Revolutionizing identity verification: An introduction to Proof of Personhood (PoP) protocols

Revolutionizing identity verification: An introduction to Proof of Personhood (PoP) protocols


In recent years, the need for reliable and secure identity verification systems has become increasingly important. Traditional methods of identification have proven to be susceptible to security breaches and fraud. In response, Proof of Personhood (PoP) protocols have emerged as a promising solution for identity verification.

This paper provides an introduction to PoP and its potential as a revolutionary technology for identity verification. PoP refers to an efficient tool capable of creating a truly decentralized protocol to counter malicious attacks on online platforms, mainly attacks with the utilization of multiple fake virtual identities such as the Sybil one. These protocols rely on cryptographic algorithms to ensure the security and integrity of identity verification.

PoP exhibits great potential in transforming the authentication process and guarding against security breaches and fraud, despite the difficulties it may encounter. The paper overviews PoP, and its benefits over traditional identity verification methods, and considers the challenges and risks of PoP including privacy concerns, scalability, and interoperability with existing systems. It also explores the various use cases of PoP, such as identity verification, democratic governance, public goods funding, Universal Basic Income (UBI), anti-Sybil tools and airdrops, et cetera.

We discussed the most notable identity verification mechanisms and PoP initiatives, including Kleros, BrightID, Idena, Humanode, Worldcoin, Governor DAO, Anima, Upala, and Gitcoin Passport. A comparative table of PoP initiatives is provided. By exploring them, and analyzing their potential and limitations, this paper seeks to inspire further research into the potential of PoP.

Part I. Understanding PoP

This part aims to provide a comprehensive understanding of PoP. The section will begin with an overview and history of the concept. The focus will then shift to the unique components of PoP that distinguish it from traditional approaches, such as Proof of Work (PoW) and Proof of Stake (PoS). Finally, this section will explore the various use cases where PoP may be successfully implemented, and delve into the advantages of PoP over other methods of identity verification, as well as its challenges and risks. By the end of this section, the reader will have a solid foundation of knowledge on PoP and its potential for transforming the field of identity verification.

From concepts to definitions: Tracing the evolution of PoP

The goal of creating a distributed system in which each unique human will have only one ID has remained for decades. It has become even more relevant and hot with the proliferation of the internet, the increase of Sybil attacks, and the simplification of their conduct.

Basically, Sybil resistance in the system refers to the ability of a system to resist attacks from malicious actors attempting to create multiple fake identities, or Sybils, in order to gain control or influence over the system. It is named after the subject of the book, a woman diagnosed with dissociative identity disorder named Sybil.

The term “Sybil” was coined by John R. Douceur (2002). He defined Sybil attack as

“an attack wherein a single entity masquerades as multiple entities or nodes within a network to gain a disproportionately high influence within the network or to subvert the network’s operation altogether.”

Answering the challenges of times, to tackle Sybil attacks, several mechanisms have been developed. The basic ones are KYC (which means Know Your Customer and sometimes Know Your Client, which is the process of identifying and verifying the client’s identity), Turing tests like CAPTCHAs (a contrived acronym for Completely Automated Public Turing test to tell Computers and Humans Apart) introduced by von Ahn et al. (2008), social trust and graphs, and other integrated methods.

However, not all of them provide privacy, and anonymity, requiring users to share their personally identifiable information (PII) which may include names, addresses, emails, passport numbers, financial account numbers, and others.

One early privacy-preserving approach was proposed by Bryan Ford, Jacob Strauss, et al. (2008) to create anonymous one-per-person credentials for use in distributed systems. It was basically pseudonym parties, in which participants gather periodically at in-person events and leverage the fact that humans can physically be in only one place at a time: “A pseudonym party is a gathering where participants create new online identities, also known as pseudonyms, and establish strong links between their offline and online identities. The process involves the verification of each participant’s real-world identity, the creation of a new cryptographic key pair for each pseudonym, and the establishment of a web of trust among the participants. The pseudonyms can then be used for a variety of online transactions, such as electronic voting, online auctions, or anonymous blogging, with the assurance that each participant is only using one pseudonym and that each pseudonym corresponds to a real-world identity.”

