Published on

Decentralized Proof-of-Personhood

Authors

Proof-of-personhood is based on the concept of accountable pseudonyms. The idea is to link virtual and physical identities in a real-world gathering (e.g., a party) while preserving users’ anonymity. At the party every attendee is issued one and only one proof-of-personhood token, without their needing to disclose any identifying information.

Today, proof of personhood is an unsolved problem on a global scale, making it difficult to vote online or distribute value on a large scale.The problem is even more pressing as increasingly powerful AI models will further amplify the difficulty of distinguishing humans from bots.

Proof-of-personhood system generates a roster of public keys, ensuring that each key is exclusively controlled by an individual human. In simpler terms, if you are a human, you can add one key to the list, but you are restricted from adding two keys. On the other hand, bots are entirely prohibited from adding any keys to the list.

Some Proof or Personhood projects currently in existence: Worldcoin, Proof of Humanity, Circles etc

In many proof-of-personhood projects including the projects mentioned above, the flagship application is built on UBI tokens where each user registered in the system receives some fixed quantity of tokens each day (or hour, or week).

Usecases of Proof of Personhood

  1. Airdrops Distribution
  2. Voting in DAOs
  3. Token or NFT sales
  4. Quadratic voting
  5. Protection against bots and sybil attacks in social media
  6. Alternative to captchas for preventing DoS attacks
  7. Enable the fairer distribution of limited resources

The aim to design open, democratic systems that prevent both centralized control by a project's managers and dominance by its wealthiest users is a recurrent theme in many of these situations.

Forms of Proof of Personhood

  1. Social-graph-based: Social-graph based proof of personhood is based on the concept of Vouching and Verification it relies on analyzing an individual's connections within a social network or graph to establish their authenticity as a real person. In this approach, the system examines the relationships, interactions, and patterns within the user's social connections to determine whether they are genuinely human or potentially a bot or fake account. By leveraging the complexity of a person's social network, this proof-of-personhood system aims to ensure that each individual on the platform is a unique human entity. Take for an example: If a group of verified individuals, let's say Sarah, Michael, Lily, and John, collectively affirm that another person, Jessica, is verified, then it is likely that Jessica is also a verified individual.

  2. Biometric Based: Biometric proof of personhood is a verification method that relies on unique physical and behavioral characteristics of an individual to establish their identity. Biometric data includes various attributes such as fingerprints, facial features, iris patterns, voice, gait, and even behavioral traits like typing patterns or signature dynamics. These characteristics are considered highly distinctive to each person and are difficult to forge or replicate.

Most projects use a combination of the two forms of proof of personhood.

Building Blocks For Proof of Personhood(PoP)

This section provides an overview of the essential building blocks to proof of personhood mechanism: "deduplication" to ensure a single verification per individual, "authentication" to guarantee that only the genuine owner of the proof of personhood credential can utilize it, and "recovery" procedures in situations where credentials are lost or compromised. The discussion focuses on these key elements at a high level.

  1. Deduplication: To be effective, a Proof of Personhood (PoP) must incorporate a concept of uniqueness. If the PoP can be obtained and transferred multiple times to fraudulent actors or bots, it loses its reliability and fails in its intended role. Hence, a PoP mechanism must implement deduplication among users who receive a proof of personhood credential. Achieving this is the most difficult challenge for any PoP mechanism.

  2. Authentication: Ensuring the usefulness of PoP credentials involves making them difficult to transfer to prevent fraud and protect individuals. Authentication is vital to verify the rightful owner of the PoP credential, even if wallets or phones change hands. This approach is akin to airline boarding, where both possession of a valid travel document and identity consistency are confirmed for high-integrity use cases. Minimizing personal information while tying credentials to unique individuals is crucial in identity systems.

  3. Recovery: In cases where the user loses access to their credentials or experiences credential compromise, robust recovery mechanisms become essential.

Potential Risks of Proof of Personhood

  1. Phone hacking: In the event of a phone being hacked, the hacker could steal the key that controls their World ID.

  2. Risks of manipulation: Possible fraudulent actors may exploit and utilize World IDs belonging to other individuals.

  3. Coercion by authoritarian governments to steal IDs

  4. Orb security; The Orb which is a hardware used as an Iris scanner maybe subject to potential risks on utilization as we know that no hardware systems can be 100% secure.

  5. Personal data privacy concerns: Concerns from users about the safety of their sensitive biometric data.

Lets dive deep into one of the Proof or Personhood projects; Worldcoin

What is Worldcoin

Worldcoin is a cryptocurrency project that aims to create a global digital identity system using iris scans. The Worldcoin project centers around an eye-scanning orb that requires in-person usage, enabling users to acquire a distinct digital identity for the purpose of verifying their authenticity as genuine humans rather than bots.

How does Worldcoin Work

The Worldcoin ecosystem comprises essential elements, which range from WorldID, World App, and WLD Tokens.

  1. World ID: A World ID is a unique identifier assigned to an individual, serving as proof of their identity

  2. WLD Tokens: WLD tokens are distributed to network participants.

  3. World App: Each Worldcoin user installs an app on their phone, which generates a private and public key, this App is refered to as the World App

Worldcoin's process involves users installing the World App on their phones, which generates private and public keys similar to an Ethereum wallet. To obtain a "World ID," users visit an "Orb" where their iris is scanned and verified to ensure they are a unique, real human. The system stores iris scan hashes for uniqueness. With a verified World ID, users can generate a ZK-SNARK proof, proving possession of a private key without revealing which key they hold. This unique identity enables secure interactions. Additionally, the World App provides access to other key components, including WLD tokens issued to network participants.

Closing Remarks:

In conclusion, Proof-of-Personhood (PoP) presents a compelling solution for establishing accountable pseudonyms, linking virtual and physical identities while preserving anonymity. However, the current lack of a global-scale PoP system hinders widespread online voting and value distribution. The rising power of AI models amplifies the challenge of distinguishing humans from bots, making PoP more crucial than ever. Existing PoP projects like Worldcoin, Proof of Humanity, and Circles, leverage UBI tokens for applications such as airdrops, voting, and fair resource distribution. The use of social-graph-based and biometric-based approaches enhances PoP's reliability and uniqueness. Nonetheless, deduplication, authentication, and recovery remain crucial building blocks for a successful PoP mechanism. While PoP brings numerous benefits, it also faces potential risks like privacy leaks and erosion of internet anonymity, emphasizing the need for secure and decentralized implementation.

Discuss on TwitterView on GitHub