Trust assumptions

Here are the trust assumptions our protocol currently requires:

Issuers behave honestly. Malicious issuer countries could issue fake passports. More on that below.
Secure Enclaves maintain privacy. In the current iteration of our design, Secure Enclave are trusted for privacy. They are not trusted for validity, as the zero-knowledge proofs they generate are verified onchain.
- As explain above, we plan on adding back enough client-side proving so that most of the user’s personal information never leaves their device, even encrypted.
The Self protocol owner wallet manages the CSCA state root correctly, and does not abuse dev functions.
- We plan on decentralising the management of the CSCA tree root in the future, most likely using multisigs or oracles, and eventually renouncing the power to access dev functions.
When using the main mobile app, the Apple and Android Keychains are trusted. This is because we store the secret there, along with the passport data so the user doesn’t have to scan their passport every time they need to do a disclosure proof.
- Users that do not want to make this trust assumption can always generate their own secret, build the circuits and merkle trees, generate their proofs locally and send all proofs onchain by themselves.

Last updated 4 days ago

Here are the trust assumptions our protocol currently requires:

Issuers behave honestly. Malicious issuer countries could issue fake passports. More on that below.
Secure Enclaves maintain privacy. In the current iteration of our design, Secure Enclave are trusted for privacy. They are not trusted for validity, as the zero-knowledge proofs they generate are verified onchain.
- As explain above, we plan on adding back enough client-side proving so that most of the user’s personal information never leaves their device, even encrypted.
The Self protocol owner wallet manages the CSCA state root correctly, and does not abuse dev functions.
- We plan on decentralising the management of the CSCA tree root in the future, most likely using multisigs or oracles, and eventually renouncing the power to access dev functions.
When using the main mobile app, the Apple and Android Keychains are trusted. This is because we store the secret there, along with the passport data so the user doesn’t have to scan their passport every time they need to do a disclosure proof.
- Users that do not want to make this trust assumption can always generate their own secret, build the circuits and merkle trees, generate their proofs locally and send all proofs onchain by themselves.

Last updated 4 days ago