Vitalik Buterin (2014) was also one of the first researchers who raised the ‘unique human problem’ and propose the creation of a ‘unique identity system’ for crypto networks: “… final unique human problem is the need for a system of reputation and identity that does not depend on any central authority. This is necessary to create a trustless network of contracts. A possible direction is to use a web of trust system, where each account is associated with a real identity, which is itself associated with a certain amount of reputation. Alternatively, one can use a centralized identity system, but one that is controlled by the users rather than by any one central organization.” Anti-Sybil at its very core, such a system would have given each human one and only participation token.

A few years later, the term PoP was suggested in an academic paper by Borge et al. (2017) as they introduced PoPCoin cryptocurrency. According to them, “Proof-of-personhood is based on the concept of accountable pseudonyms. The idea is to link virtual and physical identities in a real-world gathering (e.g., a party) while preserving users’ anonymity.’’

Also, there are certain nuances and variations of PoP naming. Thus, the PoP mechanism is also usually called Proof of Existence (PoE), or Proof of Human Existence (PoHE). For example, Chopra, Gupta and Lambora (2019), define PoE as a blockchain-based mechanism that “enables users to verify the existence of a digital document without disclosing its contents and without requiring any trusted third party.”

Mainly, PoP can be defined as a type of Sybil-resistant identity verification mechanism that uses unique attributes and characteristics of individuals to verify their identity. By leveraging decentralized networks and cryptographic algorithms, PoP protocols aim to provide a more secure, cost-effective, and privacy-preserving alternative to traditional identification methods.

Currently, there are several crypto initiatives that are implementing PoP in diverse approaches to bolster their network’s security and identity verification, thereby revolutionizing how we think about decentralization and tech, and promoting a more secure and human-centric future.

Exploring the unique components of PoP

PoP protocols have two key components that differentiate them from traditional identity verification mechanisms. These components are:

PoP protocols require users to prove that they are unique human being through various means, such as, for example, biometric data, or community verification. Mainly, PoP protocols rely on a unique human recognition process to identify individuals, as opposed to traditional identity verification methods that rely on documents or credentials. This process allows for a more secure and reliable identification method that is not susceptible to fraud or impersonation.

PoP protocols utilize decentralized verification systems, where a network of nodes or peers verifies the identity of an individual rather than a centralized authority. This system reduces the risk of data breaches and provides greater privacy and control over data for individuals.

PoP: Sybil resistance beyond PoW and PoS

PoP is a novel approach to identity verification that when built on the Layer 1 level distinguishes itself from traditional Sybil deterrence mechanisms, such as Proof of Work (PoW) and Proof of Stake (PoS) that currently dominate in the space.

In a nutshell, PoP is designed to check whether every person in the network is unique and has a singular identity and ensures it. Bringing equality and Sybil resistance to the system, the PoP mechanism in Layer 1 networks guarantees every individual the same amount of weight in the consensus, voting power, and rewards creating a democratic and fair peer-to-peer network.

In contrast, PoW and PoS networks grant voting rights and rewards in proportion to users’ economic investments in an activity or resource, stake, or computational power, leading to oligopolies and mining pools, which is their main flaw. PoW requires miners to perform a computationally intensive task in order to validate transactions and secure the network, while PoS requires validators to prove ownership of a certain amount of cryptocurrency.

L1 PoP provides an identity verification rooted in human existence, rather than merely computational resources. PoP may be particularly important for certain use cases, such as public goods funding, where identity is critical for accountability and transparency. In this way, PoP has the potential to revolutionize not only the way we verify identity but also the way we distribute resources and govern public goods.

Currently, Humanode and Idena PoP are used to replace PoW and PoS, as they are Layer 1 networks, capable of doing so.

PoP use cases: From SSI to UBI

PoP protocols have several use cases that demonstrate their potential to revolutionize identity verification and establish a more secure and trusted digital ecosystem.

One of the primary use cases of PoP protocols is identity verification. PoP can be potentially used for identity verification in a decentralized and privacy-preserving way, ensuring that the identity of the user is verified without compromising their privacy. This use case is particularly relevant in industries such as banking, healthcare, and voting systems, where secure and efficient identity verification is crucial.

Self-sovereign identity (SSI)

The notion of SSI was first introduced in a paper by Carl Ellison (1996) that examined how digital identity was created. SSI as a concept emerged later in the early 2010s. PoP protocols can enable SSI, allowing individuals to own and control their digital identities. This can be achieved through PoP mechanisms that enable individuals to generate, manage and control their personally identifiable information (PII) without a centralized third party like a registry, identity provider, or certification authority as well as to share only the information they choose to share.

