Decentralized Proof-Of-Unique-Human

arXiv:1806.07583v1 [cs.CR] 20 Jun 2018 fdt sas urnedb optrcd,bsdo pre- on applicatio based direct code, a computer is money by Decentralized the guaranteed rules. -which also specified ledger is immutable data an of in data specific from people create itself. of not of group favor does specific in authority system a an the excluding such or that Moreo identities, sure identities. fake make citizen eve to their against need collect we come to aims will that Identit nation-states system conflicts. and political concept, and political identities, fake misuses, niehmneatyoeacut hc a eue for used be can well. as which systems account, other into one ev logging assigning exactly for human system highly any violating online not for to is suitable there prone Currently, not privacy. and socia voting) are phone reputable applications(e.g. methods mobile other critical These E-mail, and accounts. as information, partially media such card problem systems credit the other number, on solved privately relying messengers institutions by and financial a media created or Social usually governments a are by holdi and solve databases for managed [16] to system Identity universal attacks key identities. no Sybil human a is including there is votings, challenges, identity accountable of While range systems. wide online in lem upss oilmdaacut,rptto ytm etc. systems ban th reputation and state- accounts, use financial using media can votings, social by for they purposes, We concerns preserved so any tokens. be without and generated can identity techniques, newly privacy cryptographic users’ by of-the-art the users how and ince show are verifiers there Also, honest ones. for unjust punish and mechanism verifiers governance choose novel verifi from c the benefits peer-to-peer in UniqueID centralization by process, the and data, submitt behavior if users’ bad has check preventing other For user can in verifiers the inconsistency The Human any that data. is claims. ensure biometric valid such platf to own on is a his here computations as challenge performing integrity biggest and its cl storing proved characteris user’s for measurable the has and simply Blockchain permanent, is unique, -biometrics. identity his th this of more of no one have on part can One entity account. human physical one every ident that such human identi Decentral ties maintaining human a for verified is Organization(DAO) UniqueID of Autonomous property. list thin one-person-one-ID a can a creating we with for concept, blockchain identity human using Exten the computation. to and money decentralization of concept the decentralizing lccanbig sadcnrlzdwyfrrecording for way decentralized a us brings Blockchain etaie oesfriett eicto r l rn t prone all are verification identity for models Centralized prob- important an been always has verification Identity Abstract nqeD eetaie Proof-of-Unique-Human Decentralized UniqueID: BtonadEhru r oe ehnssfor mechanisms novel are Ethereum and —Bitcoin eateto optrEngineering Computer of Department oamdJvdHajialikhani Mohammad-Javad hrfUiest fTechnology of University Sharif .I I. [email protected] NTRODUCTION correctness sa is y hecks. cation ntives users ding king of n orm of k ized ver, aim to s tics ties ery eir nd ng ed ry re at i- o l . uhalde.Amntr ytmcnb eue ostatements of to reduced forms be can in system monetary A ledger. a such ul eetaie,adpraeta h aetime. permissionless, our same are the of them at unique of best permanent a and none the provide decentralized, person, fully which To every systems systems. for the account such all of among knowledge, examples are appr different [3–5] with behavior. systems verification bad identity and tralized power of incentivize monopoly preventi a to while of operations mechanism creation distributing the governance token and novel a verifiers uses human a UniqueID and Bitcoins, new system with computatio network Bitco their to to contribute power Similar who data. people incentivizes recording which p for verification blockchain rec- identity and for for cesses, verifiers data human biometric people, on ognizing based those system of person-one-account correctness the about people. other claims by to some information close and very you, is about verification identity this of Nature Blockchain. ici 1 utrcrsteesaeet - statements these records just [1] Bitcoin sanvlie,cnb xctdol nteeitneo a of existence the in only executed [8]. be system can inc identity idea, basic worldwide Universal novel [7]. a votings paper-bas as costly slowly and to bureaucratic too of leads changing because identities are efficient, not democracy are docu- for and identity transact institutions legal any and Old have financial in [6]. not participate not do can people identity-relat and ment, billion are 1 issues Over nation-wide issues. many of Roots world. netvs omaseicsrcuetwr civn goa a achieving toward economic structure by specific encouraged a people, form of incentives, group some where entity .PolmStatement Problem A. aaigals fvldpbi eswtottutn any trusting without keys and public maintaining as valid By system of authority. see this centralized list we see as a can decentralized We managing and section. human, next user, in like words privacy.define users’ violating without human, pub one every exactly to assigning key for system decentralized a Create dniyi loa motn rbe,ntjs ntedigita the in just not problem, important an also is Identity decen- create to order in efforts been have there Recently one- decentralized and online bring to aims UniqueID nti eto,w en u rbe formally. problem our define we section, this In hsdfiiinmycet oedbts is,w must we First, debates. some create may definition This is: problems our of formulation simplest The record eateto optrEngineering Computer of Department hrfUiest fTechnology of University Sharif oamdMhiJahanara Mohammad-Mahdi oi eas dniyi ipysm information some simply is identity because logic [email protected] Xhsccoins” c has “X I P II. ROBLEM system S PECIFICATION ema socio-economic a mean we , and XgvsYccoins” c Y gives “X transactions oaches. nits in - ome, ions nal ro- lic ng ed ed in l. l . B. Terminology money they need, in order to do X in the system?” X can be making one fake identity, making infinite fake identities, 1) Human: When we want to design an identity system for preventing someone from entering the system (censorship) and humans, we must tackle two questions: any other unwanted incident. We analyze our system from this 1. What makes an entity a human? point of view in section 6. 