Unique Humanity Proof

UHP protocols generate a cryptographic attestation that is mathematically bound to a single human identity. This is typically achieved through a combination of zero-knowledge proofs (ZKPs) and biometric liveness checks, ensuring the proof cannot be duplicated, transferred, or forged without detection. The system's security relies on the inability to create a second valid proof for the same underlying identity.

A core principle of UHP is enabling verification without exposing personal data. Zero-knowledge proofs allow a user to prove they possess a valid, unique human credential without revealing the credential's contents or any Personally Identifiable Information (PII). This enables Sybil-resistance for applications like governance or airdrops while maintaining user privacy and compliance with regulations like GDPR.

Unlike centralized identity providers, UHP systems are often built on permissionless blockchains or decentralized networks. The verification logic and attestation issuance are governed by smart contracts and decentralized protocols, removing single points of failure and control. This ensures the system cannot be unilaterally shut down or manipulated by any single entity, granting users self-sovereign identity.

UHP directly combats Sybil attacks, where a single entity creates many fake identities to gain disproportionate influence or rewards. By cryptographically guaranteeing one-human-one-identity, UHP enables fair distribution mechanisms in token airdrops, quadratic funding, and decentralized governance (e.g., one-person-one-vote). This aligns economic incentives with genuine human participation, protecting ecosystem integrity.

UHP systems include mechanisms for the secure management of identity credentials. This includes:

• Selective Disclosure: Revealing only specific attributes (e.g., "over 18") from a credential.
• Revocation: The ability to invalidate a credential if compromised, often via a revocation registry or time-based expiration.
• Recovery: Secure processes for users to regain access to their identity if they lose their private keys, preventing permanent lockout.

UHP credentials are designed to be interoperable across different applications and blockchains. Using standards like W3C Verifiable Credentials (VCs) or Decentralized Identifiers (DIDs), a single proof of humanity can be reused in multiple dApps—from DeFi and social networks to gaming. This composability reduces friction for users and developers, creating a portable web3 identity layer.

UHP is critical for preventing sybil attacks in token distributions and decentralized governance. Projects integrate UHP to:

• Filter airdrop recipients, ensuring tokens go to unique humans, not farming bots.
• Weight governance votes (e.g., one-person-one-vote models) to prevent whale or bot dominance in DAOs.
• Use retroactive proof-of-personhood where past on-chain activity is analyzed to infer unique human patterns.

Privacy-preserving UHP uses zk-SNARKs or zk-STARKs to prove humanity without revealing identity. This enables:

• Selective disclosure: Proving you are a verified human for a service without linking to your specific World ID or other credential.
• Compliance with regulations (like GDPR) by minimizing personal data on-chain.
• Cross-chain and cross-application attestations where a proof from one chain can be verified on another without exposing the underlying data.

Passive UHP methods analyze on-chain behavior to infer human-like patterns, often used as a secondary layer. These include:

• Transaction graph analysis to detect bot-like activity (e.g., repetitive, high-frequency interactions).
• CAPTCHA-like smart contracts that require solving a simple, uneconomical-for-bots puzzle.
• Proof-of-attendance protocols (POAP) where physical event attendance serves as a proxy for unique human presence.

A cryptographic method allowing a user to prove they possess a credential (like government ID) without revealing the credential itself. This is the gold standard for privacy in UHP.

• Privacy-Preserving: The verifier learns only that the proof is valid, not the underlying data.
• Computational Overhead: Generating ZKPs requires significant computation, which can impact user experience.
• Example: A user proves they are over 18 from their passport's birth date, without revealing the exact date or document number.

Using unique physical traits (e.g., facial recognition, fingerprint) to attest to human uniqueness.

• Strong Uniqueness: Biometrics are inherently difficult to forge or duplicate at scale.
• Centralized Risk: Raw biometric data is highly sensitive; storage creates a prime target for hackers.
• Irrevocability: Unlike a password, biometrics cannot be changed if compromised, leading to permanent identity theft risk.

Analyzing a user's connections and activity on social platforms (e.g., Twitter, GitHub) to infer human patterns.

• Low-Friction: Users often already have these accounts, reducing onboarding burden.
• Sybil Resistance: It's costly to create many accounts with authentic-looking social graphs.
• Privacy Leakage: The analysis can reveal social connections, interests, and professional networks the user may wish to keep private.

Creating a unique identifier from a combination of device attributes (OS, browser, screen resolution) and user interaction patterns.

• Passive Collection: Can operate without explicit user consent, raising ethical concerns.
• False Positives: Legitimate users with privacy tools (VPNs, script blockers) or shared devices may be flagged as sybils.
• Cross-Site Tracking: The fingerprint can be used to track users across different applications, not just for UHP.

The critical decision of where and how the proof or its underlying credentials are stored.

• On-Device Storage: Credentials stored locally (e.g., in a secure enclave) give users maximum control but are lost if the device is.
• Centralized Custodian: A trusted third party holds the data, creating a single point of failure and censorship.
• Decentralized Storage: Using networks like IPFS or Arweave can enhance resilience but may complicate data deletion requests.

Mechanisms to invalidate a UHP credential after a certain time or if compromised.

• Temporal Limits: Proofs that expire (e.g., valid for 1 year) force re-verification, improving long-term security.
• Revocation Registries: A list of revoked credential identifiers, often stored on-chain, allows for proactive invalidation.
• Privacy Challenge: Checking a revocation list can leak the fact that a specific user is attempting access.