As AI continues to evolve, distinguishing between human activities and those carried out by neural networks becomes increasingly important. Proof-of-Personhood (PoP) is a mechanism that can help address this challenge.
What Is Proof-of-Personhood?
Proof-of-Personhood (PoP) is a mechanism that verifies the “personhood” and uniqueness of an individual. It has gained popularity as malicious actors create multiple fake accounts to manipulate voting or reward distributions.
PoP ensures that each participant in a project receives an equal voice and share of rewards. Notably, unlike other popular consensus mechanisms such as Proof-of-Work (PoW) or Proof-of-Stake (PoS), PoP does not allocate voting rights or rewards based on the resources committed.
The need for Proof-of-Personhood systems is partly due to threats from the misuse of deepfake technology.
Why Is It Necessary?
Advanced AI can expand human capabilities, but it also brings significant problems. For instance:
In 2014, an unknown attacker carried out a five-month-long Sybil attack on the Tor network. Developers later created a tool that detected many pseudonymous nodes, uncovering schemes to rewrite Bitcoin wallet addresses, redirect to phishing sites, and investigate the possibility of de-anonymizing the network.
In 2024, a Reddit user won a bet by passing verification with an AI-generated image created by the Stable Diffusion AI model. Interestingly, the name of the generated character was listed as “Your Mom.” This technology is particularly alarming to the financial sector: according to The Wall Street Journal, AI-related fraud incidents increased by 700% in 2023.
PoP is designed to solve these issues.
Firstly, PoP provides a natural rate limit through account verification, essentially preventing large-scale Sybil attacks.
Secondly, the mechanism allows content filtering: for instance, only allowing verified unique individuals to access certain content. This helps combat the viral spread of AI-generated misinformation.
What Are the Methods of Proof-of-Personhood?
Proof-of-Personhood can confirm “personhood” in various ways. Here are some of the most popular methods:
Online Turing Tests Currently, CAPTCHAs attempt to limit the rate of automated Sybil attacks by using automated Turing tests to distinguish humans from machines. Despite the partial success of this method, it does not prevent one person from obtaining multiple accounts by solving several CAPTCHAs in a row.
This method has other drawbacks, such as challenges for users with poor vision or limited learning abilities who may struggle with puzzles.
Biometric Verification Specialized platforms use biometric methods for identity verification, such as facial recognition, fingerprint scans, palm geometry, retinal or iris scans, and signatures.
Physical Verification Methods Another method of confirming identity involves physical verification, primarily through attending events. In this case, participants might receive an SBT reflecting their verified status.
Social Network Verification Another approach is based on users within a social network verifying each other’s identities. This method can be criticized for the lack of a direct way to check that a participant has not created fake identifiers by agreeing with others to confirm them.
A related issue is that graph-based Sybil detection algorithms usually only find large groups, making small-scale attacks difficult or impossible to detect.
Time-Locked Wallets Another approach to PoP verification involves users locking funds for a specific period to track their activity over time. This can serve as evidence of unique human behavior, adding an extra layer of verification to combat Sybil attacks. However, this method is also not foolproof.
Zero-Knowledge Proofs Zero-Knowledge Proofs (ZKP) allow verifying certain attributes about oneself, such as age or nationality, without disclosing the actual information. This can be implemented in a decentralized system where participants prove their uniqueness without revealing personal data.
What Are Some PoP Projects?
There are several projects working on blockchain-based identification protocols that allow users to verify their identities without relying on centralized institutions. These protocols can be integrated with various decentralized applications to ensure consistent proof of identity across networks.
Partly, the recent hype around Worldcoin has brought attention to PoP, but the concept itself is not new. In 2014, Vitalik Buterin proposed developing a “unique identification system” for cryptocurrencies. From this idea, PoP has evolved into several projects using this technology, including:
- Gitcoin Passport: Collects “stamps” from Web2 and Web3 authenticators, serving as credentials for cross-platform identity verification without disclosing private information.
- Idena: Involves participating in a CAPTCHA game at a designated time to prevent multiple participations.
- Proof of Humanity: Combines trust networks with reverse Turing tests, implements dispute resolution, and creates a list of verified users.
- BrightID: Conducts “verification parties” via video call for mutual verification through the Bitu system, requiring a sufficient number of verified users to vouch for a person.
- World ID by Worldcoin: An open identification protocol that anonymously verifies a person’s identity using zero-knowledge proofs.
- HumanCode: Offers identity verification through palm print recognition accessible to any smartphone user. In April 2024, it partnered with TON Society.
What Are the Drawbacks of PoP?
While PoP offers innovative ways to confirm digital identity and authentication, the mechanism has certain drawbacks:
- Privacy and data security issues: Although ZKP helps address some privacy concerns, users may still hesitate to participate in PoP verification;
- Cost and complexity: Creating and maintaining a reliable and secure decentralized PoP system requires significant investment and skilled engineers;
- Criminal threats: Biometrics can provide unique identification, but they also pose potential risks, including data theft or misuse;
- Authentication errors: There is a risk of false negatives or false positives, undermining the effectiveness and fairness of PoP platforms.