2. What makes this human persistent over time? How can we 3) Incentives: We can see this kind of system as a form of say one person is the same over time? the cooperative game, where people interact with each other The first question is crucial, to determine who can enter the for reaching a shared goal. For this reason, there must be system. Can we name a strong Artificial Intelligence a human? enough incentives for parties to participate. Formally speaking, It seems that all of us have some consensus on a definition of we should determine the amount of effort, energy and other a human. It’s a combination of some specific body properties resources every party has to put, and how many tokens he gets (e.g. shape, face, etc.) and intellectual abilities (e.g. memory, back. Analysing this market can give us the equilibrium and language, etc.). the prediction of what will happen at the end. In the case of The second question is harder, and a famous unsolved problem Bitcoin, e.g., there are always incentives for some group of in philosophy [9]. If we want to map the identity of a person people (miners) for running full nodes and miner equipment to any of his properties, we lose something. for example, if for earning new Bitcoins, so the system will be alive as long we define personal identity over time as a person’s body, it is as these coins are paid to them. known that all body cells are replaced after some time. But 4) Privacy: we just need some properties that are persistent over time for Privacy is the ability of an individual or group most people (without any fundamental philosophical reason). to have control over all the information about themselves We can name three of these properties: and to whom they express. Privacy and data protection are of the most important challenges in every blockchain-based • Biometrics: Some specific human body structures have system because it is known that decentralized systems are proven to be persistent and unique over time. Finger- inherently transparent, and all data can be accessed by any prints, DNA and iris scan are examples of proper bio- node. As shown in recent researches, many cryptocurrencies metrics. are at the risk of linking transactions and other data leaks. This • Memory: The average human brain can memorize some transparency and lack of privacy is a cost of high security data and recognize it over time. Persistence of memory and immutability of them. We need more consideration for is almost true for all people. preserving privacy in a permanent identity system which can • Trust: This is less clear than the previous properties. be used for critical purposes. Cryptographic advancements, Trust is how other people know and recognize one such as functional cryptography, program obfuscation, and person. Basically, it is a combination of some mind-body ring signatures can be used for enhancing privacy in UniqueID. properties. However here, judging over these properties We will discuss privacy concerns and imaginable solutions in is up to others. Trust is how other people see someone depth in next chapter. as persistent and unique over time. Human judgment can make some errors, but it works well in many situations. III. UNIQUEID DESIGN 2) Decentralized: Defining decentralization, especially in a In this section, we come up with a detailed explanation of rigorous form is very hard mostly because it takes different how UniqueID works and solves the decentralized proof-of- forms in different contexts [10]. We focus on decentralization unique-human problem. First, we provide an overall flow of in its political form here: there is no specific entity -state, the system, and then we cover the concepts and components corporation- or person who can affect the system, creating or which our system consists of. removing identities. One side of this decentralization is the inability of an entity in changing ledger information: account A. Overal Flow balances, biometrics etc. Blockchain already makes this part Here we focus on the flow of processing one user’s identity possible. Another side is the inability in adding identities and for understanding how UniqueID works. Users should submit influencing how people trust each other, and here is where our their biometric data to the blockchain and then prove the design should gain such decentralization. validity of the claimed biometric. This proofs are social We always see the first side as “How much money or co- and based on trust; It means you must get some biometric ordination is needed for attacking the system”, e.g. Bitcoin reproducing certificate from some of the previously accepted hashrate gives us a minimum on computational power (that can users, i.e. verifiers. These verifiers ask you to reproduce your be expressed in computational devices that one can buy with claimed biometric in presence of themselves. After collecting money) that an attacker needs for the double-spending attack. enough trust, the user is recognized as a valid and unique Besides, how current hashrate distributed shows us another one. At a technical level, Blockchain brings us the storage aspect of decentralization: minimum number of entities that and computation we need for these tasks. form at least 51 percent of the system. However, we have There are some questions arising here, such as how users harder times dealing with the second side. One can formalize get assigned to verifiers, what are the incentives of verifiers that as “How many people should collude, and how much for checking others’ claims and where is the starting point of the system. We discuss these questions and provide solutions humans to solve them. Consider we construct some hard for them in following subsections. CAPTCHA that takes about 2 minutes for an average person to solve. We then organize a CAPTCHA