Proof-of-Personhood

Leverages existing, state-issued credentials as a proof of unique personhood. This is a high-assurance but centralized method.

• Process: Users submit a government ID (e.g., passport, driver's license) which is checked against official databases or via a KYC (Know Your Customer) provider.
• Use Case: Common in regulated DeFi applications and services with strict compliance requirements.
• Trade-offs: Provides strong Sybil resistance but introduces significant privacy concerns and excludes individuals without formal identification.

Uses ongoing interaction patterns to maintain proof of personhood over time, moving beyond a one-time verification event.

• Idena: Uses synchronized captcha ceremonies where all verified participants solve puzzles at the same time, making large-scale automation impractical.
• Behavioral Biometrics: Analyzes patterns in device interaction, typing rhythm, or mouse movements to create a continuous authentication signal.
• Purpose: Defends against the sale or rental of verified identities ("Soulbound token" renting) by requiring persistent, human-like interaction.

Binds a personhood credential cryptographically to a specific, trusted piece of hardware, creating a strong link between identity and device.

• Secure Enclave / TPM: Uses a device's hardware security module (e.g., Apple Secure Enclave, Android KeyStore, TPM) to generate and store private keys for the identity. The credential cannot be exported.
• Use Case: Provides high security for Soulbound Tokens (SBTs) or credentials, ensuring they cannot be transferred to another person or device.
• Limitation: Ties identity to a physical device, which can be lost or damaged, requiring robust recovery mechanisms.

The primary security goal of any PoP system is Sybil resistance—preventing a single entity from creating multiple, fraudulent identities. This is the core trade-off: achieving strong resistance often requires sacrificing some degree of privacy (e.g., biometric data) or decentralization (e.g., trusted hardware or centralized oracles). Weak PoP implementations render governance and airdrop systems economically meaningless.

Many PoP methods, such as biometric verification (e.g., iris scans) or government ID linkage, create sensitive, permanent identity data. The security risk shifts from Sybil attacks to the catastrophic failure of this data vault. Systems must employ zero-knowledge proofs or secure multi-party computation to minimize exposure, but this adds complexity and potential points of failure.

To verify real-world attributes, PoP systems often rely on trusted third parties or oracles (e.g., phone carriers, government databases, hardware manufacturers). This creates centralization vectors and single points of censorship or failure. The trade-off is clear: higher assurance of uniqueness typically depends on trust assumptions outside the blockchain's cryptographic security model.

Even a robustly issued PoP credential can be compromised through collusion markets where verified identities are rented or sold. This is a governance attack where economic incentives undermine the system's social intent. Mitigations like continuous attestations or behavioral analysis introduce surveillance and complexity, highlighting the trade-off between security and autonomy.

PoP systems face a liveness-security trade-off. High-security, privacy-preserving protocols (like certain ZK-proof ceremonies) can be computationally intensive, excluding users with low-end devices and compromising global accessibility. Conversely, lightweight methods may be less secure. Furthermore, recovery mechanisms for lost credentials create security backdoors or permanent identity loss.

Sybil resistance is the property of a system that makes it costly or difficult for a single entity to create and control multiple fake identities (Sybil attacks). Proof-of-Personhood is a primary method for achieving Sybil resistance in decentralized systems, ensuring that governance rights (like voting) or resource allocations (like airdrops) are distributed per unique human, not per wallet or bot.

• Purpose: Prevents vote manipulation, spam, and unfair resource accumulation.
• Contrast: Unlike Proof-of-Work (costly via hardware/energy) or Proof-of-Stake (costly via capital), PoP aims for cost via verified identity.

A Zero-Knowledge Proof (ZKP) is a cryptographic method where one party (the prover) can prove to another (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself. This is crucial for privacy-preserving Proof-of-Personhood.

• Application: Allows a user to prove they are a verified, unique human without revealing their specific biometric data or linking their real-world identity to their on-chain activity.
• Example: A ZK-proof can attest "I passed an orb verification" without revealing which orb session or the associated facial data.

In governance, plurality refers to a system where influence is distributed among many distinct participants, preventing capture by a small group. Proof-of-Personhood enables collusion resistance by making it harder for a single entity to amass a large number of voting identities. However, PoP alone does not prevent coordinated voting by groups of verified humans (collusion), which is a separate, harder problem.

• Goal: To enable one-person-one-vote systems in digital governance.
• Challenge: Distinguishing between healthy community coordination and malicious collusion remains an active research area.