MALPIE

"MALPIE" is an innovative application designed to reward users with cashback or loyalty points in exchange for securely verified and voluntarily shared data with participating shops.

Comment

Inspiration

Our inspiration for Malpie arose from the absence of a viable alternative to the conventional cashback system that can "ensure service providers about the legitimacy of the data they receive" and "enable the security of user's sensitive data." Recognizing the critical need for a solution that seamlessly integrates both, we developed a platform that utilizes zero-knowledge-proof technology. This innovative approach allows companies to access relevant and verified user data, all with the user's explicit and informed consent, ensuring a new level of data security and user empowerment in the cashback landscape.

What it does

Malpie is an innovative application that revolutionizes the traditional cashback system. It lets users earn cashback or loyalty points by securely and voluntarily sharing verified data with partner shops. This data exchange occurs cryptographically securely, ensuring user privacy while providing tangible benefits.

How we built it

Loyalty app

Malpie is user-centric; as such, the core of it is the Client Loyalty Application.

Since we didn't have the mobile app development experience, we decided to build the Loyalty app as a web application for the hackathon. We also tested it as a PWA to see how it feels as a standalone mobile app.

The Loyalty App is based on PolygonID's JS SDK and Ethers.js library. The web app is developed using the Nuxtjs framework.

The PolygonID JS SDK is used for:

  1. creating accounts,
  2. storing credentials,
  3. generating proof of knowledge.

The Etherjs connects the Wallet to the shops over the blockchain.

Server

Every company has a server app that runs its operations. We created a simple server API for the hackathon that potential shops could have. Our demo server API is written in the Typescript programming language. It uses expressjsand PolygonID JS-SDK libraries. The Shops will have only two endpoints.

  • GET /announce-loyalty-points/:loyaltyPoints/:user/:credentialId/:receiptId – is used to imitate the user's shop ordering.
  • POST /receive-user-data – that receives the user's private data and checks its validity using PolygonID.

Smartcontract

All interaction between Loyalty App and Shop goes through the blockchain.

Why smartcontracts?

We also considered a Malpie service the middleman between users and the shops. But to make the data transfer transparent, smart contracts are ideal approaches for private middleware.

Another variant we considered was linking Loyalty App directly to the Shops by avoiding the middleman in any form. But after carefully researching, consideration, and tradeoffs, we decided that it's the best way to have smart contracts. Our two primary points when choosing the stacks are the answers to the questions: Is it user-centric, or does it increase transparency? Is it the easy solution for the mass adaptation?

In a direct connection between the client and server, the tracking of loyalty points will be the responsibility of the shops, which means trust from the users to the servers. So, it needed to increase the transparency. It also adds complexity to the shop backends; after all, it will require an additional database for tracking Loyalty Points and its exchange for user data, which is harmful to mass adoption.

Using public blockchains and smartcontracts is the ideal solution that makes the loyalty points owned by the users and reduces the server complexity.

Additionally, in the future, we have second parties that provide the data verifications (Credentials Issuers). The blockchain is the common ground where the issuer, user, and shops interact. So, shops can also verify how the credentials are issued. But it's the future work that we are excited to work on.

Loyalty.sol

The Loyalty.sol is the main smartcontract. The functionality of the smartcontract can be categorized into:

  • Credentials – What kind of data are the shops asking for? For example, age, age with gender, or annual income. The credential types are limited by the Malpie in partnership with the Credential Issuers.
  • Shops – allowing the shop and registering its backend.
  • Oracle – a functionality that allows smartcontracts to hook servers.
  • JsSource – is a utility smartcontract that sets the hook type for the Oracle.

Within the Loyalty.sol itself, we track the LoyaltyPoints that each user has.

We should have included the spending and cashback tracking in the demo, as it's a trivial task.

Order flow

All Loyalty Point giving is a multi-stage process always initiated by the shops.

The shops are initiating the process by calling Loyalty.announceLoyaltyPoints method.

The Loyalty app constantly tracks the announcements. Users have the option to either accept the request or reject it.