party: in a specific B. Biometrics time around the world, based on some common randomness Biometric data is how UniqueID identifies and recognize (e.g. blockhash) a predefined smart contract starts assigning “humans”. We need almost permanent, unique and well- CAPTCHAs to participants. People can prove their uniqueness studied biometrics for our system that has an acceptable by submitting an answer to the assigned CAPTCHA before accuracy level, and also storing them on blockchain do not the party ends. create any privacy concerns. Biometric data will be used to D. Verification Mechanism check the uniqueness of individuals and prevent the creation of fake identities and Sybil attacks. A wide range of physical and We assume that there is a number of verifiers, say 100, in behavioral biometric indicators have been developed during the city. Location and city of every verifier recorded in the last decades in the literature of biometrics-based identification, blockchain. Call the user’s public key pk. including iris, face, finger vein, hand geometry, typing, etc after one user enters the system with his biometric, he [11]. Advancements in machine learning and image processing should verify his identity and get certificates from a sufficient offer many well-studied and tested methods of biometrics- number of these verifiers(3 can be enough here). Assigning based identification with equal error rate (EER) of at most verifiers to users would be done via blockchain regarding 0.01, let alone methods with much higher accuracy. Roughly user’s location and some common randomness. The ran- speaking, compounding at least 4 of uncorrelated different domness can be produced by another smart contract, with biometrics as a biometric indicator, our system is ready to methods like [19]. This randomness,Ri combined and hashed serve and identify 100 million people. with user’s public key (SHA256(Ri||pk) can determine the assignment. C. Trustless Setup The user then goes to all of the assigned verifiers in In a system where current users should approve new ones, person and reproduce his biometric in the presence of verifier. one should come up with a mechanism for approving very first Reproducing means sampling user’s biometric with verifier’s users. One method is beginning with a sufficient number of biometric device, and then ensuring equality of this sample trusted persons and introduce their identities (biometrics and with previous biometrics on blockchain with some local com- keys) as verified users. The challenge is how to select these putation on verifier’s device. If the verifier ensures that two persons without any need for a central third party? Below we biometrics are the same, he accepts the user and issues a explain three solutions for this issue. certificate with his signature on the blockchain. This process is Transparent Peer-to-Peer Setup: Transparency can be the for preventing fake biometrics attacks and identity thefts from key to solving the trustless setup problem. Usually, there happening because verifiers can make sure that the biometric is a community of enthusiastic people around these kinds is real and belongs to the person who claims it. of projects. By providing relevant information in a public After user gaining these certificates, the system automati- channel, the community invited for joining a public party in cally accepts him as a valid and unique person. If only one of special place and time. Everyone who aims to join has to send the verifiers does not issue the certificate, the user can ask for her proposal including name, biometrics and some identity a reassignment. This is possible when one of the verifiers is document -just for transparency purposes. In the party, they corrupted or has made some error. There is no incentive for start to verify each other in a peer-to-peer manner. Because a verifier in rejecting a real user, as the user can ask for a the party is public, everyone can join and there would no reassignment afterward. monopoly or closed group of individuals at the beginning. For preventing Sybil attacks, and ensuring that an adversary Also, it’s near impossible to fake an identity because it can be with many attempts can not break verification process and detected and claimed by just one person in the party. There assigned to his favorable verifiers we add a barrier in entering can be a live cast of all of the steps of the party and all of the system. There are just three ways you can ask for the initial the relevant information in a public channel for forwarding assignment: transparency. • Via invitation. Every verified user has two invitations Trusted Famous People: There are some people with a that can give them to other public keys so they can submit public profile who have no incentive for sabotaging the sys- their biometrics and start the verification process. because tem, e.g. university professors, known artists, and athletes or there is a limited number of verified users, there will be popular cafes. This is usually because of their high reputation always a limited number of verifications (and therefore among other individuals. Collecting some of these people performing an effective attack would need large human who want to join in early verifying, and broadcasting all the resources). information and profiles can be a starting point for the system. • Via Stake. The user can put some specified amount of Decentralized CAPTCHA Party: CAPTCHAs [12] are money at stake for starting the verification process. At the mechanisms for recognizing humans from machines. end if he verified by the system, the system automatically CAPTCHAs are AI-hard and it takes reasonable time for will return his stake, otherwise, his stake will be locked forever. The amount of stake should be in a direct relation desirability and profits. In our system verifiers rewarded by with all unverified stakes in the corresponding city, means tokens every time they verify a new, fresh user. Also, new the more unverified users, the more stake a user should users get some tokens for the first time they enter the system. put. Also, some important applications, such as UBI, need some • Via V erifiers. Every verifier