Proof of personhood

Last updated

Proof of personhood (PoP) is a participation and Sybil attack resistance method for permissionless consensus, in which each unique human participant obtains one equal unit of voting power and associated rewards. In contrast with proof of work, proof of stake, and other approaches that confer voting power and rewards in a blockchain or cryptocurrency proportionately to a participant's investment in some activity or resource, proof of personhood aims to guarantee each unique human participant an equal amount of voting power and rewards, independent of economic investment.



The problem of Sybil attacks using many virtual identities has been recognized for decades as a fundamental challenge for distributed systems that expect each human user to have only one account or identity. [1] CAPTCHAs attempt to rate-limit automated Sybil attacks by using automated Turing tests to distinguish humans from machines creating accounts or requesting services. Even when successful in this goal, however, CAPTCHAs allow one human to obtain multiple accounts or shares of a resource simply by solving multiple CAPTCHAs in succession, and thus do not satisfy the one-per-person goal in proof of personhood.

Distributed systems could require users to authenticate using strong identities verified by a government or trusted third party, using an identity verification service or self-sovereign identity system for example, but strong identification requirements conflict with the privacy, anonymity, and low barrier to entry goals widely valued in permissionless blockchains and cryptocurrencies. One early approach proposed to create anonymous but one-per-person credentials for use in distributed systems is pseudonym parties, in which participants gather periodically at in-person events and leverage the fact that humans can physically be in only one place at a time. [2]

Vitalik Buterin proposed in 2014 the problem of creating a "unique identity system" for cryptocurrencies, which would give each human user one and only one anti-Sybil participation token. [3] The first published work using the term proof of personhood was in 2017, proposing an approach based on pseudonym parties. [4]

Approaches to proof of personhood

A variety of approaches to implementing proof of personhood have been proposed, some in experimental deployment. [5]

In-person events

The approach originally proposed by Borge et al. was to use in-person pseudonym parties as a basis to create anonymous one-per-person tokens periodically without requiring any form of identity verification. [2] [4] The encointer project adapts this approach by asking participants to meet in small groups simultaneously at randomly-chosen places, to verify each other's physical presence. [6]

One drawback of this approach is the inconvenience to participants of going to designated physical locations at specific times, especially for participants with conflicting responsibilities at those times. Another issue is the challenge of organizing federated pseudonym parties in multiple locations simultaneously while allowing each group to verify that all other groups are organized honestly without inflating the number of digital credentials they issue.

Social networks

Another approach, related to the PGP Web of Trust, relies on users forming a social network to verify and attest to each other's identities. [7] BrightID takes this social trust approach, relying on graph analysis to detect Sybil attacks, and requiring users to stake some of their health when connecting to unverified users. [8] UniqueID incorporates biometric verification into the social network approach. [9]

One criticism of the social network approach is that there is no straightforward way for a participant to verify that a social connection has not created other Sybil identities connected to and verified by other, disjoint sets of social contacts. A related challenge is that Sybil detection based on graph analysis make certain assumptions about the behavior of a Sybil attacker, and it is not clear that real-world social networks satisfy these assumptions. [10] Finally, graph-based Sybil detection algorithms tend to be able to detect only large, densely-clustered groups of Sybil nodes in a social network, leaving small-scale attacks difficult or impossible to distinguish by graph structure alone from legitimate users' connectivity structures.

Strong identities

Another approach requires participants to have verified identities, but to hide or anonymize those identities in subsequent use. The GoodDollar project is an example of this approach, using an identity verification service with facial recognition to keep biometric templates of each registered user in a database and verify that users do not register multiple times. [11] One criticism of this approach is the privacy and surveillance risks inherent in such databases, especially biometric databases, and the level of trust users must place in the verification service for both Sybil protection and privacy of their identity information.

Decentralized cryptographic protocols have been proposed to create Sybil-resistant pseudonyms from strong identities without trusting a single verifier party. For example, cryptographic protocols have been proposed to create pseudonymous one-per-person identities based on federated social media identities, [12] or government-issued identities. [13]

Even with decentralized privacy protections, a criticism of this approach is the inconvenience and cost to users of verifying strong identities, and the risk of potential exclusion of users who do not readily have or cannot afford the requisite identity documents, are reluctant to participate due to privacy and surveillance concerns, or are wrongly excluded by errors in biometric tests. [14]

Online Turing tests

Another proposed class of approach extends the CAPTCHA principle of using Turing tests to the unique human verification problem. The Idena network, for example, assigns participants to verify each other using flip tests. [15] Pseudonym Pairs assigns participants in pairs to verify each other's humanness by interacting via video chat. [16] Criticisms of this approach include the inconvenience to users of solving Turing tests, and whether artificial intelligence and deepfake technologies will soon be able to solve such tests automatically or convince real participants that a synthetic user is human during a verification interaction.

