What is Proof-of-Personhood?

How Proof-of-Personhood is used in Web3 to protect against Sybil attacks and AI abuse.

What is Proof-of-Personhood?

As AI evolves, it becomes increasingly important to distinguish between activities performed by a human and a neural network. Proof-of-Personhood (PoP) can help solve this problem.

It is a mechanism that confirms the ‘personhood’ and uniqueness of an individual. The method has become widespread because attackers create many fake accounts to manipulate voting or award distribution.

PoP also ensures that every participant in the project receives an equal vote and share of the rewards. It is important to note that, unlike other popular consensus mechanisms like Proof-of-Work (PoW) or Proof-of-Stake (PoS), PoP does not distribute voting rights or rewards in proportion to the resources invested.

The need for Proof-of-Personhood verification systems is driven, among other things, by threats of unfair use of the dipfake technology.

Why It's Needed

Advanced AI has the potential to be an empowering tool for humans. That said, it's already causing quite a few problems.

2014: a five-month-long Sibylla attack produced by unknown people on the Tor network. Later, developers created a software tool that revealed multiple alias nodes. Bitcoin wallet address rewriting schemes, redirects to phishing sites, and a number of nodes used to investigate the possibility of de-anonymising the network were uncovered.

2024: A Reddit user won a bet by verifying himself using a generated image. The ID card was created by the AI model Stable Diffusion. Curiously, the name of the generated character was listed as ‘Your Mom’. This technology is particularly alarming for representatives of the financial sector: according to The Wall Street Journal, the number of fraud cases using AI in 2023 increased by 700% at once.

Proof-of-Personhood is designed to solve these problems.

Firstly, PoP provides natural rate limiting through account verification, which essentially eliminates the possibility of conducting a Sibylline attack on a noticeable scale.

Second, the mechanism allows for content filtering: for example, allowing only accounts that have been verified as belonging to a unique person to be viewed. This helps combat the viral spread of AI-generated misinformation.

What Are Methods of Proving Identity?

Proof of identity can be used to confirm humanity in a variety of ways. Here are some of the most popular ones:

Online Turing tests

CAPTCHas are currently trying to limit the rate of automated Sibylline attacks by using automated Turing tests to distinguish between human and machine. Despite the partial success of this method, it still does not protect against the fact that one person can get multiple accounts. It just requires solving multiple CAPTCHAs in a row.

This method has other disadvantages as well. For example, users with poor eyesight or learning disabilities may find it difficult to complete the puzzles.

Biometric verification

Specialised platforms use biometric methods to verify identity, such as facial recognition, fingerprints, palm geometry, retina or iris and signature.

Physical verification methods

Another way to verify identity is physical verification, mainly through attendance at events. In this case, attendees can receive, for example, SBTs reflecting their verified status.

Verification through social media

Another approach is based on users forming a social network to verify each other's identities.

This approach can be criticised for lacking a direct way to verify that a participant has not created fake identities by agreeing with others to verify them.

A related problem is that graph-based Civilla detection algorithms can usually only find large groups, making small attacks difficult or impossible to detect.

Time-locked wallets

Another approach to PoP verification is for users to block funds for a certain period of time in order to track their activity over time. This can serve as proof of a person's unique behaviour, adding an extra layer of verification to combat Sibylline attacks. However, this method is also not reliable.

Using zero-disclosure evidence

Zero-Knowledge Proof (ZKP) allows you to prove certain attributes about yourself, such as age or nationality, without revealing actual information. This can be implemented in a decentralised system where participants prove their uniqueness without disclosing personal information.

What PoP Projects Exist?

There are several projects working on blockchain-based identity protocols. They allow users to prove their identity without relying on centralised institutions. These protocols can be integrated with various decentralised applications to provide consistent proof of identity across the network.

In part, the recent hype around Worldcoin has drawn attention to PoPs, but the concept itself cannot be called new. In 2014, Vitalik Buterin proposed developing a ‘unique identity system’ for cryptocurrencies. It was from this idea that PoP evolved into several projects using this technology.

Among them:

  • Gitcoin Passport. The project collects ‘stamps’ from Web2 and Web3 authenticators, serving as credentials for cross-platform identity verification without divulging private information.
  • Idena. Assumes participation in a CAPTCHA game at a designated time to prevent multiple participation.
  • Proof of Humanity. The project combines trust networks with reverse Turing tests, implements dispute resolution, and creates a list of verified users.
  • BrightID. Holds ‘verification parties’ via video link for mutual verification via the Bitu system, requiring a sufficient number of verified users to vouch for a person.
  • Worldcoin Project World ID. An open, permissionless identity protocol that anonymously verifies a person's identity using zero-knowledge evidence.
  • HumanCode. A project that offers palm print identification and is available to any smartphone user. Partnered with the TON Society in April 2024.

What Are The Disadvantages of POP

  • Although PoP offers innovative ways to prove digital identity and authentication, the mechanism has certain drawbacks:
  • Privacy and data security issues. Although ZKP helps alleviate some privacy concerns, users may still be hesitant to participate in PoP verification;
  • cost and complexity. Building and maintaining a decentralised PoP system that is reliable and secure requires large investments and highly skilled engineers;
  • Criminal threats. Biometrics can provide unique identification, but there are potential risks, including theft or misuse of data;
  • authentication errors. There is a risk of false negatives or false positives, undermining the efficiency and fairness of the PoP platform.