The key use for PoP is to eliminate third parties and to ensure that control in the system and voting power are widely distributed. Such a scenario helps proof of personhood networks to avoid the re-centralization that has been observed in proof of work and proof of stake networks.

The next use case is democratic governance acceleration and facilitation. Decentralized blockchain architecture should be built in a way that enforces a one person = one vote ethos. The use of PoP protocols in democratic governance can ensure that the voting process is secure and reliable without the need for centralized authorities. By using PoP protocols, it is possible to verify the identity of voters without revealing their personal information, which can help in building a more transparent and democratic system.

The concept that is worth noting here is quadratic voting, an innovative concept that has emerged as a promising solution for community-based decision-making. It was introduced by economist Glen Weyl (2012). Quadratic voting is a voting system that allows voters to allocate their votes non-uniformly, reflecting the intensity of their preferences rather than just their number of votes. As Weyl explains, “The concept of quadratic voting… allows individuals to express how strongly they feel about different issues while discouraging extremists from dominating the debate”.

Universal basic income (UBI)

The concept of UBI in its early forms has been proposed by various thinkers over time, and its origins can be traced back to the work of philosophers such as Thomas More and Thomas Paine. In modern times, it has been championed by figures such, for instance, as Milton Friedman. The specific proposal for implementing UBI varies depending on the proponent, but it generally involves providing a regular, unconditional payment to all individuals in a given society, with the goal of addressing poverty, inequality, and other social issues. By using PoP protocols, it is possible to verify the identity of eligible recipients and distribute UBI in a transparent and secure manner, which can help in reducing poverty and improving social welfare. For example, it can be achieved by minting a fixed amount of new currency for each human participant in a given period of time.

Basically, oracles are mechanisms that provide off-chain data for blockchains. Instead of simple tech due diligence (like in Chainlink) and staking, PoP can provide an alternative solution. Thus, witnesses can be randomly selected from a variety of human participants to reach a consensus on arbitrary evidence. By using PoP protocols, it is possible to ensure that the data is authentic and reliable.

Blockchain-based PoP systems are able to make a signal represented by votes and financial obligations transparent at the supranational level. Distinguishing unique identities, adopted on a large scale, can contribute to the social infrastructure and address global challenges connected with ecology, pandemics, inequality, et cetera. PoP protocols can be used to enable secure and transparent funding of public goods, such as open-source software, public infrastructure, and public services. By using PoP protocols, it is possible to ensure that the funding is transparent, accountable, and secure, which can help in promoting the common good.

Glen Weyl and computer scientist Eric Posner proposed a concept of quadratic funding in their papers (2013, 2014, 2015) and later expanded it upon in their book “Radical Markets” (2018). Quadratic funding is a funding mechanism that leverages quadratic voting to allocate funds non-uniformly based on the intensity of support for a particular proposal. As Weyl and Posner note, QF “aims to create a more democratic funding process that can be more easily used by a wider range of individuals and organizations”.

Another important use case of PoP protocols is anti-fraud measures. Gao et al. (2020) explain that PoP protocols “can help prevent identity fraud by establishing a secure and verifiable link between an individual and their digital identity.” This can be achieved through various PoP mechanisms, such as, for example, biometric authentication, which ensures that the user is physically present and verifies their identity.

Anti-bots and spam tools in social media and gaming

It is known that bots manipulate gaming and social media, including signaling methods such as likes and numbers of followers. In networks, where users can create multiple accounts and get rewards for each of them, stable Sybil protection can help in building a more authentic and reliable online community as it can fight the spread of fake experiences, misinformation, as well as digital advertising scams.

Anti-Sybil airdrops and NFT distribution

Airdrops and non-fungible tokens (NFTs) as recent crypto phenomena suffer from the lack of Sybil resistance. In pursuit of easy-to-get tokens, users often create multiple accounts. PoP is a key component in ensuring fair airdrops and NFT distribution.

Scheme 1. PoP main use cases. Unlocking the benefits

PoP protocols offer several advantages over traditional identity verification methods that are based on sharing sensitive personal information, such as a government-issued ID or a social security number, which can put individuals at risk of identity theft and compromise their privacy.

One key advantage of PoP protocols is enhanced privacy. By enabling individuals to establish and verify their identities without sharing sensitive personal information, PoP protocols protect individuals’ privacy and reduce the risk of identity theft.