Use cases for proof of personhood

One proposed use for proof of personhood is to ensure that voting power in permissionless consensus algorithms is widely distributed, [4] and to avoid the re-centralization that has been observed in proof of work mining pools, [17] and predicted in proof of stake systems. [18]

Another proposed use is to facilitate democratic governance in decentralized online systems, including blockchains and cryptocurrencies, that wish to enforce a "one person, one vote" rule. [19]

A third commonly-proposed use is to create cryptocurrencies that effectively provide a universal basic income, for example by minting a fixed amount of new currency for each human participant in a given time period. This is a primary goal of GoodDollar and Circles, for example. [11] [20]

Related Research Articles

Proof of work (PoW) is a form of cryptographic zero-knowledge proof in which one party proves to others that a certain amount of a specific computational effort has been expended. Verifiers can subsequently confirm this expenditure with minimal effort on their part. The concept was invented by Cynthia Dwork and Moni Naor in 1993 as a way to deter denial-of-service attacks and other service abuses such as spam on a network by requiring some work from a service requester, usually meaning processing time by a computer. The term "proof of work" was first coined and formalized in a 1999 paper by Markus Jakobsson and Ari Juels. Proof of work was later popularized by Bitcoin as a foundation for consensus in permissionless blockchains and cryptocurrencies, in which miners compete to append blocks and mint new currency, each miner experiencing a success probability proportional to their computational effort expended. PoW and PoS are the two best known Sybil deterrence mechanisms. In the context of cryptocurrencies they are the most common mechanisms.

Zookos triangle

Zooko's triangle is a trilemma of three properties that are generally considered desirable for names of participants in a network protocol:

A fundamental problem in distributed computing and multi-agent systems is to achieve overall system reliability in the presence of a number of faulty processes. This often requires coordinating processes to reach consensus, or agree on some data value that is needed during computation. Example applications of consensus include agreeing on what transactions to commit to a database in which order, state machine replication, and atomic broadcasts. Real-world applications often requiring consensus include cloud computing, clock synchronization, PageRank, opinion formation, smart power grids, state estimation, control of UAVs, load balancing, blockchain, and others.

In a Sybil attack, the attacker subverts the reputation system of a network service by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder. The name was suggested in or before 2002 by Brian Zill at Microsoft Research. The term pseudospoofing had previously been coined by L. Detweiler on the Cypherpunks mailing list and used in the literature on peer-to-peer systems for the same class of attacks prior to 2002, but this term did not gain as much influence as "Sybil attack". Sybil attacks are also called sock puppetry.

Cryptocurrency Encrypted medium of digital exchange

A cryptocurrency, crypto-currency, or crypto is a digital asset designed to work as a medium of exchange wherein individual coin ownership records are stored in a ledger existing in a form of a computerized database using strong cryptography to secure transaction records, to control the creation of additional coins, and to verify the transfer of coin ownership. Cryptocurrency does not exist in physical form and is typically not issued by a central authority. Cryptocurrencies typically use decentralized control as opposed to a central bank digital currency (CBDC). When a cryptocurrency is minted or created prior to issuance or issued by a single issuer, it is generally considered centralized. When implemented with decentralized control, each cryptocurrency works through distributed ledger technology, typically a blockchain, that serves as a public financial transaction database.

Zerocoin is a privacy protocol proposed in 2013 by Johns Hopkins University professor Matthew D. Green and his graduate students, Ian Miers and Christina Garman. It was designed as an extension to the Bitcoin protocol that would improve Bitcoin transactions' anonymity by having coin-mixing capabilities natively built into the protocol. Zerocoin is not currently compatible with Bitcoin.

Ethereum Open-source blockchain computing platform

Ethereum is a decentralized, open-source blockchain with smart contract functionality. Ether is the native cryptocurrency of the platform. After Bitcoin, it is the largest cryptocurrency by market capitalization. Ethereum is the most actively used blockchain.