Accepting the request generates a zero-knowledge proof of the credential_id. Then pass it to Loyalty.submitPersonalData. The rejecting the request calls the Loyalty.rejectExchange.

Chainlink Functions

There are two ways to transfer user data from the smartcontract to the shops.

  • Either shop is subscribing to the events and reading them by themselves. This approach is cheaper, as we don't have to pay the Oracle fees. The primary disadvantage of this approach is that the shops need to be secured against malicious submissions. What if the user sends the wrong data and smartcontract unlocks the Loyalty points?

  • Letting the smartcontract send the user's data.

The first approach is cheaper, as it doesn't have to pay the Chainlink function fee. We want to give the user the loyalty points only if the data they provide is correct. Therefore, we took the second approach. The second approach sends the submitted data to the shop's backend using Chainlink Functions.

If the shop verifies the data, we unlock the Loyalty Points to the user.

What happens if the shop is dishonest and says that data is invalid? Verifying proof is valid using the other shops or Credential Issuers is easier. With additional effort, users can prove that their data is accurate (confirmed); thus if the shops choose to be dishonest, we will have the right to fine them.

Security

Even the zero-knowledge proof generated from the user's data is valued data worth a company some cashback/loyalty points. To hide the valued data from others, we encrypt the data using the shop's public key. The data can be seen only by the companies that requested it in exchange for some Loyalty points. And despite using the blockchain smartcontracts, the data is unknown to anyone other than the shops that have sent the request.

We use an ECIES-based encryption system provided by the crypto library to encrypt. The Loyalty App encrypts the submitted data while the shop backend decrypts it.

Challenges we ran into

Throughout this project, we were deeply passionate and committed to the idea behind Malpie. We poured our energy and enthusiasm into every aspect of the work. Interestingly, the entire process felt exhilarating, and reflecting, it's challenging to pinpoint any significant difficulties. Any surfaced challenges seemed inherently solvable, leaving no lasting memory of specific hurdles. Instead, our focus remained steadfast on the dream that this project will ultimately bring satisfaction to people engaging with various shops through our platform.

Accomplishments that we're proud of

This demo for the hackathon is just the tip of the iceberg. We spent much time researching and planning for the following milestones yet to be presented in the demo. We are proud of setting the demo as the foundation for the scalable solution.

What we learned

It was like the revelation that Blockchain, combined with the zero-knowledge proofs, can genuinely change how people interact online.

What's next for MALPIE

The future roadmap for Malpie holds significant promise due to several key factors: Streamlining User Interaction: Malpie presents the potential to revolutionize the traditional sign-up and registration processes across various platforms. By centralizing data into a single wallet address, users enjoy a hassle-free experience, eliminating repetitive sign-ups at different shops. This simplifies user engagement and incentivizes data sharing by ensuring it remains securely stored on their device, enhancing user trust and participation.

Expanding Blockchain Adoption: The platform stands poised to contribute significantly to the broader adoption of blockchain-based payment systems. Its seamless integration and user-centric design encourage wider acceptance and usage, fostering a new wave of blockchain technology adoption among the masses.

Empowering Service Providers: Malpie unlocks the potential for service providers to access highly sophisticated yet inaccessible user data without compromising individuals' privacy. With Malpie's innovative approach, service providers can securely access verified data, including sensitive information like bank statements or salary details. This data, verified through blockchain and zero-knowledge-proof technology, remains confidential yet accessible, revolutionizing the landscape of cashback and data-sharing systems.

To achieve the above potential, there are many things to work on. However, the priorities are:

  1. Improve the high throughput of user data submitted via the oracles. We have several ideas in mind. But first, we need to research them to pick the right one.
  2. A Mobile Wallet
  3. Abstract Wallet to pay for the users. Currently, the backend funds the users. But we want to use the abstract wallets to pay the transaction fees for Malpie smartcontracts.
  4. SDK for the shops.
  5. Register a company

Built With

Share this project:

Updates