Currently, users are accustomed to logging into centralized login systems such as Google, Facebook, and Twitter to access these services, but they have no way to use this on-chain. These conventional login methods are incompatible with on-chain verifications, thus creating a disconnect between user identities on different centralized platforms and restricting their utility on-chain across Dapps.
Reclaim protocol will allow Dapps within the Polkadot ecosystem to provide zk login for its users. It will enable Dapp users to log into any website and generate a zkproof of their login that can be verified on chain. Reclaim Protocol makes https traffic verifiable using Zero-Knowledge Proofs, enabling users to generate verifiable credentials from any of their online user profiles. This unlocks unlimited possibilities as no APIs are required or no changes to be made to the websites to extract user private data, while guaranteeing data integrity. Web2 user data which was elusive to Web3 till now will be available to builders across the Polkadot ecosystem. This opens up opportunities for a new wave of applications that can support zklogin, proof of personhood and bot protection.
Through our research, we have identified zklogin and epassport to be an important use case for Dapp builders and users that can be implemented uniquely through Reclaim Protocol. Through Reclaim, users can not only validate their login credentials but also provide verifiable proofs of various personal attributes and activities. For instance, they can prove the number of rides taken on Uber, expenditures on Amazon, or their scores on Chess .com, thereby establishing a robust proof of personhood which is instrumental in combating fraudulent actors and bots. Such proof of personhood can now be made available onchain via Reclaim protocol within the Polkadot ecosystem.
Reclaim empowers users to generate Zero-Knowledge Proofs for any online user profile. To generate a claim, users first need to log into the relevant website. This login process, involving an HTTPS request and its subsequent response, is channeled through an HTTPS Proxy Server known as an ‘attestor’. This attestor oversees the encrypted data exchange between the user and the website. Subsequently, users provide keys that disclose non-sensitive parts of the request to the attestor. With this, the attestor can view the request in its entirety, barring confidential details like authentication data, and can confirm its legitimacy.
The website’s encrypted response is then processed by a zk-circuit, which identifies a regex match within the encrypted data using a decryption key as a confidential input. The attestor further validates that the zk-circuit’s public input was indeed the encrypted data sourced from the website. With these attestations on both the request and the encrypted response, coupled with the zk-proof, any third-party application, whether on-chain or off-chain, can verify the existence of data that exists on the user’s profile.
User credentials in Reclaim Protocol are generated and stored completely on the client side. Using Reclaim, users can generate Proofs(Groth16) in less than 10 secs even on a 2015 Android Device!
Reclaim Protocol Demo - Link
Reclaim Protocol is live on production and is currently used by experienced Dapp developers to build novel use cases such as a whistleblower protocol, decentralised P2P exchange, which has already done ~$160,000 in volumes in just nine weeks after launch.
- Familiar login on dapps Transitioning from Wallets to familiar logins such as Google Login will offer a streamlined onboarding experience for users. By establishing a gas tank, a dApp’s front end can enable users to engage on-chain without the necessity of a wallet. Subsequently, dApps can identify users on-chain through off-chain logins. This represents a substantial user experience enhancement compared to the current requirement of installing a wallet prior to interacting on-chain. zkLogin makes wallets a beneficial but non-essential component for dApp usage.
- Bot Protection - By leveraging data from off-chain real-world actions, a robust proof of personhood construct can be built. For instance, if a user has completed 50 Uber rides, spent $1000 on Amazon, and holds an 1100 rating on Chess .com, the likelihood of them being a bot is significantly reduced. Rather than relying on on-chain activity, which can be easily manipulated to ascertain whether a user is a bot, utilizing off-chain data to formulate a user’s humanness profile can effectively weed out bots that significantly hampers Web3 usability today.
Our proposal primarily aims to benefit builders to seamlessly leverage Reclaim protocol into their Dapps and get access to Web2 user data gated by Web2 servers to build innovative use cases. Moreover, these builders can leverage zkLogin, Proof of Personhood, bot protection primitives built by our team to significantly enhance new user onboarding and user experience.
Additionally, all end users will significantly benefit from the primitives such as zklogin, proof of personhood, thereby experiencing a significant user experience enhance across Dapps within the Polkadot ecosystem.
We are a small team with finite resources, and want to collaborate with ecosystems that demonstrate a genuine commitment to enable use cases that are likely to scale to a billion users. Specifically, we want to build on ecosystems that exhibit a strong desire to leverage Web2 sources to provide seamless user onboarding and bot protection. To our knowledge, there hasn’t been any other ecosystem that has declared its dedication to streamlining user onboarding and experience and bot protection.
Moreover, our research into the Polkadot ecosystem and community regarding the necessity and use cases surrounding user experience and onboarding gave us a clear understanding of Polkadot’s ecosystem’s priorities which strongly aligns with our approach to to enhance user experience through zk login and bot protection.
Reclaim Protocol is built by the team at CreatorOS Inc. We are a 20+ member engineering and web3 product development & research team including ZKP researchers and with previous affiliations to Stanford, Microsoft, Meta and Google. We have also built - Questbook.app, an industry-leading on-chain grants management tool that is used by some of the major L1/L2s including Polygon, Solana, Compound, Arbitrum, and TON, among others. CreatorOS is a YC W21 company.
We welcome the community members to share their feedback, comments and questions.