A decentralized autonomous organization (DAO), sometimes called a decentralized autonomous corporation (DAC), is an organization represented by rules encoded as a computer program that is transparent, controlled by the organization members and not influenced by a central government. A DAO's financial transaction record and program rules are maintained on a blockchain. The precise legal status of this type of business organization is unclear.

Blockchain Distributed data store for digital transactions

A blockchain is a growing list of records, called blocks, that are linked together using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data. The timestamp proves that the transaction data existed when the block was published in order to get into its hash. As blocks each contain information about the block previous to it, they form a chain, with each additional block reinforcing the ones before it. Therefore, blockchains are resistant to modification of their data because once recorded, the data in any given block cannot be altered retroactively without altering all subsequent blocks.

Firo (cryptocurrency) Cryptocurrency

Firo, formerly known as Zcoin, is a cryptocurrency aimed at using cryptography to provide better privacy for its users compared to other cryptocurrencies such as Bitcoin.

Cardano is a public blockchain platform. It is open-source and decentralized, with consensus achieved using proof of stake. It can facilitate peer-to-peer transactions with its internal cryptocurrency, Ada.

Verge (cryptocurrency) Cryptocurrency

Verge Currency is a decentralized open-source cryptocurrency which offers various levels of private transactions. It does this by obfuscating the IP addresses of users with Tor and by leveraging stealth transactions making it difficult to determine the geolocation of its users.

NEO (cryptocurrency) Cryptocurrency

Neo is an open-source decentralized blockchain decentralized application platform founded in 2014 by Da HongFei and Erik Zhang. Since its rebranding to Neo from Antshares in 2017, the project's vision is to realize a "smart economy" by utilizing blockchain technology and smart contracts to issue and manage digitized assets.

A blockchain is a shared database that records transactions between two parties in an immutable ledger. Blockchains document and confirm pseudonymous ownership of all existing coins within a cryptocurrency ecosystem at any given time through cryptography. After a transaction is validated and cryptographically verified by other participants or nodes in the network, it is made into a "block" on the blockchain. A block contains information about the time the transaction occurred, previous transactions, and details about the transaction. Once recorded as a block, transactions are ordered chronologically and cannot be altered. This technology rose to popularity after the creation of Bitcoin, the first application of blockchain technology, which has since catalyzed other cryptocurrencies and applications.

Nano (NANO), formerly RaiBlocks (XRB), is a peer-to-peer digital currency. It is a decentralized, open-source cryptocurrency based on directed acyclic graph (DAG) architecture, and released under the FreeBSD License. It operates without intermediaries by using a distributed ledger with a block-lattice data structure.

Diem is a permissioned blockchain-based payment system proposed by the American social media company Facebook, Inc. The plan also includes a private currency implemented as a cryptocurrency.

Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT/PEPP) is a full-stack open protocol designed to facilitate digital contact tracing of infected participants. The protocol was developed in the context of the ongoing COVID-19 pandemic. The protocol, like the competing Decentralized Privacy-Preserving Proximity Tracing (DP-3T) protocol, makes use of Bluetooth LE to discover and locally log clients near a user. However, unlike DP-3T, it uses a centralized reporting server to process contact logs and individually notify clients of potential contact with an infected patient. It has been argued that this approaches compromises privacy, but has the benefit of human-in-the-loop checks and health authority verification. While users are not expected to register with their real name, the back-end server processes pseudonymous personal data that would eventually be capable of being reidentified. It has also been put forward that the distinction between centralized/decentralized systems is mostly technical and PEPP-PT is equally able to preserve privacy.

Self-sovereign identity

Self-sovereign identity (SSI) is an approach to digital identity that gives individuals control of their digital identities.

The decentralized web is an abstract concept sought by several researchers. The idea proposes the reorganization of the Internet in order to remove centralized data hosting services, using instead a peer-to-peer infrastructure. Interest in the decentralized web arose due to the lack of trust in network maintenance organizations, due to scandals involving widespread espionage and content control.

Algorand is a blockchain-based cryptocurrency platform that aims to be secure, scalable, and decentralized. The Algorand platform supports smart contract functionality, and its consensus algorithm is based on proof-of-stake principles and a Byzantine Agreement protocol. Algorand's native cryptocurrency is called Algo.