has an authority of starting form of currency. the verification process for a specified number -according 2) Utility: The most obvious use of such a token is for to his reputation and trust- of new users. payments and store of value. Incentives bring new users to the Also, the process of assigning the verifiers should be done system, and new users bring more acceptability and a wider respectively, means the user just know who is the next verifier. market, projected in token price, bringing new incentives for If the user completed and verified with the current verifier, further users. This positive network-effect, combined with a then the next one will be assigned by the system. This should mechanism for more incentivizing first movers(but not make restrict the power of an adversary in rejection of an unwanted them giant Whales!) can bring non-zero value for the token. assignment. Also, this system can host many other applications which need a unique and permanent identity, such as digital banking, E. Trust Delegation property and real estate on the blockchain, reputation systems Trust is the fundamental key to bring healthy behavior etc. These systems can provide their services on the UniquID in our system. Every unique person has one “trust” token blockchain, using a native token or at least paying fees for which can delegate it to everyone. With this non-tradable their smart contracts. token, one can delegate his verifying authority to someone 3) Monetary system: Our goal is to achieve an issuance else, because he can not actively verify new users. Thus the scheme which is fair and keeps the value of the token. Our verifier which possess a greater number of trust tokens have proposal is selling fix amount of tokens (say, a∗x) in pre-sale more verifying power, and more the system can trust their (with an Initial Coin Offering or similar methods) and then acceptance/rejection. issuing x tokens for every new user. This tokens distributed The system will then give verification power to those which between verifiers of that user and herself. So after a new users, possess at least x trust tokens, in order to make verification tokens in the hands of users is equal to ICO tokens. This can process more reliable. this parameter must set based on the city provide fairness for the system because initial holders are not population and maturity of the system. Verifiers can collect giants anymore, and after the system became popular(=more trust from users by Transparency. For example, a verifier can users) their influence gets reduced. Also, initial investors have provide access to a live cast of the verification processes incentives for investment because they can buy cheap tokens on a youtube channel, or permits everyone coming to his in early stages. It will be promised to them that their tokens office (doors are open!). By providing more transparency, more have an influence equal to a users, and they can guess what people can trust him. they earn by the estimated value of an identity system with a Also, every user must have incentives for delegating her trust users. This issuance scheme is linear in the number of users, to a trustworthy person. Restricting some important features However, the utility of users(network effect) is quadratic, so of the system (e.g. Universal Basic Income) from those who we can predict a slight rise in price over time. At least, did not delegate their trust is one solution. Also if a corrupted It’s not a super-inflationary system: More user’s, more utility, verifier identified (there will be some mechanisms for identi- more demand and more supply responding to them. Choosing fying corrupted behaviors), all his trust will be suspended for a parameter and schemes for incentivizing early users (e.g. some period of time. changing reward over time) is for further research. The figure for comparing network effect and money supply. F. Native Token We introduced a native token for our platform, However, G. Decentralized Governance For every token system we should answer to at least 3 There is no independent entity for decision-making in questions: decentralized systems, so they face governance problems on 1) What is the necessity of creating a new token, Or why the many levels. Long discussions on DAO fork and Bitcoin Seg- system needs it? wit2x proposal are clear examples of this issue. In UniqueID, 2) What is the utility of this token for users, Or why it has There is a new concept that should be governed as well, human non-zero value? work. There should be some mechanism for detecting and 3) What is the monetary system, Or how tokens issued and punishing corrupted verifiers. distributed? UniqueID is inherently one-person-one-vote, and this gives us new opportunities for shaping our governance model. We 1) Nessecity: First, we need a token for creating incentive introduce some hierarchical representative democratic system, mechanisms. every decentralized platform needs sophisticated based on three layers of representatives. and well-studied incentives, for encouraging healthy behavior First, small communities of 50 − 100 persons choose one and punishing bad actors. One of the powerful tools to person from themselves. They put their trust and vote on him, design mechanism is money because it is related to person’s and can also track his activity and ask him about that. Because they are a small group of people, it is expected that they know to upload same biometric data to the network again otherwise each other well and can make necessary communications be- her identity get temporary invalid. tween themselves and choose a qualified representative. these One of the core functionalities of UniqueID is to compare are layer-1 representatives, and they should know each other different biometric data in order to verify the uniqueness of and follow system changes and discussions, and also choose identities and verify consistency of reproduced biometric data layer-2 persons. Every 30−40 of these layer-1 representatives by new identity claimers. While it’s possible to give this should gather and choose one representative. And the same for responsibility to human verifiers, in order to minimize hu- layer-3: every 20 − 30 layer-2 people can choose one layer-3 man mistakes while maximizing automation and transparency, representative from them. UniqueID uses Truebit [13] protocol to get this task done. This system should decide for critical decisions such as choosing parameters and consensus rules. Majority consensus I. Improvements over verification seems a very good method for making decisions in a system The verification system we purpose face some challenges. with verified identities but also can cause some problems. Not Bribing or coordinating some verifiers for creating fake identi- every decision can be made by a majority (51 percent) of votes. ties is the most important one. Fake-ID prevention is the only Changing some critical parameter of a system (number of thing we design our system for solving that. verifiers needed for verifying one person) is a clear example of We can see two directions for solving this attacks. First, Set this. So we need to group decisions based on their importance some sophisticated and hard rules for entering people that and put some thresholds on the percentage of votes needed guarantee hardness of attacks. Second, design some mecha- for making decisions in every group (super-majority rules). nisms for detecting and removing fake identities and punishing Because of low participation, lack of incentive for voting bad verifiers. In this section, we explain a mechanism of the and lack of knowledge for making correct decisions we second kind. should give some authority to representatives. But for lowering We first design a very secure registration way that there is zero- corruption and collusion, in addition to transparency, every probability in entering with a fake identity, calling it A-judge. decision needs greater consensus among higher layers. for This can be a very hard process, including being verified by all example, if we need 51 percent of all user votes for some verifiers in a specific city. There can be gathering of verifiers parameter change, we need 68, 85, 95 percent of votes for every 6 months in a public place, and handling all A-judges layer 1,2,3, respectively. there. In this process, people can track their trustee activities and Using A-judges, we can design a system for lowering votes, and ask for explanation and reasons. Everyone can amount of coordination between verifiers for creating fake change his trustee every time, and delegate his trust to another identities. We give every verifier and every layer-3 represen- one. However, representatives should not lose their position tative limited number of Identity re-checks per month. They with leaving one of their trusts, so there can be a threshold(e.g. can use these re-checks for calling specific identities (here, 20 percent) that when they leave, the person becomes invalid. biometrics) forgoing through A-judge. These called identities H. Implementation should pass A-judge in a specified time, Otherwise, they lose their identity. Also, they have great incentive for going through Formally, UniqueID is a decentralized autonomous this judge, because they rewarded by tokens. This way we can organization (DAO) which its operation is based on a find fake-identities and punish bad verifiers. decentralized IT infrastructure. In this section, we focus on Every verifier stakes X tokens and locks them. If the system the IT infrastructure part. While there are various possible determines some verifiers as a bad verifier, his stake goes for scenarios of implementation for UniqueID, ranging from anyone who called A-judge for his fake identity. So verifiers building on top of existing blockchain-based platforms to the have the incentive for calling A-judges over fake identities if creation of a standalone blockchain, we describe a modest they know any. This makes coordination very hard: even if you implementation scenario using existing technologies. bribe heavily some verifiers, After that, they can call A-judge over that identity. There should be also some random checks UniqueID uses a set of smart contracts on Ethereum for preventing other forms of bad behavior. blockchain as a compuational back-end and immutable storage, all the functionalities of system and interactions of users J. Privacy (e.g. claiming a new identity, verification process, delegation of trust, etc.) are implemented in solidity and get done on- We can see different aspects of data privacy concerns in chain. Moreover while UniqueID stores critical information UniqueID. Below we discuss each of them and their solutions like the state of users in the verification process and the hash in more detail. of biometrics data (as a unique identifier) on the blockchain, Biometric Data: In UniqueID we need user’s biometric data in order to reduce the prohibitively large cost of on-chain for the human identification process. Leaking biometrics can storage, biometrics data will be stored on Swarm. Each identity lead to the harmful use of them, such as proving procedure holder is responsible to make sure her biometric data is always in courts or searching for a possessor of a special account available on Swarm, it means that in case of data loss she has by authorities. What we need is a way for preserving the functionality of the system, without exposing biometrics to a system relying heavily on peer-to-peer verifications in the anyone. same place. More formally, the process of biometrics can be described The first problem is how new cities and places will join in terms of user Ui puts his biometrics Bi in a ledger L. This the system? So far we design our system and “first verifiers” ledger then compute the function AI(Ui,Uj) for every j ≤ i, based on assumption that they are all in the same place, That’s ensuring Ui is a fresh and new biometric. The output of the not true in real world. Imagine a scenario where we start the AI(x, y) can be binary, or a number in [0,1] demonstrating system from Tokyo, and after a while, people in Vienna want the similarity between x and y. We want to preserve the to join the system. Should they go to Tokyo and Verify their functionality of AI function, But keeping Ui secret. identity? Finding an efficient and decentralized solution