Download App
iOS & Android


Repost from Worldcoin: “ADVANCING DECENTRALIZATION” The full report and all related findings are available on the official website of Worldcoin.

The goal of the Worldcoin project is to ingrain humanness and financial equitability in the global digital infrastructure. Grand challenges in the next decade are global income inequality, governance of existential risks and distinguishing humans from artificial intelligence. Humanity needs a protocol to solve these challenges. Worldcoin aims to be this protocol.

To succeed, Worldcoin must grow beyond its current community, to be built, owned and governed by all the people. You can join the community and help make the protocol robust by:

- taking part in Community Grants Program- reading the Worldcoin Whitepaper- reviewing the Worldcoin Tech Tree

To become part of the global digital infrastructure, Worldcoin must be as robust, widespread and neutral as the internet itself. Any lesser standard is insufficient to effectively address the grand challenges. This has been a priority from day one, and much has already been achieved. To understand the challenges and opportunities associated with advancing Worldcoin, the goal itself needs to be defined more concretely.

Distributed Robustness

In the broadest sense, becoming part of the global infrastructure means becoming a collective system like TCP/IP, WiFi, or the English language. These all have a quality of distributed robustness: they are networked over multiple participants and can recover from failures localized to certain groups of participants. Participant failures can range from losing internet connection to organized collective malicious behavior. A robust system, when adopted widely, becomes global infrastructure, so it suffices to focus on robustness.

A litmus test for distributed robustness is forkability. Forking is the process of creating an independent copy of the system that can diverge from the original. If a system can be easily forked by a subset of users then it can in principle recover from any failure by forking in a direction that has the failure corrected. But if this is not done unanimously, it splits the system in two, with two separate communities. Such fragmentation is often undesirable to the community and thus the existence of competing forks is considered a failure of the original community. In practice this means that the threat of a fork acts to keep the community in check. To make forking easy, the system should be easy to understand and observe, i.e. open source and transparent.

At the core of Worldcoin is a system for global agreement on the set of all humans. Distributed robust systems that require global agreement were not solved until the arrival of blockchains. Initially targeting digital currencies, the solution generalizes to a wide range of computable systems including most of Worldcoin. This solves one challenge to robustness, but three remain: oracles, governance and privacy.

Oracles: Orbs

The Orbs address what is known as the Oracle problem. Orbs observe the real-world property of personhood. Real-world observations are not verifiable, but fortunately they can be repeatable. To make observations robust against failure, the reliability, independence and diversity of the observers needs to improve. To increase reliability independent hardware designers and manufacturers are needed, open verifiable designs, and a distributed robust auditing process are all needed. Multiple independent observations would be a high burden on the user if it requires multiple trips to an orb. Fortunately much of the benefit can be gained by using statistical sampling and secondary observations that utilize the user’s own phone.

The goal would be to create a standard protocol that anyone can adopt for building hardware to prove humanness. To realize a world in which anyone with the right capabilities can build and integrate their own hardware for observing humanness, the protocol needs open standards for reliability of the observations and a credibly neutral process to certify the hardware.

Governance: Foundation

Distributed robust governance is a challenge. The simplest and natural solution is to simply avoid governance and have a system that is stagnant and unable to evolve with a changing environment. This is perfectly fine when ossification is desirable and changes should go through forking or replacement. For systems like financial and identity infrastructure, where cohesion is important, migration costs are high, and the environment develops rapidly, this is not always an option. To be robust, governance should be transparent, include all participants, be credibly neutral and achieve global agreement. This often leads to large governance structures that are slow and costly to make decisions. Slow and costly may be desirable for big strategic decisions like amending a constitution, but may be detrimental with respect to other decisions, such as those related to security breaches where confidentiality and swift action is required. Additionally, in the early growth stages of a project it is important to nimbly adapt to developing opportunities. Hence there are a variety of considerations with respect to distributed governance.

Worldcoin has a superpower for governance with its proof-of-personhood. This allows implementing one-person-one-vote democracies, something not previously possible. In fact, this opens the door to new promising forms of governance such as those involving quadratic voting. Fortunately the Worldcoin Foundation’s grant program is an excellent place to incubate such mechanisms with decisions of meaningful but non-critical importance. As solutions prove themselves, community governance responsibilities can grow over time until they cover all significant governance decisions, through one mechanism or another. This allows exploration of the exciting space of global governance mechanisms.

Privacy: Uniqueness Service

Robustness abhors secrets. After all, it takes only a single failure to lose one (either forgetting or leaking). Similarly, secret processes are troublesome because errors can go unnoticed. Self-custody, where secrets relating to a user are exclusively in the custody of that user, contains failures by that user to that user (though users are free to enlist third-parties to help safe-guard the secret). Secret processes can be made verifiable using zero-knowledge proofs and similar techniques.

Both self-custody and zero-knowledge proofs are incomplete solutions to robust secrets as cases remain cases where a tradeoff between more robustness or more privacy results. In Worldcoin this happens primarily in the uniqueness service, the part that verifies an iris code does not match an already registered one. Here privacy is maximized, trading off some robustness. Cryptographic solutions that can achieve both simultaneously are being investigated.

Continuous Robustness

Much has already been achieved: the Worldcoin Foundation is set up and holds the treasury and IP, the World ID claims are on-chain and permissionless, the WorldApp wallet is self-custodial and the Orb hardware is open-source (save for anti-tamper). Going forward, robustness can continue to evolve in several dimensions:

Fig. 1

The Worldcoin Tech Tree showing the key areas of the project and respective potential improvements.

