A sybil attack refers to the efforts of one individual to abuse a network by assuming multiple accounts or identities. In cryptocurrency, this is as easy as creating multiple wallets, funding multiple accounts, or running multiple nodes.
Currently, there’s only two proven defenses against sybil attacks in crypto, and neither are unilaterally effective or accommodating to the majority of users.
The first defense is to eliminate any gains by multi-account acting. This is the basis of Proof-of-Work and Proof-of-Stake consensus mechanisms. An individual’s weight in contributing to network consensus is their hashrate (in PoW) or financial stake (in PoS). This is far from a perfect solution, since it encourages big players to contribute more and ultimately prices out smaller players altogether.
In some token projects and communities, these “whale game” problems are even more drastic. Yield farming, governance voting, liquidity providing, and other “weight based” rewards/privilege frameworks totally alienate small holders who may otherwise represent active, faithful, and passionate participants. Transaction costs, which are constant at all levels of capital, further exacerbate this issue.
Some developers have tried to mitigate “whale game” tendencies by capping weight or skewing rewards in favor of smaller users. In these cases, the whale simply makes multiple accounts at the optimal weight. This dance has been played out across countless mechanisms over the past decade.
The other solution is KYC. Projects who take advantage of KYC require users to verify their identity by taking selfies, uploading government ids, and so on. This is a common practice in token sales, for example. Of course, KYC is restrictive, intrusive, and dangerous. Binance and Ledger have both put their users in jeopardy when identifying information and documents stored on their databases were leaked.
Other projects like Raiblocks (now NANO) and Idena have opted to navigate no-KYC sybil resistance by “testing” users with sophisticated captchas accompanied by time and accuracy restrictions. However, the range of human capability means that, while low performance or inexperienced users are struggling to pass their test, veteran users can pass tests on multiple accounts in tandem. It’s a better solution, but it’s far from fool proof, and requires a lot of redundant work for the end user.
In truth, nobody in blockchain has a good solution. Any frequent flyer in crypto can likely recall some platform or contract that was at least one of the three above:
That is, until now.
Governor x Finnovant: Biometrics Meets Blockchain
Finnovant is a disruptive tech firm that leverages biometrics to authenticate and verify users for a multitude of use cases. In example, top banks utilize Finnovant’s technology to enable step-up authentication for the end user, providing bulletproof security when clients are looking to initiate large monetary transfers.
Finnovant recognizes an inherent synergy between their biometric offerings and the world of blockchain, and has partnered up with Governor DAO to bring this pairing to production.
Governor DAO is a grassroots community seeking to pioneer as the “DAO of DAOs” by leveraging community engagement and expertise among the team to provide a suite of tools and services to help clients and other projects to build out DAO mechanics in their own communities.
The two teams have worked together to create a first-of-its-kind, all encompassing sybil defense in the form of a Proof-of-Existence whitelist of provably unique Ethereum addresses.
In layman’s terms, we’ve created a tokenized system that any Ethereum wallet holder can sign into to prove their wallet is controlled by a unique individual. From there, developers can limit access to their smart contracts to just whitelisted addresses with one additional line of code.Signing up is a one time process that takes less than a minute.
This whitelist is congenial with any smart contract with just one additional line of code. Whereas existing solutions are intrusive and cumbersome, Governor DAO and Finnovant created Proof-of-Existence for unique identities with ease-of-use in mind for users and developers alike.
Using Finnovant’s first-of-its-kind authentication technology, Say-Tech, users sign in with their Ethereum wallet to the web portal on Governor DAO’s website. The user engages with the tech, which utilizes camera and microphone, to scan the user’s face as they read a sentence. That’s all.
Note that privacy and security are paramount to both teams. No human can ever access the camera and microphone output provided by the user. The information is checked against 400+ indicators and immediately encrypted into a unique hash. There is no possibility for human eyes to see sensitive information and it can not be replicated. The hashes work similarly to public-private key pairings: even if you see the hash (public key) you can’t decode the raw information (private key).
The technology is effective in all situations. Even if a user accesses the portal from a different location, device, under different lighting, or otherwise, the tech can determine the user as unique or not.
Those who qualify as “unique” are then delivered a non-transferrable ERC20 “Proof-of-Existence” token. This token is attached to that wallet forever. Developers who want to reference this whitelist simply add a requirement that checks for ownership of this Proof-of-Existence token by the wallet interacting with the contract.
By creating a simple, universal, completely portable solution through this Proof-of-Existence whitelist, our intentions are to build out a first-of-its-kind universal sybil defense that can massively reshape standard practices when interacting with one another in a permissionless environment.
Airdrops, governance voting, yield farming, token sales, NFT drops… the list goes on. Each of these stand to gain through an easy mechanism to enforce that users can only participate once. And in doing so, we lay the foundation to situate Governor DAO as the DAO of DAOs.
2022 @Governor DAO