for this is Some possible solutions we talk about them here, but an interesting challenge. We present a solution here which solving this problem needs more thinking. First, we can have needs trusted setup. Consider there are public and private keys another trustless setup in the new city. But for keeping the pk,sk, where pk is known to the public but nobody knows sk. integrity of the system, other existing verifiers around the Also define P rivAI(X, Y ) as a code that first decrypting X world should take place in this setup. The system should and Y with sk, and then computes AI on them. ObfPrivAI choose these people and provide their expenses in a secure is obfuscated version of program P rivAI (Indistinguishable and decentralized way (Making a data feed for the list of Obfuscation). valid cities, and some kind of voting or random assigning In a trusted setup, we can compute sk,pk,PrivAI and between volunteer verifiers). So based on these new verifiers, ObfPrivAI in one session, and then removing sk and users in this city can start their verification processes. Another P rivAI. Then we put ObfPrivAI on the ledger instead of solution is to make as many as verifiers in the first setup, AI. Every user sends an encrypted version of his biometric, Bringing people from different locations around the world in Encpk(Ui), to the ledger. Now we can compare biometrics one borderless place (an airport, e.g.) and then start the system and gain predefined functionalities, without exposing user’s with these verifiers. biometrics. Designing some Multiparty setting for trusted Second is how residences in small cities and villages can setup, Proving the correctness of trusted setup procedure join the system? Areas with population less than 10000 and thinking about more efficient protocols can be further may don’t have any verifiers at all. One possible solution is challenges. assigning them to nearest cities, But it makes an entry barrier Secure Logins: One can use UniqueID blockchain for de- for them. Another solution is sending some verifiers from near signing some decentralized application, especially as the one- cities for verification, But it can bring some attack vectors and person-one-account property is attracting for some purposes, unpredictable behavior. such as social media or banking. It is plausible that these Other methods: It seems that using other methods of systems should hold user’s data private, and the identity of verification, we can solve the identity problem without facing users should not be revealed. More formally, there should geographical dispersion. We think that this challenge is funda- be no relation between user’s public key (or biometrics) and mental, i.e. near every system for securely verifying identities his social media account. This can be solved by introducing has this problem. anonymous tokens, means having a special token (one token per person, specified in application’s smart contract) for First, verifying human identity always require some human logging in. Adding the ability to send tokens anonymously work. Until now, It’s impossible for an AI for answering between accounts, the user can send his app-token to anony- the question of “sameness” of two human objects over time. mous account and start with a fresh identity. This ability can Nature of identity, Combination of physical and mental at- be achieved by ring signatures [14] or zero-knowledge proofs tributes, is the root of this hardness. So people should identify [15], working examples are Monero, Zcash or Raiden network. people. Now, we have choices of making this verification in There should be also a way for everyone for burning his same physical place, or from long distance. We argue that previous identity (by revealing the relationship between his long-distance methods are prone to errors and attacks: Every main and application account) and start with a fresh identity long distance method consists of sending some documents and in the application. This process is crucial for preventing the information and making some interaction (video chat, voice creation of the token market. chat etc.) between verifier and user. Both have limitations: every document (video proof of your biometric, voice captcha IV. CHALLANGES etc.) can get hacked with AI methods. Even further, AI enables us to fake a face in real-time video chat. A. Geographical Dispersion Geographical dispersion of people around the world makes Until now we assume that there is one city, where all some fundamental challenge for identity systems. Even in a verifiers and users are close to each other and interaction simple(and bad!) system which you should get some certifi- between them is easy. In the real world, however, we have cates from your friends (and you get verified after that) we thousands of cities in different countries, villages, no-residence face this problem because people you know are mostly near areas etc. This variety makes some serious challenges for you. B. Hard Forks you put your vote on someone who you know him, preventing C. Massive Computation and Storage some “celebrity” or “briber” from collecting votes. Also, nature of verification process is not something like mining and The current design of UniqueID requires permanent storage does not need complex knowledge or expensive devices, and of all claimed biometrics and also a computational infrastruc- everyone can get into it (It just need your “time”, biometric ture for automatic uniqueness check of new claims comparing device and small place). to previously verified ones. While It is theoretically possible to do all the storage and computation on the blockchain, say F. Fairness Ethereum [2], but practically, in that case, the cost of operation G. Lack of Incentive will become prohibitively large. In the early stages of development, UniqueID will utilize V. ANALYSIS IPFS or other production-ready decentralized storage solutions VI. APPLICATIONS to store biometric claims. TrueBit protocol offers a general A. Novel mining system purpose solution to make computation off-chain at the cost of negligible less decentralization. Satoshi designed a mining system which he called it one- While TrueBit protocol