Gitcoin Passport is a self-sovereign identity tool that allows users to collect stamps—verifiable attestations from various web2 and web3 platforms—into a single, portable identity. These stamps, which are Verifiable Credentials (VCs), can prove attributes like owning a specific NFT, having a certain social media account age, or completing a Proof of Humanity check. The aggregated stamps are scored by the Gitcoin Passport Scorer to generate a unique Passport Score, a quantitative measure of a user's trustworthiness and uniqueness within a system. This score is crucial for applications needing to distinguish real, unique users from automated bots or duplicate accounts.
LABS
Glossary
Gitcoin Passport
A composable, non-transferable identity aggregator that collects verifiable credentials to compute a Sybil-resistant 'humanity score' for users in web3 applications.
Chainscore © 2026
definition
DECENTRALIZED IDENTITY
What is Gitcoin Passport?
Gitcoin Passport is a decentralized identity protocol that aggregates verifiable credentials to create a user's digital reputation, primarily used to combat Sybil attacks in quadratic funding and governance.
The primary use case for Gitcoin Passport is securing quadratic funding rounds, such as those on the Gitcoin Grants platform. By requiring a minimum Passport Score to participate, the protocol effectively mitigates Sybil attacks, where a single entity creates multiple fake identities to manipulate funding outcomes. This ensures a more fair and democratic distribution of community funds. Beyond funding, Passport is increasingly integrated into DAO governance systems, token-gated experiences, and airdrop eligibility checks, providing a reusable layer of trust and reputation across the decentralized web without relying on centralized authorities.
Technically, a user's Passport is represented by a Decentralized Identifier (DID) stored on the Ceramic Network, a decentralized data stream protocol. Stamps are issued by issuers (like BrightID, ENS, or Coinbase) and held in the user's identity wallet. The scoring algorithm, which can be customized by applications, weights different stamp types to calculate the final score. This modular, composable architecture allows any dApp to query a user's score via an API to make permissioning decisions, making Gitcoin Passport a foundational Sybil resistance primitive for the broader web3 ecosystem.
how-it-works
SYSTEM OVERVIEW
How Gitcoin Passport Works
Gitcoin Passport is a decentralized identity protocol that aggregates verifiable credentials from various web2 and web3 sources to compute a unique trust score, enabling users to prove their humanity and reputation.
Gitcoin Passport functions as a self-sovereign identity aggregator. Users connect various accounts—such as Google, Twitter, GitHub, or blockchain wallets—to collect verifiable credentials (VCs) known as stamps. Each stamp is a cryptographically signed attestation from a specific provider, proving a user's action or attribute, like account age or transaction history. These stamps are stored locally in the user's browser or a decentralized storage service, giving the user full control over their data. The core mechanism is the Passport Scorer, an API that calculates a user's unique Humanity Score by applying a weighted algorithm to their collected stamps.
The scoring process is transparent and configurable. Application developers, or scoring partners, define a scoring rubric that assigns specific weights to different stamps based on their trust requirements. For example, a Sybil-resistant grant round might heavily weight a Bright ID stamp or Proof of Humanity verification, while a community governance platform might prioritize GitHub commits or Guild.xyz membership. The Passport Scorer API fetches a user's stamps, applies the partner's specific algorithm, and returns a single score. This allows platforms to implement graduated access controls, granting privileges based on score thresholds without exposing the user's underlying personal data.
Integration for developers is streamlined through the Gitcoin Passport API and software development kits (SDKs). A dApp can embed a Passport widget to initiate the stamp collection process. Once a user has a score, the dApp's backend can query the Scorer API to verify the user's eligibility. This architecture separates identity verification from application logic, allowing any platform to leverage a shared, composable reputation layer. Key use cases include filtering Sybil attacks in quadratic funding, gating token airdrops to unique humans, and creating trusted environments for decentralized autonomous organizations (DAOs).
Underpinning the system is a commitment to privacy and user agency. Stamps are zero-knowledge credentials where possible; the Passport Scorer only receives the stamp's type and issuance date, not the underlying data (e.g., your Twitter handle). Users can choose which stamps to reveal and can delete their Passport data at any time. The protocol is built on Ethereum Attestation Service (EAS) standards, ensuring stamps are portable, interoperable, and verifiable across the broader decentralized identity ecosystem. This establishes Gitcoin Passport not as a closed system, but as an open, composable primitive for web3 trust.
key-features
GITCOIN PASSPORT
Key Features
Gitcoin Passport is a decentralized identity protocol that aggregates verifiable credentials from multiple sources to create a unique, user-controlled digital identity, primarily used to prove humanness and reputation in web3 applications.
