What is Rarimo?
Rarimo is a privacy-first (ZK) social protocol that builds the largest network of private identities and brings real-world communities on-chain. Rarimo empowers the creation of the next generation of social apps where users can interact anonymously while maintaining a history of their actions, connections, and identity attributes. Users can selectively disclose specific information while keeping other aspects of their social graph private.
The Rarimo Protocol is built on three foundational components:
- Self-Issued Identity: Ensures that only verified, real individuals can participate in social apps, enhancing trust and authenticity.
- Confidential Social Graph: Supports private yet verifiable social interactions, allowing users to engage without compromising their privacy.
- RariMe App: A self-sovereign wallet for managing your identity, giving users full control over their personal data.
Let's explore these components in detail to understand how the Rarimo Protocol operates.
Verifiable Self-Issued Identity
Creating a pseudonymous account without linking it to a real person is easy, but such identities often lead to issues like fake accounts (Sybil attacks) that disrupt social interactions.
Traditionally, identity verification involves a trusted issuer that authenticates users. This approach poses risks as the issuer could compromise privacy or be shut down. Verifying user uniqueness might require sharing sensitive data, like government IDs, which increases privacy risks.
Rarimo offers a solution by allowing users to establish their identity using only their government-issued biometric documents without needing a third-party issuer. This solution enables users to verify their humanity, assert their uniqueness, or selectively disclose passport attributes (like citizenship or legal age) using ZKPs without revealing private data to any third party. The proofs can be verified both on-chain and off-chain.
Here's how it works:
- Keypair Generation: The user generates a keypair on their device.
- Biometric Document Scan: The user scans their biometric document using the RariMe App.
- Registration: The keypair is bound to the passport by submitting a zero-knowledge proof (ZKP) of passport validity and the public key to the Registration smart contract. A hash of the passport's public key (Active Authentication Public Key) is added to a Sparse Merkle Tree (SMT) in the Registration smart contract to prevent multiple registrations with the same document. The registration process is fully trustless and decentralized, meaning no trusted third parties or centralized points of failure are involved.
By using a global tree of passport hashes shared by all users and social apps, Rarimo creates a "privacy network effect" where the system's security is enhanced with the growth of the user base. Passport issuers or other third parties may try to identify users who participate in specific social apps by executing a "dictionary" attack that consists of hashing all known passports and checking them against the Registration smart contract. The dilution of hashes in the shared Merkle tree makes it progressively more challenging to deduce a connection between specific passports and social apps. The bigger the network gets, the more plausible deniability the users get.
Confidential Social Graph
The Rarimo protocol enables the creation of confidential social graphs. These graphs consist of user actions and interactions that remain invisible to the public until the owner selectively discloses them using zero-knowledge proofs. This ensures user privacy while allowing for verifiable claims.
Examples of ZK Proofs:
- Credential and Attestation Ownership: Proving ownership of a credential or attestation at a specific time.
- Action Initiation: Proving that a particular user or group initiated certain actions.
- Group Membership: Proving that a user is a member of a specific group.
To achieve this, Rarimo provides a set of data structures for creating on-chain anchors of the social graph data, which can be used in zero-knowledge proofs. These data structures include:
- Commitments: Secure, private statements about user actions or attributes.
- Commitment Trees: Hierarchical structures that organize commitments, enabling efficient and scalable storage on-chain.
These structures allow users to maintain a private yet verifiable record of their social interactions, ensuring both privacy and authenticity.
RariMe App
The RariMe App is a mobile self-custody wallet that provides an entry point into Rarimo for end users.
Key features:
- Biometric Document Scanner: The app facilitates the scanning of biometric documents via camera and NFC.
- Private Data Vault: The app securely stores all identity and social graph data locally on the device. The data is never shared with any third party.
- Zero-Knowledge Proof Generation: The app allows users to selectively disclose aspects of their identity and social graph using zero-knowledge proofs. Social apps may request the proofs via QR codes.
Ecosystem
Building on Rarimo technology, the following ecosystem products have been created:
- Freedom Tool: A zero-knowledge-enabled tool for transparent and privacy-preserving online voting.
- Proof of Humanity: Aggregates the most popular proof of humanity solutions into a single interface, available both on and off-chain.
- Polygon ID State Replication: Enables the scaling of Polygon ID credentials to any EVM-compatible chain on demand.
- World ID State Replication: Facilitates the scaling of WorldID proofs to any EVM-compatible chain on demand.