  1. Douceur, John R (2002). "The Sybil Attack". Peer-to-Peer Systems. Lecture Notes in Computer Science. 2429. pp.  251–60. doi:10.1007/3-540-45748-8_24. ISBN   978-3-540-44179-3.
  2. 1 2 Ford, Bryan; Strauss, Jacob (1 April 2008). An Offline Foundation for Online Accountable Pseudonyms. 1st Workshop on Social Network Systems - SocialNets '08. pp. 31–6. doi:10.1145/1435497.1435503. ISBN   978-1-60558-124-8.
  3. Buterin, Vitalik (25 Aug 2014). "Problems".
  4. 1 2 3 Maria Borge, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Bryan Ford (29 April 2017). Proof-of-Personhood: Redemocratizing Permissionless Cryptocurrencies. IEEE Security & Privacy on the Blockchain (IEEE S&B). doi:10.1109/EuroSPW.2017.46.CS1 maint: uses authors parameter (link)
  5. Divya Siddarth, Sergey Ivliev, Santiago Siri, Paula Berman (13 Oct 2020). "Who Watches the Watchmen? A Review of Subjective Approaches for Sybil-resistance in Proof of Personhood Protocols". arXiv: 2008.05300 [cs.CR].CS1 maint: uses authors parameter (link)
  6. Brenzikofer, Alain (14 January 2020). "encointer - An Ecological, Egalitarian and Private Cryptocurrency and Self-Sovereign Identity System" (PDF).
  7. Gal Shahaf, Ehud Shapiro, Nimrod Talmon (October 2020). Genuine Personal Identifiers and Mutual Sureties for Sybil-Resilient Community Growth. International Conference on Social Informatics. doi:10.1007/978-3-030-60975-7_24.CS1 maint: uses authors parameter (link)
  8. BrightID (17 October 2020). "Universal Proof of Uniqueness".
  9. Mohammad-Javad Hajialikhani, Mohammad-Mahdi Jahanara (20 June 2018). "UniqueID: Decentralized Proof-of-Unique-Human". arXiv: 1806.07583 .Unknown parameter |url= ignored (help)CS1 maint: uses authors parameter (link)
  10. Bimal Viswanath, Ansley Post, Krishna Phani Gummadi, and Alan E Mislove (August 2010). "An analysis of social network-based Sybil defenses". ACM SIGCOMM Computer Communication Review. 40 (4): 363–374. doi:10.1145/1851275.1851226.CS1 maint: uses authors parameter (link)
  11. 1 2 Yoni Assia, Tomer Bariach, Tal Oron, Anna Stone. "GoodDollar: A Distributed Basic Income" . Retrieved 28 October 2020.CS1 maint: uses authors parameter (link)
  12. John Maheswaran, Daniel Jackowitz, Ennan Zhai, David Isaac Wolinsky, and Bryan Ford (9 March 2016). Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities (PDF). 6th ACM Conference on Data and Application Security and Privacy (CODASPY).CS1 maint: uses authors parameter (link)
  13. Deepak Maram, Harjasleen Malvai, Fan Zhang, Nerla Jean-Louis, Alexander Frolov, Tyler Kell, Tyrone Lobban, Christine Moy, Ari Juels, Andrew Miller (28 Sep 2020). "CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability" (PDF).CS1 maint: uses authors parameter (link)
  14. Dixon, Pam (14 June 2017). "A Failure to "Do No Harm" -- India's Aadhaar biometric ID program and its inability to protect privacy in relation to measures in Europe and the U.S." Health and Technology. 7 (4): 539–567. doi: 10.1007/s12553-017-0202-6 . PMC   5741784 . PMID   29308348. S2CID   8874699.
  15. Idena. "How Idena works" . Retrieved 28 October 2020.
  16. Johan, Nygren (22 November 2018). "Pseudonym Pairs: A foundation for proof-of-personhood in the web 3.0 jurisdiction".
  17. Vorick, David (13 May 2018). "The State of Cryptocurrency Mining".
  18. Giulia Fanti, Leonid Kogan, Sewoong Oh, Kathleen Ruan, Pramod Viswanath, and Gerui Wang (18 February 2019). Compounding of Wealth in Proof-of-Stake Cryptocurrencies (PDF). Financial Cryptography 2019.CS1 maint: uses authors parameter (link)
  19. Ford, Bryan (December 2020). "Technologizing Democracy or Democratizing Technology? A Layered-Architecture Perspective on Potentials and Challenges". In Lucy Bernholz; Hélène Landemore; Rob Reich (eds.). Digital Technology and Democratic Theory. University of Chicago Press. ISBN   9780226748573.
  20. "Circles Money System Overview" . Retrieved 28 October 2020.