Discover more from Clique’s Substack
Introducing the Clique Browser Extension: Secure Your Digital Identity in the Age of Web3
As we navigate the dynamic and constantly evolving space of Web3, our digital identities become a core part of our online interactions. Securely managing these digital identities is vital to preserving our privacy and data in the rapidly developing digital world, where personal data is the new currency.
Understanding the nature and gravity of this challenge, Clique has worked tirelessly to craft a solution. Today we’re excited to unveil the Clique Browser Extension, a sophisticated tool engineered to ensure your digital identity is secure and easy to manage, powered by Trusted-Execution Environments (TEE) and Zero-Knowledge Proofs (ZKP). The former is used to ensure data integrity and end-to-end privacy, while the latter enables customized confidentiality through selective disclosure of arbitrary statements.
Let’s dive deeper and discover the innovation behind our latest creation.
The Rationale Behind the Clique Extension
For developers, one of the enduring challenges has been obtaining data from major platforms, especially when restrictions are thrown into the mix. Consider Twitter and Steam, for example. Elon Musk’s recent decision to raise the fees on Twitter (X) API usage has made it costly. On the other hand, Steam’s official API is accessible only to game developers. Alternative solutions like the community-driven Steam Open API come with their own set of limitations.
So, why not turn to browser cookies? These data packets often carry the keys to user identification and login status. By simulating user requests in the browser, the right data can be captured and proven. Yet, without the right approach, this method can raise serious privacy concerns.
Our solution - a browser extension purpose-built with privacy at its core. No invasive measures or unwarranted data access in the spirit of the Web3 ethos. Just a seamless, privacy-preserving method to bridge the gap between users and their data.
How Clique Extension Prioritizes Privacy
In today’s digital landscape, many solutions claim to prioritize privacy, but few truly put user protection front and center. Let’s address the elephant in the room: many methods can inadvertently compromise your privacy. Some methods might even look under the hood of your online activities, potentially exposing more than they should.
This is where Clique’s approach differs and pushes innovation. Our technology's architecture is built upon the principle of trust minimization. What does that mean for you? Imagine a vault that even its creators cannot break into without a specific key. In the digital world, our system operates similarly. It's designed from the ground up in such a manner that it fully protects your privacy. So, instead of asking you to trust us, we're showcasing a system that inherently ensures your data remains confidential with no strings attached.
Here’s a snapshot of how we ensure your digital identity remains under wraps:
Encryption from the Start: The moment any private user credential is captured, it's encrypted using a public key from a TEE.
Private Key Safeguard: This encrypted information is sent straight to the TEE, which then establishes a TLS session to obtain the relevant private data. Only within the enclave, with a unique corresponding private key, can the data be decrypted. And the catch? We at Clique (or any other node operator running our binaries, effectively) can't access this key, not even when we are actively malicious.
Zero-Knowledge Proofs in TEE: Within the TEE, user data can be used for zero-knowledge proof generation, which supports the selective disclosure of a TLS transcript (range proofs, regex proofs, etc). This ensures witness (your private data) integrity and privacy at the same time. It's like providing proof of age without revealing the actual birth date. You get the essence without the specifics. These proofs can then be easily aggregated for cheaper verification. Alternatively, client-side ZKP generation in your frontend can also be supported, where the TEE only provides a cryptographic commitment of your data to make the process tamper-proofed from the beginning of the TLS session
By placing privacy preservation at the core of our browser extension, we’re ensuring that you stay in control, always.
Deep Dive into the Technical Aspects of the Clique Extension
Let’s peel back the layers of the Clique Browser Extension and see the engineering behind it.
Cryptographic Attestations: We've built the Clique system to generate cryptographic attestations. This means both you and Clique can verify each other's digital presence securely. This includes the different signatures involved in a TEE’s remote attestation process, as well as relevant ZKPs that are generated. In the future, all the remote attestations created by enclaves will be batched and made directly verifiable on-chain.
