Menu
ByteByteGo·July 4, 2026

Designing a Proof-of-Human System for Internet-Scale Uniqueness Verification

This article explores the architectural challenges and solutions for building a 'Proof of Human' system, which verifies a user as a real and unique person across the internet without requiring identification. It contrasts traditional authentication with uniqueness verification and delves into the five pillars: achieving uniqueness at scale, ensuring anonymity with secure multi-party computation, enabling recovery of credentials, secure verification for relying parties, and delegation to AI agents.

Read original on ByteByteGo

The Challenge of Proof of Human

Traditional authentication systems verify a user against a stored credential in a one-to-one comparison. However, modern problems, such as preventing bot-driven inventory depletion for limited-edition products, require a different type of verification: ensuring a user is a unique human among a vast population (one-to-many comparison) without necessarily identifying them. This presents significant architectural hurdles, especially at internet scale where error rates for biometric matching become critical.

Pillar 1: Achieving Uniqueness at Internet Scale

The core difficulty lies in performing one-to-many comparisons against potentially billions of candidates. A small per-comparison error rate (e.g., 1 in a million) is insufficient, as it leads to many false positives when scaled up. A system aiming for billion-person uniqueness requires a per-comparison error rate in the order of one in a hundred billion or better, ruling out most common biometrics. The iris pattern is identified as a suitable biometric due to its high entropy.

Pillar 2: Anonymity through Secure Multi-Party Computation (SMPC)

To verify uniqueness without identifying the user, the system employs a specialized hardware device (e.g., the Orb) for robust biometric capture (iris scanning), which verifies liveness and deletes original images. The derived biometric data is then split into statistically random pieces and distributed among multiple independent organizations in different legal jurisdictions. These parties use Anonymized Multi-Party Computation (AMPC) to jointly determine if a biometric reading matches any previously enrolled reading, without any single party ever reconstructing or seeing the full biometric data.

ℹ️

Secure Multi-Party Computation (SMPC)

SMPC allows multiple parties to jointly compute a function over their inputs while keeping those inputs private. In this context, it enables uniqueness checks without revealing individual biometric data to any single entity, addressing privacy concerns for a global proof-of-human system.

Pillar 3: Resilient Credential Recovery

A crucial system design aspect is how users recover access to their 'verified unique human' status if they lose their devices or credentials. Instead of a single secret, the system treats the verified human as an abstract account in a public, on-chain registry (WorldIDRegistry). This registry stores public keys of authorized 'Authenticators' (e.g., phone apps, hardware tokens) and designated 'Recovery Agents'. If all Authenticators are lost, Recovery Agents (like the Orb network) can re-authenticate the human via a fresh biometric check and update the registry with new keys. This separates the credential from the physical device, enhancing durability, but introduces governance challenges around trusting Recovery Agents.

  • Public Registry (WorldIDRegistry): Stores public keys of Authenticators and Recovery Agents, not biometric data.
  • Authenticators: Software/hardware holding private keys for verification requests.
  • Recovery Agents: Trusted parties (e.g., Orb network) that can re-authenticate users and update registry keys.
biometricsanonymityprivacydecentralized identitysecure multi-party computationidentity verificationscalabilityzero-knowledge proof

Comments

Loading comments...