Proof of Provenance

The provenance of an object is the history of ownership or the origin or the object. Analogously, the provenance of data is the origin of the data, and the changes that may have been made over time by different owners.

When you access a page on a website, the website sends you data to display on your screen. This data may contain information about you that you would like to share with others, like your age, residency, account balance, number of followers, etc. But the challenge with sharing this data directly with someone else, is that they have no reason to trust that this data actually came from the website you claim it came from, i.e. the provenance of the data. The website could agree to share the data to sources that the user chooses (or provide a cryptographic signature on the data it returns), but this requires the website’s cooperation.

Reclaim handles this issue by having a trusted party called an attestor vouch for the authenticity of the data. Importantly, this is done in a way where the attestor only gets to see the encrypted data that passes between the user and the website, and so cannot see any private information. We’ll now walk through the steps for how we do this (without technical cryptographic details).

1. The user accesses a website the standard way (using the TLS protocol) and logs in if necessary. This causes a ‘handshake’ to be performed between the user and website, where they agree on an encryption key to use for their communication this session.

2. The user makes an (encrypted) request to the website, which typically would just be to open a certain page on the site. But, the request is first sent to the attestor, who then passes it on to the website. This is so the website will send the return data the attestor first, instead of the user.

3. The website then sends an (encrypted) response to the attestor. The attestor cryptographically **signs** this response, meaning that the response cannot be altered without invalidating the signature. After signing, the attestor then sends the response to the user.

Now the user has the encrypted response, with proof of provenance provided by the attestor. By simply sharing the encrypted response along with the encryption key, the user can prove to anyone what the unencrypted contents of the response were.

But what if the user only wants to share part of the unencrypted response, and not the whole thing? This is where Zero-knowledge proofs come in, which we explain here.

And what if someone doesn’t trust the attestor to always do their part honestly? This is when our decentralized Reclaim mechanism can be used, that uses multiple attestors and a financial mechanism to incentivize honesty, and is explained here.