Trusted Execution Environment (TEE): Our TEE works like a vault, ensuring that every byte of your data stays under tight cryptographic security. It's all about guaranteeing confidentiality, authenticity, and system-wide integrity. Multiple system security techniques are employed to “harden” the enclaves (strengthening their security against potentially malicious hosts), as discussed below. The primary TEE model we are using at the moment is Intel SGX, but more diverse models like AMD DEV, ARM TrustZone, and even Nvidia’s H100, will be supported in the future.
Stepping up Security with ORAM and DCAP: Oblivious RAM (ORAM) ensures that even the sequence or pattern in which data is accessed remains private, preventing any snooping. On the other hand, Data Center Attestation Primitives (DCAP) offers a much more transparent and customizable standard for security configurations, without the need to rely on Intel’s painful TCB Recovery process, whenever a new side-channel attack is discovered. By harnessing these measures, we ensure an additional layer of security, locking away your data from potential threats.
Encryption and Backend Processes: Every transaction and operation is orchestrated within the enclave, from the encryption of your private credentials, to the establishment of TLS sessions to acquire your data, to the remaining computation and ZKP generation processes. This not only fortifies our security framework but also promises users a seamless and uninterrupted experience. The full execution trace can be easily verified through published TEE attestations and ZKPs.
Zero-Knowledge Proofs: As mentioned above, two modes of ZKP generation processes have been developed: server-side (within the enclave) and client-side (within user browser, where TEE is only used for generating commitments over user data). The former currently boasts a 5x+ performance increase compared to the latter. We’ve developed both schemes in Halo2 and Circom/Snarkjs, with a benchmark soon to be published. Notably, these proofs should be directly composable with similar proofs generated under an MPC context (e.g. DECO and TLS Notary). The MPC-based solutions come with particular tradeoffs concerning performance and centralization risks, but they can be very useful for specific use cases. An MPC-mode for the Clique extension will be enabled further down our roadmap.
The Sites Clique Extension Works With
The Clique Browser Extension is tailor-built to be versatile, adapting to popular platforms and websites in both Web2 and Web3, ensuring data privacy using TEEs and ZKPs that we have been discussing in this blog post.
Mainstream Platforms on Web2 and Web3: We obtain private data from platforms like Twitter (X), Binance, other Centralized Exchanges, and Steam, with more being added over time. These always happen in a privacy-preserving way.
Why Clique’s Extension Stands Out
In a saturated web filled with browser extensions, Clique's extension has been built from the ground up to preserve your privacy. But what sets us apart?
Data Retrieval Challenges Addressed: Platforms like Twitter and Steam often complicate data retrieval for developers, either due to prohibitive API costs or stringent access restrictions. Clique navigates these barriers adeptly, ensuring seamless user data access.
User-Centric Privacy: While some extensions might risk breaching user privacy during data retrieval, Clique champions a respect-driven, privacy-preserving methodology. We encrypt all private user credentials from the outset, and with all data processing occurring securely within the TEE, we prioritize your data's sanctity.
Zero-Knowledge Proofs in Action: Zero-knowledge proofs are introduced for an additional custom layer of private user data disclosure, enabling versatile checks upon the truth of particular statements.
Empowering the User: More than ensuring privacy, Clique restores control to its rightful owner: the user. With our extension, you dictate the terms of data interaction, ushering in an era of true transparency and control.
In Web3, we believe that having the right tools is important. Clique’s Browser Extension is a forward-thinking solution with the ideals of Web3 baked in. These unique benefits and principles are what sets it apart.
Experience it for yourself by downloading the Clique Browser Extension now.
We’ll be launching new platform integrations soon for you to seamlessly and confidently engage in Web3 securely while retaining your privacy and owning your own data.
Where can I download the Clique Browser Extension?
It’s available on the Google Chrome store now.
What happens when I use the extension to sign into accounts?
When you sign in, the extension fetches your authentication details, encrypts them, and stores them securely.
Does Clique keep a record of my data?
No. All processing happens in a Trusted Execution Environment (TEE), ensuring data privacy.
Why should I download the browser extension?
The browser extension is essential to obtain a user’s authentication token. For a detailed breakdown, check out this link.