🎉 The Pluto SDK is live! Read more →
ConceptsFAQ

Frequently Asked Questions

Table of Contents

  1. What is Pluto?
  2. What are Web Proofs?
  3. What applications can be built using Web Proofs?
  4. What are the trust assumptions that the Pluto SDK introduces?
  5. Who is building Pluto?
  6. Why are you building this?
  7. How does Pluto work?
  8. What other products will you be building?
  9. How can I get in contact with you?

What is Pluto?

Pluto is on a mission to solve the challenges of today’s internet applications using applied cryptography and Web Proofs.

The first tool we are launching is a Web Proofs SDK that helps application developers incorporate Web Proofs into their applications.

What are Web Proofs?

Web Proofs are proofs of arbitrary data served to end users by any internet server. With Web Proofs, users can prove that an internet server (like Reddit or Venmo) has provided some data (like a user’s Reddit Karma history or Venmo balance) via a TLS connection between the user and the internet server.

In other words, data that comes from Uber, Amazon, financial institutions, attested sensors, e-mails, Spotify, or any other internet server — can be verified using Web Proofs, and application developers can use this data to build new kinds of applications.

Web Proofs expand the design space of interesting applications that can be built on the modern internet and provide data sovereignty and ownership for end users.

What applications can be built using Web Proofs?

Any application that wants to make use of internet data from another web source can use Web Proofs to make a richer application experience for their users. Web Proofs can help applications bootstrap user identity and reputation on their own application using ‘borrowed’ data from other internet sources, and Web Proofs can enable more robust peer-to-peer interactions on the internet.

Some specific examples of Web Proofs-enabled applications are:

  • Marketplaces with bootstrapped identity and reputation (think ‘modern Craigslist’, but with proofs of reputation, or proofs of prior positive interactions)
  • Sybil-resistance products, like reputation products built off of previously-silo’d internet data
  • Social applications that require users to share a commonality, like being employees at a certain company, or mutual purchasers of a certain product online
  • More expressive oracles, like weather oracles, sports scores oracles, and stock market pricing oracles
  • Gray markets, like video game marketplaces and secondary ticketing marketplaces

What are the trust assumptions that the Pluto SDK introduces?

Please refer to the Trust Assumptions page in our documentation for a detailed list of trust assumptions that the first versions of the Pluto SDK will rely on.

We want to be clear that our number one objective is to create useful infrastructure for developers, and we believe that credibly-neutral and censorship-resistant infrastructure is an absolute necessity for application developers. We share our trust assumptions publicly in an attempt to demonstrate intellectual honesty and commitment to the shared values of this industry.

Who is building Pluto?

Pluto is built by a small team of engineers and operators from places like Stripe, Aztec, Y Combinator, Hubspot, and Uber. You can see more about our team on the About page of the Pluto website.

We’ve built products in crypto for the past several years, and we understand the pain points developers face when building applications that use advanced applied cryptography. We spent years getting (and staying) up-to-speed with the latest developments in the space. Now, we’re building a company to help developers build the next generation of modern applications.

We’re backed by some of the most thoughtful, experienced investors in crypto, including Geometry, Nascent, Variant, Figment Capital, and Robot Ventures.

Why are you building this?

We believe the current internet is broken, and we believe developers hold the key to the future. We are building cryptographic tools to place in the hands of developers, so that together, we can build a better internet.

Web Proofs let users retrieve their own personal data from servers and generate proofs over their own data in a more privacy-preserving, censorship-resistant way. Web Proofs are a first step towards building a better internet for end users.

You can read more about our company mission in our Introducing Pluto blog post.

How does the Web Proofs SDK work?

TL;DR - Web Proofs are proofs of data provenance, allowing end users to prove the contents of their TLS sessions. The Web Proofs SDK helps application developers incorporate Web Proofs into their applications.

More detailed explanation - a novel design space for applications is unlocked when end users can demonstrate verifiable proof of their web activity. It would be much easier to verify the authenticity of online activity if the TLS specification required servers to sign messages (albeit, with much higher overhead for servers). However, the TLS specification does not require this of servers. Therefore, a malicious client could forge encrypted and authenticated messages, claiming that the server sent those messages. Adding digital signatures to all web traffic would be an impossibly large computational overhead, but other approaches, like MPC Mode, Origo Mode, and TEE Mode can help solve this issue.

In the Origo proxy approach, a proxy party forwards traffic passing between client and server, recording the ciphertext it observes. This prevents the client from forging arbitrary ciphertext and claiming it as the server response. The client convinces the proxy of the authenticity of the server’s Certificate Authority signature, proves the correct key derivation of the client’s session keys (inside of a zero-knowledge-proof to maintain privacy), and proves the consistency of the decryption of the observer ciphertext with the claimed plaintext.

In TEE Mode, a client’s request is routed through a proxy, which runs inside a Trusted Execution Environment. This proxy observes encrypted TLS session data (reusing components from our Origo networking stack) and generates attestations based on the observed data.

In MPC Mode, powered by TLSNotary, a notary party performs multi-party computation with the client to perform standard TLS protocols, and by using multi-party computation, the notary never observes the plaintext of the client’s transcript. Instead, the notary simply attests to the contents of the TLS session.

To read more about how these approaches work, check out these in-depth technical blog posts on Origo Mode, TEE Mode, and MPC Mode.

What other products will you be building?

There are several directions within applied cryptography that we will be pursuing, including additional tooling for zero-knowledge proofs (ZKP), tooling for multi-party computation (MPC), tooling for fully homomorphic encryption (FHE), and tooling for witness encryption (WE).

We will continue to build products that abstract away difficult-to-grasp applied cryptography into useful tooling for application developers.

How can I get in contact with you?

Join our community Telegram group here.

You can also DM us on Twitter @plutolabs_.

We’re offering product/design support to early partners incorporating Web Proofs into their applications.

HistoryIntegration Overview