Skip to content
— CH. 1 · THE SYBIL ATTACK PROBLEM —

Proof of personhood

~4 min read · Ch. 1 of 7
7 sections
  • In 2014, a distributed system researcher named Borge published a paper describing how fake identities could overwhelm online networks. This phenomenon became known as the Sybil attack after its creator, John R. Douceur, who first defined it in 2002. A single attacker can create thousands of virtual accounts to manipulate voting or resource distribution within decentralized platforms. These systems often rely on democratic principles where each participant holds equal weight, making them vulnerable when one person controls many votes. CAPTCHA tests were introduced to stop automated bots from creating multiple accounts at once. Even when these puzzles work, they allow one human to solve several challenges and claim multiple shares of resources. People with visual impairments or learning disabilities struggle to complete these visual puzzles. Recent artificial intelligence models have begun solving CAPTCHAs faster than humans can.

  • Ethereum co-founder Vitalik Buterin wrote about this problem in 2014 while discussing cryptocurrency governance structures. He proposed creating a unique identity system that would grant every human user exactly one anti-Sybil participation token. The goal was to ensure no individual could dominate decision-making through multiple accounts. In 2017, researchers began using the term proof of personhood to describe approaches based on pseudonym parties. These gatherings allowed participants to verify physical presence without revealing their real names. The concept aimed to balance anonymity with accountability in digital communities. Buterin's proposal highlighted how traditional methods failed to prevent one person from holding infinite identities online.

  • The encointer project organizes small groups to meet at randomly chosen locations simultaneously. Participants verify each other's physical presence by checking IDs and confirming attendance within specific time windows. This method relies on the fact that humans cannot be in two places at once. Organizers schedule events across different cities to create federated networks of verified individuals. One drawback is the inconvenience for people who cannot travel to designated spots during required hours. Conflicting work schedules or family responsibilities often exclude potential members from participating. Another challenge involves ensuring all groups operate honestly without inflating credential counts beyond actual attendees. Some users find these requirements too burdensome compared to simpler digital verification tools.

  • UniqueID incorporates biometric data into social network graphs to establish trust between users. This approach builds upon the PGP Web of Trust model where individuals vouch for one another's identities. Critics argue there is no straightforward way to confirm a connection has not created additional fake accounts linked to disjoint sets of contacts. Graph-based detection algorithms struggle to distinguish small-scale attacks from legitimate user connectivity patterns. Real-world social networks do not always satisfy assumptions made by Sybil detection models. Facial recognition systems fail globally due to insufficient facial entropy when applied across diverse populations. Apple implemented TrueDepth cameras in iPhones to protect privacy by keeping facial data off external servers. Despite this, cases exist where family members were mistakenly recognized as siblings during authentication attempts.

  • Requiring government-verified identities creates barriers for those unable to afford necessary documentation. Users may face exclusion if they lack proper identification documents or refuse participation due to surveillance concerns. Biometric databases introduce risks of unauthorized access and potential misuse of personal information. The level of trust required in third-party verification services increases vulnerability to breaches. Some critics highlight that facial recognition fails on a global scale because faces contain insufficient unique features. Errors in testing can wrongly exclude eligible participants from accessing decentralized platforms. These challenges raise questions about whether security measures justify the loss of anonymity and accessibility for marginalized groups.

  • Humanode uses zero-knowledge proofs combined with homomorphic encryption to verify liveness without exposing raw biometric data. This technique ensures original biometric information never leaves the user's device during transmission. Instead, the network receives only relevant details confirming whether someone is a real human being through liveness detection. Confidential computing models encrypt data so it remains protected even while being processed. Traditional cryptographic methods alone cannot resolve all security concerns regarding biometric uniqueness. Researchers argue that combining multiple advanced techniques provides stronger guarantees against spoofing attacks. The approach aims to balance privacy protection with effective identity verification across distributed systems.

  • Proof of personhood helps ensure voting power stays widely distributed within permissionless consensus algorithms. Without such mechanisms, mining pools or stake holders could re-centralize control over decision-making processes. Decentralized online systems use one-person-one-vote rules to maintain fairness among participants. Blockchain networks apply these principles to prevent domination by wealthy individuals or large corporations. Democratic governance becomes possible when each human contributes equally regardless of financial resources. Practical applications include token distribution schemes designed to reward active community members fairly. These tools aim to preserve the core values of decentralization while preventing exploitation through fake identities.

Continue Browsing

Common questions

What is the Sybil attack and who created it?

The Sybil attack is a phenomenon where fake identities overwhelm online networks, first defined by John R. Douceur in 2002.

When did Vitalik Buterin propose proof of personhood to counter Sybil attacks?

Ethereum co-founder Vitalik Buterin wrote about this problem in 2014 while discussing cryptocurrency governance structures.

How does the encointer project verify physical presence without revealing real names?

The encointer project organizes small groups to meet at randomly chosen locations simultaneously so participants can verify each other's physical presence by checking IDs within specific time windows.

Why do facial recognition systems fail globally according to the script text?

Facial recognition systems fail globally because faces contain insufficient unique features when applied across diverse populations.

How does Humanode protect biometric data during transmission?

Humanode uses zero-knowledge proofs combined with homomorphic encryption to ensure original biometric information never leaves the user's device during transmission.

All sources

25 references cited across the entry

  1. 1bookPeer-to-Peer SystemsJohn R Douceur — 2002
  2. 4conferenceAn Offline Foundation for Online Accountable PseudonymsBryan Ford et al. — 1 April 2008
  3. 5webProblemsVitalik Buterin — 25 Aug 2014
  4. 6conferenceProof-of-Personhood: Redemocratizing Permissionless CryptocurrenciesMaria Borge — 29 April 2017
  5. 7arxivWho Watches the Watchmen? A Review of Subjective Approaches for Sybil-resistance in Proof of Personhood ProtocolsDivya Siddarth — 13 Oct 2020
  6. 10arxivUniqueID: Decentralized Proof-of-Unique-HumanMohammad-Javad Hajialikhani — 20 June 2018
  7. 11journalAn analysis of social network-based Sybil defensesBimal Viswanath et al. — August 2010
  8. 15journalA Failure to "Do No Harm" -- India's Aadhaar biometric ID program and its inability to protect privacy in relation to measures in Europe and the U.S.Pam Dixon — 14 June 2017
  9. 16arxivBioZero: An Efficient and Privacy-Preserving Decentralized Biometric Authentication Protocol on Open BlockchainJunhao Lai et al. — 26 September 2024
  10. 17journalA Review of Homomorphic Encryption for Privacy-Preserving BiometricsWencheng Yang et al. — 2023
  11. 18conferenceHumanode: The First Crypto-Biometric NetworkDato Kavazi et al. — ACM — 2024
  12. 20arxivUniqueID: Decentralized Proof-of-Unique-HumanMohammad-Javad Hajialikhani et al. — 20 June 2018
  13. 22journalSurvey on Biometric Authentication for Decentralized Identity Management: Trends, Challenges, and Future DirectionsImen Rjab et al. — 2026
  14. 24webThe State of Cryptocurrency MiningDavid Vorick — 13 May 2018
  15. 25conferenceCompounding of Wealth in Proof-of-Stake CryptocurrenciesGiulia Fanti — 18 February 2019
  16. 26bookDigital Technology and Democratic TheoryBryan Ford — University of Chicago Press — December 2020