can practically mitigate the problem CPU-one-vote. The idea behind this is to make it near one- of prohibitive computation costs, it is important to note that person-one-vote because almost everyone has one CPU, and the special task of checking uniqueness of new biometric the system remains decentralized because CPU power is claims is capable of being done in parallel. One can think distributed around the world. Recently introduced Proof-of- of a smart-contract that offer a reward for the one who finds Stake systems have a notion of reducing the energy needed the closest previously verified unique biometric to the new by the proof-of-work system. Both PoS and PoW systems are claim, the results can be verified using a TrueBit like protocol. vulnerable to centralization and other attacks. In UniqueID, This design prevents waste of computational resources to a however, we have new design space for consensus algorithms. significant level. These algorithms are based on the one-person-one-account To get most out of UniqueID network, it is reasonable to property of the system. Having a reliable account on who can develop an independent blockchain and storage layer. It will enter the system, one can design fair and robust algorithms. enable the potential for Proof-of-unique-Human mining sys- Even some naive ideas like Delegated Proof-Of-Stake can tem which is explained in “Novel Mining System” section. change their voting system and become based on real humans, instead of stakeholders. Reputation mining can be designed D. Identity Theft or Death where everyone has a permanent account. Nothing-at-stake Identity needs to be secure against theft or getting lost, on problems can also be mitigated by assigning reputations, the other hand, to enable some features like UBI, it is required such that working on other forks make your reputation near to eliminate dead identities. zero. We think that designing efficient, fair and decentralized As we suggested in “Problem Specification” section, there is consensus protocols based on a one-human-one-vote basis is a close relationship between the definition of human in our an interesting and independent challenge. design and trust, based on that point of view we propose a B. Accountable Voting and Survey solution for identity theft problem. Each user has to declarea group of at-least 5 trusted ones (friends, family or lawyer) as Voting is a critical part of all democratic systems, also her trust circle, which have the authority to agree on identity surveys play an important role in media and decision making theft or loss and owner of that account can reclaim his identity processes, but there’s no solution for running a public and with new private-key by participating in the validation process. accountable online voting without trusting any third-party to Based on how much the system can tolerate the dead identities, protect it against Sybil attacks or fake identities. one can think of an extending process for identity holders, sim- Recent advancements in cryptography and blockchains tech- ilar to new identity registration process with less redundancy. nology offer many powerful solutions for end-to-end secure voting and auditable decentralized voting systems. UniqueID E. Centralization of Validation Mechanism as a decentralized identity solution will make it possible There is always a fear about centralization of processes in to use all those advancements for social benefits without decentralized systems, like what happens in Bitcoin mining. compromising people privacy. The root of this centralization is the economics of scale: the bigger you are, the less you can pay for constant costs and C. Universal Basic Income more you can invest in lowering other costs. This can happen Universal basic income (UBI) is a kind of welfare system for the verification process, and a few verifiers take control that is based on giving everyone a guaranteed basic income, over all process. First, because verifiers in disjoint cities cannot totally independent of any other income. The idea of national be merged and there is no direct competition between them, basic income dates back to 18th century but various technical there is always some geographical decentralization of verifiers. and political issues such as lack of trusted computational For one city, the hierarchical voting system can prevent such infrastructure or a form of trusted universal identity prevented centralization, because it collects meaningful votes, means that implementation of a UBI system. Though UBI idea originally was presented as a way to save the society from poverty that is decentralized from its origin, including Democracy and injustice, many AI experts claim that given the fast and Earth and Bitnation, Proof-of-Personhood. tremendous success of AI technology the world is heading Our work can be categorized in the later one, decentral- toward a mass unemployment and a UBI system is inevitable ized identity issuance systems. We want to emphasize that and certainly required. despite previously known solutions, UniqueID can bring de- UniqueID provides a trustable universal identity and build- centralized, permanent, unique identity into reality by utilizing ing a UBI system on top of it is just as easy as writing a simple biometric authentication and social smart contracts. smart-contract on Ethereum network or any other blockchain In the following section, we briefly review some of the men- with access to UniqueID’s validated identities. tioned schemes and compare them to UniqueID in measures of political and operational decentralization, Sybil attack resis- D. Reputation Systems tance permanence of issued identities, and proper governance Reputation systems are tools to build trust in online commu- and incentive mechanisms. nities. Many motivations including the emergence of sharing economy and online marketplaces encourage using a reputation system. Theoretical studies in game theory and practical A. uPort experiments agree that a valid and reliable reputation system uPort is a decentralized infrastructure for claiming identities must have a long life length and be protected against Sybil and receiving verification from