01
Stamps & Verifiable Credentials
A Gitcoin Passport is a collection of Stamps, which are verifiable credentials (VCs) issued by trusted providers. Each Stamp proves a specific claim, such as:
- Owning a BrightID account
- Holding a POAP NFT
- Having a Github account with contributions
- Passing a Proof of Humanity verification These credentials are stored in a user's wallet and can be selectively disclosed.
02
Unique Humanity Score
The protocol calculates a Passport Score (or Humanity Score) by aggregating the trust from collected Stamps. This score is a weighted sum, where different Stamps contribute different amounts of trust. Applications can set a minimum score threshold to gate access, helping to filter out sybil attackers and bots while preserving user privacy.
03
Self-Sovereign & Portable
Passports are user-controlled. The credentials are stored in the user's own wallet (e.g., via Ceramic Network), not on a centralized Gitcoin server. This makes the identity portable and interoperable across any dApp that integrates the Passport protocol, aligning with self-sovereign identity (SSI) principles.
04
Sybil Resistance for Public Goods
The primary initial use case is sybil resistance for quadratic funding rounds, like Gitcoin Grants. By requiring a minimum Passport Score to participate, the system ensures funding distribution is weighted towards genuine human contributors, not adversarial bots attempting to manipulate the matching pool.
05
Decentralized & Composable Trust
Trust is not centralized. The protocol composes trust from a decentralized network of issuers (e.g., BrightID, ENS, Coinbase). This composability allows the Passport to become more robust as new credential providers are integrated, creating a resilient web of trust without a single point of failure.
ecosystem-usage
GITCOIN PASSPORT
Ecosystem Usage
Gitcoin Passport is a decentralized identity protocol that aggregates verifiable credentials to create a portable, user-controlled proof-of-personhood score, primarily used to combat Sybil attacks in governance and funding mechanisms.
03
Stamp Ecosystem & Verifiable Credentials
A Passport is built from Stamps, which are verifiable credentials issued by Web2 and Web3 platforms (e.g., BrightID, ENS, Proof of Humanity, Google). Each stamp is a cryptographic attestation of a specific identity trait. Users collect stamps to increase their Passport Score, which is calculated based on the diversity and strength of their aggregated credentials.
05
Score Calculation & Weighting
The Passport Score is not a simple sum of stamps. It uses a weighted algorithm where different stamp providers (issuers) carry different trust weights based on their Sybil resistance. The algorithm is designed to value diversity of proof—having stamps from multiple, distinct identity verification methods yields a higher score than multiple stamps from similar sources.
06
User Sovereignty & Data Privacy
Passport employs a user-centric model. Stamps are stored in a user's decentralized data store (Ceramic stream) that they control. Users choose which stamps to aggregate and can disclose their score without revealing the underlying credentials. This aligns with self-sovereign identity (SSI) principles, giving users ownership over their digital identity data.
technical-details
TECHNICAL ARCHITECTURE
Gitcoin Passport
An overview of the decentralized identity and sybil resistance protocol that underpins Gitcoin Grants and other applications.
Gitcoin Passport is a decentralized identity protocol that aggregates verifiable credentials from various web2 and web3 sources into a single, user-controlled identity to prove humanness and reputation while preserving privacy. It functions as a sybil resistance tool, allowing applications to assess the likelihood that a user is a unique human rather than a bot or duplicate account. Users collect stamps—attestations from identity verifiers like BrightID, ENS, or Coinbase—which are stored as Verifiable Credentials (VCs) in their Passport. The protocol's core innovation is its scoring mechanism, which calculates a Passport Score based on the accumulated stamps, enabling platforms to implement gated access or weighted governance.
The technical architecture is built on a decentralized data model where users retain custody of their credentials. Stamps are stored off-chain, typically in a user's Ceramic data stream or compatible decentralized storage, and are cryptographically signed by the issuing verifier. When a user connects their wallet to an application, they present their Passport, and the application's backend queries the Gitcoin Passport API or a Scorer service to verify the stamps and compute a score. This design separates the identity layer from the application layer, allowing for composability; a single Passport can be used across multiple dApps, DAOs, and grant platforms without creating new accounts.
