Draft open problem statement: Proof of Personhood

[miyazono]

Proof of Personhood

Building trustless protocols with incentives has so far required disincentivizing the creation of Sybil identities. For example, in cryptocurrencies based on Proof-of-Work, you only have a finite amount of resources and it does not behoove you to split across multiple identities. However, These protocols could be simplified with an external prevention of Sybil identities. In addition, there are specific applications in which the desired incentive structure cannot solve the intended problem if they are modified to resist Sybil identities. While these problems may seem impossible to solve in a trustless, distributed manner, I argue that the introduction of a Proof of Personhood as a cryptographic primitive would drastically simplify the solutions of these problems.

Examples of interesting problems include

• A Universal Basic Income token, in which every unique individual who registers receives some amount of tokens.
• A secure and anonymous method of tracking unique visitors or users
• Electronic Voting

Solution constraints

• Security: It should be (cryptographically) difficult for one individual to generate two proofs that register as different individuals
• Privacy: It should be (cryptographically) difficult to recognizable an individual from any publicly broadcasted proof

Ideally it would be nice to have

• Anonymity: It should be difficult to recognize two publicly broadcasted proofs to belong to the same individual
• Proofs are succinct and easily provable (linear in space and time).

Note that it likely isn't necessary that it should be (cryptographically) difficult to forge a proof of a known individual, since a Proof of Personhood could probably be combined with a cryptographic signature.

[miyazono]

https://zerobyte.io/publications/2017-BKJGGF-pop.pdf is a great start, but we should clarify and highlight our long-term hopes
@nicola, I'd love your thoughts

[ark1]

Universal Self Sovereign Identification.
Solve that and you solve all the Identity problems.

[Stebalien]

Not really, a single person can have multiple identities. The idea here is to solve the Sybil problem (single person pretending to be multiple people).

[ark1]

Every living person has a social/bio graph kinda of like a unique merkle forest, this forest can only be occupied by one human at a time. The Sybil problem requires that you continue to input data until the system is satisfied that you are real only then would it issue an ID. Some game theory, human behaviour elements would be required to ensure that it is way too difficult to create and maintain a fake ID.
The operative word in my previous comment was "Universal" as so called self sovereign identity solution are everywhere. Universal requires thinking on a much wider scale. I'm currently working on USSI solution. We've solved the "Sybil" "Identical Twins" and "Alien Landing" problems now just need to see what technologies can be used to build.

[miyazono]

I think what you're proposing could close a lot of the distance toward solving some identity problems. However, I think there are some substantial problems yet to solve, embedded in statements like "just need to see what technologies can be used" and "Some game theory, human behavior elements," which trivialize what I think are real research and engineering problems that have yet to be solved.

Part of why I think the Sybil problem is highly nontrivial, even with human behavior elements, is that there are few if any tasks or interactions that one couldn't fake with a reasonable amount of computation power, including spoofing location data, interacting with friends (build a network of Sybil friends), and performing most if not all casual interactions online. I guess it's also worth noting that I wouldn't consider this problem "solved" if the proposed solution required everyone to spend all day responding to captchas.

I also realize an detail that I hadn't added to the problem statement is that the solution should be decentralized. It's important to me (and to Protocol Labs) that a single individual, company, or government should not be be the arbiter of who does or does not count as an individual.

Anyway, thanks for prompting some quality clarifications on the problem statement. Do you have more information on how you plan to implement your identity solution?

[ark1]

Apologies if it seemed like a trivial responses however Github Issues isn't really the place to give an in depth explanation, especially when you consider the enormity of scope. What I was trying to convey is that there is a need for a non engineering understanding of the problem first.
The computational power argument can always be applied but take for example SHA256 it is globally excepted because its just not worth the effort, not because it cant be broken. This is where human behaviour and game theory come in as there is a two way correlation between motive, effort and reward. The need for distinguishing between Sybil and Non Sybil actors is also dependent on M.E.R. eg. Social Media Companies have millions of fake accounts, which they are happy to overlook when stating users numbers to shareholders. M.E.R is just one element in the equation.
Of course the solution needs to be decentralized, I mean that's why we're having this discussion on Protocol Labs page and not Googles and no people wont be expected to respond to captures all day.
As per more information, I'm still trying to figure out how it all comes together but I know IPFS, IPLD, Orbit DB are part of the tool box.

[uber9]

DNA test is the only sure way to identify any person, all other evidences can be forged, stolen, etc.

Since DNA test for opening account is not realistic, the problem should be restated as not to make impossible but to reduce number of incidents. Proof of work allowed to do just that. But ASICs made it easy barrier to jump over.

In conclusion, I think this problem is unsolvable. We just have to deal with it, we can't solve it.

[Stebalien]

I think you may be misunderstanding the problem statement.

• DNA isn't going to be particularly useful as we don't care who someone is, just that they're a unique person.
• Any form of proof of work that could feasibly be completed by a computer (ASIC or otherwise) isn't really relevant to proving personhood.

Think of this as a stronger CAPTCHA. CAPTCHA tries to prove that there is a human sitting at a computer completing a task. Here, we want to extend that to "there is a human and said human participates only once".

[microlancer]

Let's say there is a database (or blockchain) that records a genetic proof. In each record, your encoded DNA sequence (hashed) is associated with a cryptographically secure public key. Since you have the private key, you can sign any message to prove that you are indeed a single person (but doesn't reveal who you are directly, or even your DNA sequence). However, you do not need to reveal any additional information to prove you're human: no ID, first name, address, etc.

These records are maintained by a network of public hospitals or clinics. They are capable of analyzing a DNA sample to assure that it is indeed a real sample and not a fabricated one. Samples are sent to 5 (or so) randomly selected nodes (lab nodes) and they must agree that the sample is indeed real human DNA (not a dog, cat, or other organism) and not fabricated. Once confirmed, it is recorded on the public blockchain.

Now, it is possible that DNA can be stolen. Therefore, when DNA is submitted, if a duplicate record is found, then we can invalidate the old one given that a lab confirms the identity of that person. The original record holder (owning the private key) is also contacted and given the opportunity to dispute the new one that is attempting to override the record. A fraudulently submitted sample would most likely not respond to the request within 60 days. Furthermore, the sooner people submit their genetic proof of personhood, the harder it will be for others to submit their stolen one in advance.

There could be many side chains created that work together with the genetic chain. For example, residents of a town could have a town chain that allows you to vote as a resident once registered. Online voting becomes a matter of proving your identity by signing with your private key.

It may seem like a lot of work to have this done, but the privacy implications are significant. Although you would need to protect your private key quite dearly, it eliminates the need to provide a mountain of private and personal information every time you want to prove who you are. And although the infrastructure for this may be large, I would contend that it's not any more complex than existing personhood record keeping databases we already have today such as social security and birth certificates. In fact, this could help reduce or eliminate these privacy-leaking hacker-prone private databases with a single public blockchain that contains no personal information.

[alirezapaslar]

Hello folks,
Are you still considering this discussion?
I think BrightID is a fantastic solution to this issue.
Check out our whitepaper