A privacy-preserving proof of personhood certificate

Many potential real-world use cases in web3 suffer from sybil attacks and would benefit if they could be prevented. Encointer offers a solution for sybil-resilience, but (currently) this solution can only be leveraged trustlessly within the Kusama XCM scope. Off-chain use cases would need to integrate with light clients to verify personhood on encointers parachain which adds a lot of technical complexity. The simple way would be - of course - to trust public rpc APIs, but that’s not web3 style, is it?

As introduced at Polkadot Now India [video] / slides, Encointer and Integritee are jointly developing a Proof of Personhood Oracle.

Proving personhood requires linking of your personhood reputation on the Encointer parachain with your account on a 3rd party service or chain. This comes with severe risks for privacy, which is the reason for the collaboration with Integritee.

Integritee has talked on the privacy issue of linkability [video] / slides and how its technology can offer unlinkablity

Concept

The oracle runs a light client into the Encointer parachain within a trusted execution environment (TEE). It fetches and verifies personhood claims against the chain and issues certificates for specific use cases. These certificates have a short time-to-live because personhood reputation needs to be renewed regularly to be verifiably unique. thanks to the TEE, the linking between reputation and target account for a particular use case is shielded and inaccessible even to the operator of the oracle

Use Cases

Social Media

On social media it is often too easy to create sockpuppets - maintain more than one identity and perform attacks like Astroturfing, ballot-stuffing, social bots, manipulation of public opinion, self-reviews, trolling

i.e. Nostr badges could be used to indicate unique personhood claims by nostr accounts. Client frontends could then show such a badge next to the user’s handle. This example is outside the Kusama XCM scope but based on public-key crypto as well which makes it very easy to integrate

Quadratic Voting/Funding

Quadratic voting can be gamed by distributing funds across many accounts (sybil-attack). This is why Gitcoin has introduced the Gitcoin passport, an aggregator of heterogeneous sybil prevention mechanisms

Thanks to the described oracle, Encointer could integrate with gitcoin passport although it is rooted on the Ethereum blockchain

Bridging Encointer’s sybil-resilience to alien chains

Encointer is rooted in the Kusama ecosystem and aims to become the sybil-resilience first choice for DotSama. However, this is not ambitious enough: We should reach out to all of web3 and integrate Encointer communities with other decentralized ecosystems. The personhood oracle will enable bridging to alien technologies - to anything which is based on public-key crypto, actually

Status

Work has started and we’re reaching out to the community to comment on if/how they would like to use our new service. Thanks to its simplicity and unlinkability, we even suggest that partnering parachains prefer this solution over XCM-ing with Encointer for their applications to become sybil-resilient

The issue of sybil attacks is a major concern in web3, and it’s good to see that Encointer and Integritee are working on a solution. The idea of a Proof of Personhood Oracle is fascinating, and it’s great to see these two companies collaborating to develop it. However, the issue of privacy is also a significant concern, and it’s essential that user privacy is protected in the process of proving personhood.

The risk of linkability between a person’s reputation on the Encointer parachain and their account on a 3rd party service or chain is a severe concern. It’s great to hear that Integritee has addressed this issue and is working to offer unlinkability using its technology. The development of this Proof of Personhood Oracle has the potential to bring more security to web3 use cases, but it’s crucial that privacy concerns are also taken into account. Overall, it’s great to see these collaborations between different companies working towards a more secure web3 ecosystem.

1 Like