Under the hood, the scoring algorithm uses a weighted model where different stamps contribute different point values based on their perceived cost-of-attack and reliability for proving unique humanness. For example, a Proof of Humanity stamp carries significant weight, while a social media verification may contribute less. Applications set their own score thresholds for access. The protocol is evolving towards greater decentralization with the Passport Protocol, an open-source framework that allows any community to run its own passport instance and scoring logic, moving away from a centrally managed API to a self-sovereign standard.
security-considerations
GITCOIN PASSPORT
Security & Trust Assumptions
Gitcoin Passport is a decentralized identity protocol that aggregates verifiable credentials to create a Sybil-resistant 'human score' for Web3 applications. Its security model relies on the integrity of its stamps (attestations) and the cryptographic proofs they generate.
01
Stamp-Based Identity Aggregation
A Passport is not a single credential but a collection of verifiable credentials (VCs) called stamps. Each stamp is a cryptographic attestation from an issuing authority (e.g., BrightID, ENS, Proof of Humanity) that proves a specific claim about the user. The Passport aggregates these stamps to build a composite identity score, distributing trust across multiple, independent sources rather than a single provider.
02
Sybil Resistance & Unique Humanity
The core security goal is Sybil resistance—preventing a single entity from creating multiple fraudulent identities to game systems (like quadratic funding). Passport achieves this by scoring the diversity and strength of a user's stamps. A higher score, derived from stamps that are costly or difficult to fake (e.g., government ID, biometric proof), indicates a higher likelihood of unique humanity. Applications set their own threshold score for access.
03
Decentralized Identifiers (DIDs) & Verifiable Credentials
Passport is built on W3C standards for Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).
- The user's Passport is anchored by a DID, a cryptographically verifiable identifier they control.
- Each stamp is a VC, a tamper-evident credential signed by an issuer's DID.
- This standard-based approach allows for interoperability and ensures credentials can be cryptographically verified without relying on the Gitcoin Passport service itself.
04
Trust in Stamp Issuers
The security of the system is a function of trust in its issuers. Passport's trust assumptions include:
- Issuer Integrity: That stamp issuers (like Coinbase, ENS, or BrightID) correctly verify the user's claim before issuing a VC.
- Issuer Decentralization: That the set of issuers is sufficiently diverse so that compromising one or a few does not compromise the entire scoring system.
- User Sovereignty: Users hold their private keys and can choose which stamps to reveal, minimizing data exposure.
05
Scoring Algorithm & Weighting
The Gitcoin Passport Score is calculated by an algorithm that assigns weights to different stamps based on their perceived cost-to-fake and reliability for proving unique humanity. The algorithm and weights are transparent and can be audited. This introduces an assumption that the weighting logic accurately models Sybil resistance and is not easily manipulated by attackers acquiring low-cost, low-quality stamps en masse.
DECENTRALIZED IDENTITY LANDSCAPE
Comparison with Other Identity Solutions
A technical comparison of Gitcoin Passport's approach to decentralized identity and sybil resistance against other common solutions.
| Feature / Metric | Gitcoin Passport | Traditional KYC | Soulbound Tokens (SBTs) | Proof-of-Personhood Protocols |
|---|---|---|---|---|
Core Mechanism | Aggregated, verifiable credentials | Centralized verification & database | Non-transferable on-chain tokens | Unique-human cryptographic proof |
Sybil Resistance | ||||
Privacy Preservation | Selective disclosure, zero-knowledge proofs | Fully public on-chain | Varies by protocol | |
Developer Integration | API & SDK for scoring | Manual process, compliance heavy | Smart contract integration | Protocol-specific integration |
Cost to User | Gas fees for stamps only | $10-50 per verification | Gas fees for minting | Typically zero or minimal |
Decentralization | Credential issuance & verification | Token issuance only | ||
Portability & Interoperability | Wide protocol support via Verifiable Credentials | Limited to issuing chain | Protocol-specific, often isolated | |
Recovery Mechanism | Social recovery & re-verification | Centralized custodian | Complex, often non-existent | Protocol-specific, often complex |
GITCOIN PASSPORT
Frequently Asked Questions
Common questions about Gitcoin Passport, a decentralized identity protocol for proving human uniqueness and reputation.
Gitcoin Passport is a decentralized identity protocol that aggregates verifiable credentials from various sources to create a unique, non-transferable identity score called a Passport Score. It works by allowing users to connect and verify accounts from services like Google, Twitter, GitHub, and blockchain wallets. Each verification, or stamp, is a cryptographically signed attestation stored off-chain. The protocol's scoring algorithm, which can be customized by applications, calculates a score based on the number and quality of stamps, which applications can then use to assess a user's sybil-resistance and reputation without exposing personal data.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall