Plaintext Authentication

When the client talks to the server, they will do so using TLS. This means that the HTTP messages sent between the two parties are encrypted using (in our case) ChaCha20.

To assure that a Web Proof is valid, the client receiving the data from the server must not be able to edit the underlying data that the proof is supposed to represent.

For example, a client may want to forge incorrect data about the data sent back to them from the server (e.g., if interacting with Venmo, the client may want to prove they have a balance of $1,000 USD when they actually have $0 USD). We have created a version of ChaCha20 as a ZK circuit that allows us to provably decrypt the response from the server (as well as the request to the server), then use this provably decrypted plaintext in the rest of the circuits later on.

The server sends back encrypted data which, when decrypted, gives us the unmodified and correct plaintext.

Onchain Verifier Contracts HTTP Verification