Pliq

Pliq is a privacy-preserving rental platform that lets tenants prove their trustworthiness to landlords without revealing personal data — and protects that data against both today's threats and tomorrow's quantum computers.

Tenants verify their identity through World ID (Orb, Document, or Selfie), then generate zero-knowledge proofs of income, employment, and rental history using Noir circuits compiled to UltraPlonk. Landlords see verified credentials and a Proof of Rent (PoR) reputation score — never raw data. Rent payments flow through USDC/EURC escrow smart contracts on World Chain with optional privacy via Unlink SDK, and cross-chain bridging via Circle CCTP V2. An AI engine powered by Google ADK and Gemini models detects fraudulent listings (fake photos, price anomalies, duplicates) and matches tenants to properties by lifestyle fit.

What makes Pliq unique is its post-quantum cryptography layer: SHA-3 Merkle trees for tamper-proof rental reputation, hash-based escrow commitments that resist quantum attacks, and a designed-in hybrid key wrapping protocol (ML-KEM-768 + X25519) for long-term document protection. A tenant's identity data has a 10-30 year sensitivity lifetime — Pliq treats quantum resistance as a day-one design requirement, not an afterthought.

Pliq is built as a multi-service architecture orchestrated via Docker Compose.

Frontend: Next.js 16 with React 19, TypeScript (strict mode), Bun runtime, and CSS Modules. The React Compiler is enabled for automatic memoization. We use Biome for linting and formatting. The main web dApp and a World App Mini App (built with MiniKit SDK) share components. All NEXT_PUBLIC_* env vars are build-time only, managed through a single config.ts module.

Backend: Rust (2024 edition) with Axum for HTTP/WebSocket, Tonic for gRPC (service-to-service with the AI service), and WebRTC for peer-to-peer tenant-landlord communication. PostgreSQL stores all off-chain data (PII, listings, payment history) — on-chain we only keep World ID nullifier hashes, PoR Merkle roots, escrow balances, and lease agreement hashes. The post-quantum cryptography protocol layer lives here — 7 original components built on top of NIST-standardized library primitives (pqcrypto-kem for ML-KEM-768, pqcrypto-sign for ML-DSA-65, sha3 for SHA-3-256, x25519-dalek, ed25519-dalek, aes-gcm). We never roll our own cryptographic primitives — the innovation is in how they're composed: hybrid key wrapping that combines ML-KEM + X25519 so data is safe if either algorithm survives, dual-signature credentials (ECDSA + ML-DSA) that work on today's EVM chains and resist future quantum attacks, and a SHA-3 Merkle tree where private rent payments become leaves and the root hash proves 24 months of on-time payments without revealing amounts or landlord identities.

AI Service: Python with Google ADK (Agent Development Kit) and GenAI SDK. Gemini 3.1 Pro handles complex reasoning (fraud detection, lease clause analysis), Gemini 3 Flash handles routing and lightweight classification, and Imagen 4 Ultra does property photo forensics. The AI service communicates with the Rust backend over gRPC with synced .proto definitions. Package management is uv with lockfile-based reproducible builds.

Smart Contracts: Solidity on World Chain (mainnet) and Base Sepolia (testnet), using OpenZeppelin libraries. Core contracts: PliqRegistry (World ID registration + listing creation), RentalAgreement (escrow + hash-based conditional release), StakingManager (stake-to-list, stake-to-visit, slashing), and ReputationAccumulator (PoR Merkle root commitments + SBT minting via ERC-5192).

Partner integrations: World ID 4.0 for Sybil-resistant identity (nullifier hashes bind every on-chain action to a verified human). Unlink SDK for private deposits, transfers, and payment execution — private Unlink payments feed directly into the PoR Merkle tree, creating reputation from private payment history. Circle CCTP V2 for cross-chain USDC/EURC bridging and Circle Paymaster for gasless transactions. Self Protocol for passport NFC verification as an additional identity layer. Google ADK + World Agent Kit for an AI property search agent gated behind World ID verification.

Notable hack: The quantum-safe Proof of Rent system is entirely hash-based (SHA-3 Merkle trees + hash commitments), meaning it's quantum-resistant without needing lattice-based cryptography on-chain. Grover's algorithm only reduces SHA-3-256 to 128-bit security — still computationally infeasible. This lets us ship quantum resistance in the hackathon scope while the heavier hybrid encryption (ML-KEM + X25519 key wrapping, PQ ratcheting protocol) is designed and specced for post-hackathon phases.