other parties in the network. attacks. One can use uPort to host and digitize her identity documents Creating reputation systems on top of a decentralized identity such as national ID card or driving license and get verified by system such as UniqueID will make Sybil attacks impossible officials or other people for being the owner of the claimed or very expensive and on the other hand, can guarantee a long identity. lifetime. First of all, uPort is not designed for a decentralized E. General Framework for Organization originated identity which is well defined. Due to lack of a general identifier in the uPort network, uPort do not provide In an abstract and conceptual level, Bitcoin’s idea is to de- a direct solution to anti-Sybil attack and enabling a universal centralize a specific computational process using redundancy basic income system. Though uPort provides the possibility to of computation, Ethereum extended this idea and made it define decentralized originated identities, there is no intrinsic possible to decentralize any computational process. incentive or mechanism to do it. UniqueID’s idea is to decentralize operation of a specific organization which is responsible for providing universal unique identity, and we claim that by extending same governance B. Sovrin scheme and redundancy of operation, one can think of a general framework to decentralize operation of organizations. Sovrin is a protocol and decentralized app based on its own blockchain, aiming to create a sovereign identity and F. Rethinking Governance decentralized trust, it is focused on delivering a kind of identity which is secure, private, and partially provable. In the current Recently there were a number of discussions about various design of Sovrin system, a trusted set of operations maintain models of blockchain governance. These discussions mainly issuing new identities in a semi-decentralized manner. By focus on pros and cons of on-chain votings with the proof-of- utilizing its own token, issuers are economically incentivized stake mechanism. It seems that these votings can have harmful to participate in the system, though theres no governance outcomes, mainly due to the large asymmetry in the number mechanism to prevent issuing fake identities and Sybil attacks. of coins each member of the crypto community holds. A one- While Sovrin claims that it will become fully decentralized in person-one-vote system can enable us new ways of thinking future but currently theres no clear scheme for decentralizing about governance problems in blockchain space. As an exam- issuing new identities in Sovrin network. ple, Futarchy, as proposed and combined with blockchain in [17], needs such a one-person-one-account system. C. Democracy Earth G. Social Media H. Fake News Democracy Earth is going to be a decentralized app mainly concerned with providing a infrastructure for liquid democracy VII. REVIEWS and voting. Naturally, it does need a unique identity scheme We categorize previously existing ideas in this area in two to prevent Sybil attacks. Although currently it is proposed that different categories, first decentralized identity management each new user upload a video from herself in a concrete format solutions which aim to provide a decentralized infrastructure to prove her uniqueness but theres no clear scheme with an to host centralized issued identities, including DID, Sovrin, acceptable error that compares videos and verifier uniqueness and uPort. The second one is decentralized identity issuance of new users. It is also suggested that Democracy Earth utilize solutions which aim to create or define a new kind of identity other platforms to identify its users. D. everid APPENDIX A E. DID PRELIMINARIES F. ID2020 A. Bitcoin REFERENCES B. Smart Contracts [1] S. Nakamato. Bitcoin: A Peer-to-Peer Electronic Cash C. Decentralized Systems System. 2008. D. Cryptography [2] V. Buterin. A next-generation smart contract and decentralized application platform. 2014. [3] M. Borge, E. Kokoris-Kogias, P. Jovanovic, L. Gasser, N. Gailly, B. Ford. Proof-of-Personhood: Redemocratiz- ing Permissionless Cryptocurrencies. IEEE European Symposium on Security and Privacy Workshops 2017. [4] uPort https://www.uport.me 2018. [5] The Sovrin Foundation. Sovrin: A Protocol and Token for SelfSovereign Identity and Decentralized Trust. 2018. [6] The World Bank official blog. https://blogs.worldbank.org/voices/global-identification- challenge-who-are-1-billion-people-without-proof- identity. 04/25/2018. [7] Democracy Earth. The Social Smart Contract. 2017. [8] B. Ackerman, A. Alstott, P. Van Parij. Redesigning Distri- bution: basic income and stakeholder grants as alternative cornerstones for a more egalitarian capitalism. 2003. [9]Eric T. Olson. Personal Identity. https://plato.stanford.edu/entries/identity-personal/ Stanford Encyclopedia of Philosophy 2015. [10] V. Buterin. The Meaning of Decentralization. https://medium.com/@VitalikButerin/the-meaning-of-decentralization-a0c92b76a274 2017. [11] A. K. Jain, A. Ross, S. Prabhakar. An Introduction to Biometric Recognition. IEEE Transactions on Circuits and Systems for Video Technology 2004. [12] L. von Ahn, M. Blum, Nicholas J. Hopper, J. Langford. CAPTCHA: Using Hard AI Problems For Security. Ad- vances in Cryptology EUROCRYPT 2003. [13] J. Teutsch, C. Reitwiener. A scalable verification solution for blockchains. https://people.cs.uchicago.edu/∼teutsch/papers/truebit.pdf 2017. [14] R. L. Rivest, A. Shamir, Y. Tauman. How to Leak a Secret. International Conference on the Theory and Application of Cryptology and Information Security 2001. [15] S. Goldwasser, S. Micali, C. Rackoff. The knowledge complexity of interactive proof-systems. Symposium on Theory of Computing 1985. [16] J. Douceur. The Sybil Attack. International Workshop on Peer-to-Peer Systems 2002. [17] R. Merkle. DAOs, Democracy and Governance. Cry- onics Magazine 2016. [18] K. Aberer and Z. Despotovic. On Reputation in Game Theory Application on Online Settings. 2005. [19] E. Syta, P. Jovanovic, E. Kogias, N. Gailly, L. Gasser, I. Khoffi, M. Fischer, B. Ford. Scalable Bias-Resistant Distributed Randomness. IEEE Symposium on Security and Privacy 2017.