Another benefit of PoP protocols is increased security. By leveraging advanced cryptographic techniques, PoP protocols make it more difficult for malicious actors to impersonate individuals and engage in identity fraud and improve overall security in the network. On top of that, such cryptographic proofs bring more trust to the data.

In addition, PoP protocols offer an improved user experience. By providing a seamless and user-friendly means of establishing and verifying identity, PoP protocols reduce the need for cumbersome and time-consuming manual verification processes.

Also, most PoP protocols make identity verification more accessible to people without access to traditional forms of identification, such as those living in poverty, refugees, and homeless individuals.

Finally, PoP protocols can be implemented on a large scale, making them suitable for use in a wide range of digital applications and use cases, from financial transactions to online voting and beyond. Such use cases are anti-bots and spam tools, anti-Sybil airdrops and NFT distribution, public goods funding, et cetera.

Table 1. PoP advantages.

Basically, PoP protocols offer a promising new paradigm for identity verification in the digital age. By providing a more secure, privacy-preserving, and user-friendly means of establishing and verifying identity, PoP protocols have significant potential benefits for individuals, businesses, and society as a whole.

Challenges and risks

Despite the potential benefits of PoP protocols, there are also several limitations and challenges that need to be considered. One significant technical challenge is the difficulty in creating a robust, scalable, and reliable identity verification system. Furthermore, there is a risk of creating a centralized system in the scenario when PoP protocols require a central authority or trusted third party to verify identities and a great potential for privacy concerns. Additionally, there is a risk of identity theft and impersonation if PoP protocols are not designed to protect against these types of attacks.

Table 2. PoP challenges.

In summary, PoP protocols hold great promise for revolutionizing the way we verify identity and protect against fraud and security breaches. However, there are significant challenges and limitations that must be addressed to ensure the success of these protocols in the long term.

Part II. Verifying identity: Mechanisms and initiatives in use

As the world becomes increasingly digitized, the need for reliable and secure identity verification mechanisms becomes ever more pressing. A wide range of initiatives have emerged in response to this need, utilizing various techniques to verify the identity of individuals. This part of the paper explores the different identity verification mechanisms and the projects that use them, providing an overview of their strengths and limitations. By examining them, we can gain a better understanding of the current state of identity verification and the challenges that remain to be addressed.

Know Your Customer (KYC)

KYC, or Know Your Customer, is the most common method of identity verification. It is a regulatory requirement in many countries that necessitates financial institutions and other regulated entities to confirm the identity of their customers.

Table 3. Advantages of KYC.

Most decentralized identity solutions require users to do KYC and provide PII, sensitive personal information like government ID, address, photo, etc. This information is then used to verify the customer’s identity using various methods, such as manual verification, electronic databases, and biometric authentication. The problem is that such solutions offer neither security nor privacy, storing users personal information in centralized servers, with direct access to the data given to appointed employees, meaning it can be potentially manipulated, lost, or stolen.

To achieve minimal resistance to Sybil attacks, this approach utilized identity proxies such as phone numbers, credit cards, or IP address verification. It is often easy to obtain numerous identity proxies using techniques such as SMS or IP address spoofing.

Furthermore, KYC processes can be expensive, and time-consuming as the customers must go through a series of steps to complete the verification process. Despite being a time-consuming process, KYC can still be inaccurate in verifying the customer’s identity due to software, human error, or fraudulent documents. Additionally, the collection and storage of personal data during the KYC process can raise privacy concerns for customers.

Another limitation of KYC is exclusion. It can exclude certain segments of the population who may not have the necessary documents to verify their identity, such as refugees or those without a permanent address. This exclusion can be detrimental to these populations and limit their access to financial services and other opportunities.

Table 4. Limitations of KYC.

The emergence of new technologies such as blockchain and PoP protocols have the potential to revolutionize KYC by providing more efficient and secure identity verification mechanisms. PoP can protocols provide a privacy-preserving authentication mechanism that relies on cryptographic techniques to verify an individual’s identity without revealing sensitive information, making it an attractive option for KYC processes. By leveraging such cryptographic techniques, KYC can be streamlined and made more transparent, and secure, while also reducing the burden on customers.

Thus, in 2020, Synaps’ startup initiated a user-friendly decentralized KYC solution to simplify fundraising and access to investment on the Web3. The project was created with the vision to optimize and streamline the identification path, making connected communities a safer place.