Proof of Personhood Approaches

Almost all people are strong proponents of a fair and democratic system. But how do we actually guarantee each unique human participant an equal amount of voting power and rewards regardless of economic investment?

Unlike Proof of Work (PoW), Proof of Stake (PoS), and other approaches that confer voting power and rewards in a blockchain or cryptocurrency proportionally to a participant's investment in some activity or resource, Proof of Personhood (PoP) is a permissionless consensus participation and Sybil attack resistance mechanism in which each unique human participant receives one equal unit of voting power and accompanying rewards.

PoP mechanisms

Mechanism #1 - Identity Verification (KYC)

This is the most common method of identity verification, and commonly used documents include ID cards and bank statements. Identity proxies, such as verifying a telephone number, credit card, or IP address, have been used to achieve modest Sybil attack resilience. The problem with this approach is that it is often easy to obtain numerous such identity proxies at a cost – or even many at a low cost – using techniques such as SMS spoofing or IP address spoofing.

The use of such identity proxies may also exclude those who do not have ready access to the required identity proxy, such as those who do not have their own mobile phone or credit card, or users who are located behind carrier-grade network address translation and share their IP addresses with many others. Identity-based validation solutions often provide accountability at the expense of anonymity, which can be an unappealing compromise, particularly in online forums that want to allow censorship-free information flow and open discussion of sensitive themes. A validation authority can try to protect users' anonymity by refusing to execute reverse lookups, but this makes the validation authority a good target for attack. Protocols that use threshold cryptography may be able to share the role of such a validation authority among numerous servers, ensuring users' anonymity even if one or a small number of validation servers are compromised.

Mechanism #2 - Social trust

Similar to Web of Trust first put forth by PGP creator Phil Zimmermann in 1992, is to have users join a social network to verify and attest to each other's identities. BrightID provides a social trust strategy, focusing on graph analysis to detect Sybil assaults when connecting to unverified individuals. One complaint leveled against the social network technique is that there is no easy way for a participant to confirm that a social connection has not produced other Sybil identities that are connected to and validated by other, discontinuous sets of social connections. A related issue is that Sybil detection based on graph analysis makes certain assumptions about a Sybil attacker's behavior, and it is unclear whether real-world social networks satisfy these assumptions. Finally, graph-based Sybil detection techniques often detect only large, tightly packed groups of Sybil nodes in a social network, making small-scale attacks difficult or impossible to distinguish from legitimate users' connectedness structures based solely on graph structure. These measures cannot completely avoid Sybil attacks and may leave you vulnerable to widespread small-scale Sybil attacks. Furthermore, it is unclear if real-world online social networks will meet the trust or connectedness assumptions made by these algorithms.

Ethereum-based accounts might give an implicit web of trust model because an address's network of transactions is public by default, which implies that studying the transactions of a private blockchain-based account could expose its owner's legal identity. In this approach, a subject's privacy remains a function of their network. As a result, in order to maintain contextual flexibility between public and private data in identification regimes, it may be culturally significant to view web of trust solutions as providing individual identities embedded within networks, rather than global identities by default.

Another approach is to use pseudonym parties (in-person or virtual) as a foundation for creating anonymous one-per-person tokens on a regular basis without requiring any type of identity verification. One disadvantage of this strategy is that it requires participants to travel to specific physical locations at specific times or be online at a specific time. This synchronous method makes it inconvenient for individuals who have competing duties at those times. Another obstacle is forming federated pseudonym parties in many locations at the same time while allowing each group to check that all other groups are legitimately organized without exaggerating the number of digital credentials issued.

Mechanism #3 - Turing tests

In 1950, Alan Turing developed the famous "Turing Test". It measures a computer's ability to exhibit human-like behavior. This technique applies the CAPTCHA principle, an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart". Idena network assigns players to perform flip tests on each other. This PoP approach might seem legitimate, still, what is stopping users from outsourcing these tasks to cheap labor sites like Mechanical Turk? There are also services like: deathbycaptcha.com and anti-captcha.com that allow bots to bypass the challenge–responses tests by using proxy humans to complete them.

Mechanism #4 - Biometric modalities

Biometric authentication entails validating persons based on physiognomic and behavioral characteristics such as face, fingerprints, palmprints, iris, tongue shape, and so on. Biometric systems such as Humanode have the potential to outperform other types of authentication methods due to the fact that biometric traits cannot be lost or forgotten. Biometrics are thus fundamentally more dependable than password-based authentication. Furthermore, biometric qualities are exceedingly difficult to replicate, fake, exchange, and distribute, and a user is unlikely to dispute having accessed a specific piece of content. Thus, biometric authentication can be employed instead of password authentication to help cryptosystems encrypt and decode messages using biometric key templates. The advantage of employing biometrics is that it allows individuals to enroll without the need for official identification documents. This protocol scheme can be utilized in a variety of contexts, including data security for large organizations, access to basic services for over one billion people who lack official identifying documents, and personal identity control for all individuals.

In general, the process of identifying a person using biometric templates is divided into two stages:

1. The biometric templates are processed and saved in the database during the enrollment phase. There will be an initial comparison against the DB of all users who already enrolled.

2. During the verification phase, a new biometric template (referred to as the query template) is taken from the user who wishes to be recognized and compared to the previously stored data (reference template). If the comparison is successful, the user's identification is accepted; otherwise, her identification is refused.

Every User Authentication requires two pieces of data: Face Data (for matching) and Liveness Data (to prove the Face Data was collected from a live person). Liveness Data must be timestamped, valid for a certain time, and then removed. Only Face Data should be saved at any time. For each authentication attempt, new Liveness Data must be acquired. Face Data should be encrypted and stored separately from the associated Liveness Data to avoid creating a honeypot risk.

The state of PoP protocols today

Humanode BrightID Idena Proof of Humanity
Blockchain Substrate-based (Polkadot) Gnosis, IDChain Idena Ethereum
Participants 3000+ 30000+ 15000+ 14000+
Status testnet mainnet mainnet mainnet
Sybil resistance mechanism liveness detection graph-analysis-based, social relations of humans via connection parties flip-tests (CAPTCHAs) video including speech and an Ethereum address + get vouched

Shout out to projects like Gitcoin and The Convo Space for aggregating and integrating PoP Protocols into a user friendly dashboard for better discovery.

Sybil-resistant Identities: Other matters to consider

Can we employ these techniques, either independently or together, and possibly in conjunction with crypto economic protocols and sacrifices as a fallback, to establish a very equitable anti-Sybil system? Every system can be cracked at some cost; nonetheless, we want it to be far more efficient for individuals to receive one anti-Sybil token "the right way" rather than purchasing one on the grey/black market.

While tools for confirming human existence are continually advancing, another question is whether the individual prefers to be identified or remain anonymous. The choice to be known is no longer binary, for example in the digital realm, we might be known in certain societies and unknown in others, whereas meatspace requires you to be attached to a central identity.

Another thing to ponder is the concept of self. "Who am I?" It doesn't make sense in a world or metaverse where there is no singular "I." Migration to an abundance economy necessitates a migration to an abundance of selves. Instead, the issue becomes, "What will we create?" A shift in thinking toward continuous emergence. Perhaps companies and individuals adopt not just one, but a multimodal PoP approach. These PoP mechanisms coupled with zero-knowledge proofs can open up a wider space for identity design, ranging from deterministic to probabilistic. In dynamic and ever-changing environments, could a short-lived proof that requires continuous attestation be feasible instead?

References: