel tree membership with the smart contract instead of submitting the reclaim proof directly. Additionally, if you are the first person to create a credential, you also need to wait for numerous people to join the merkel tree before you can be sure that you don’t doxx yourself even when using the zkproof of merkel tree membership.

It’s a UX hassle.

That is where we are super excited to work with Secret. Because all the transactions are processed inside a TEE, you can submit a Reclaim proof directly to the smart contract you want to interact with - without the additional step of adding yourself to a merkel tree and waiting for enough members to join. All the data to and from the TEEs are encrypted too, so that makes the UX great without compromising security.

We are proud to say that we’re live on Secret as of today and are ready to help Dapps that want to build using Reclaim Protocol integrate in a way that users don’t get doxxed. This is something any dapp on Cosmos can start integrating today!

Future Directions - controlled information sharing with Secret

Another potential direction to combine Reclaim with Secret Network is to store multi-value Reclaim proofs in a smart contract on Secret, and have the Smart Contract govern access to data. For example, a user may store proofs of several different data points, like their age, their audited income, number of their followers on social networks, etc. The user may than decide to allow the contract to share certain parts of the information with other smart contracts. For instance, the user may allow a gaming app to get a proof that the user is over 21, or a trading app to get a proof that the user’s income is in a certain bracket. Other apps may need more granular access, but the user will be in control of who gets to see what data.

Special thanks to Alex Zaidelson for his continued support and on-the-fly error fixing to help us get to production in a short span!