  • User AgentThe user agent, i.e. the wallet, is what connects the user to the system and executes all user actions. It manages the user’s keys for both finance and identity. The finance part is a self-custody crypto wallet and thus quite robust. For the identity part the system has an architecture where the user agent combines independent components into a full featured system. Even more robust is if anyone can implement a user-agent and users can use one of their choosing. Diversity in user-agents mitigates common mode failures and allows catering to the needs of specific user segments.
  • HardwareOrbs are a key component for verifying humanness and uniqueness. Besides the aforementioned Oracle problem, robustness here means that Operator access to Orbs is as reliable as it can be. The main concern here are common mode failures: while each Orb operates independently, a fault in the construction can create correlated failures. Creating open standards and having multiple independent manufacturers is a proven way to solve this, as demonstrated by Ethernet and WiFi.
  • OperationsOperations in the Worldcoin project are processes in the physical world that help users to get their World ID verified. Orb Operators (i.e., independent entrepreneurs and their organizations around the world who provide Orbs in physical locations for people to verify) are key contributors to these operations. Certain infrastructure primitives can help reduce trust assumptions, align the incentives of all participants and thereby further the robustness of operations. Those include in-person auditing of operations as well as mechanisms that help increase the integrity of World IDs like face authentication to make it difficult to pass World IDs on to someone else.
  • ProtocolWorld ID claims are quite robust. Using World ID only requires the private key and public information on the Ethereum blockchain. Similarly application developers can verify World ID using only public information. Both are permissionless as no approvals are required. However, the sign-up process depends on the uniqueness service, which will be further ruggedized over time.
  • GovernanceIntellectual property foundational to the mission, including Orb IP, sits with the independent Worldcoin Foundation. The Worldcoin Foundation currently oversees governance of the project, which is being transitioned to governance by all of humanity.

Focus on the User-Agent

Is there a process you can follow to ruggedize a traditional software system? It turns out that to a large extent there is: something one could call “focus on the user-agent”. Assume you start with a traditional architecture, like the diagram on the left, where there is an app (the user-agent) and a number of backend services that each perform a logical function. These backed services are closed-source, run in the cloud and may talk to each other and may hold state.

Fig. 2

Focusing the architecture on the user agent enables the separation of different system components and thereby makes them easier to replace.

The first step is to reroute all the internal communication through the user-agent. Often the internal messages can be naturally attributed to a specific user. Of course, the user-agent can be anything the user chooses, so it cannot be trusted. To ensure the user does not manipulate the messages, they can be cryptographically signed. If the information should be hidden from the user, they can even be encrypted, but note that this will likely cause problems further down the process. Any state in the architecture should be stored on the user-agent, or in public (e.g. on a blockchain). If all goes well, what is left are stateless services that interact only with the user-agent and public state.

The second step is to look closely at each stateless service and see how it can be ruggedized. Maybe it is possible to push it to the user-agent, using zero-knowledge proofs if necessary. Or maybe it can be pushed onchain and execute as a smart contract. Maybe it can be made easily verifiable, and anyone could host an implementation. The end goal here is that the user is free to build their own implementation, or there is a single instance running onchain.

Of course, this process will likely hit a blocker. Messages may not be user-attributable. State can be neither user specific nor public. A service may not fit a well-known pattern. Or things that should be onchain or zero-knowledge proven exceed the capacity of current technology (which is arguably extremely limited compared to cloud providers). In this case creativity and innovation is required. But at this point the problem is already contained to that service, where other services may have been successfully ruggedized.

Once you go through this process it becomes very natural to think from the user's perspective where the user is free to shop around and combine parts to a greater whole. For example World ID’s Orb Verification process becomes

  1. The user installs a wallet app of their choice to act as their user-agent. 
  2. The user finds a nearby Orb. This can be done using onchain information from the Orb registry or using a third-party indexing website.
  3. The user has their picture taken at an Orb. The Orb communicates directly with the user-agent and sends a signed iris picture (after establishing liveness).
  4. The user computes the iris code from the image together with a zero-knowledge proof.
  5. The user sends the iris code and proof to the uniqueness service.
  6. The uniqueness service verifies the proof and the uniqueness. It inserts the iris code into its state and responds with a uniqueness certificate (a signed message).
  7. The user sends their public key and uniqueness certificate to a signup sequencing node.
  8. The signup sequencers batch-update the onchain Merkle tree, and the user now has a verified account.

In this perspective it is clear that the hard problem is the uniqueness service, and mostly because the iriscodes are not public state. It also raises second order questions like governance of the orb registry or how account recovery will work. The presentation here is simplified, please see the whitepaper for a more detailed account.

Infrastructure Meant to Last

Humanness will become critically important as the world continues to digitize and artificial intelligence becomes widespread. To meet the challenge, a solution is needed that can scale globally and survive the pressures that come at scale. And only a robust system can do that. There are already many independent contributors working on various projects to further the robustness of Worldcoin, and more to join in the first wave of grants. But ultimately, to be as robust as possible, Worldcoin must be owned and governed by all the people.


All Comments

Recommended for you

  • BuildBear Labs Raises $1.9M to Accelerate Development of Web3 Tools for Secure dApp Creation

    Singapore-based BuildBear Labs has secured $1.9m in funding from investors including Superscrypt, Tribe Capital, and 1kx, as well as angel investors such as Kris Kaczor and Ken Fromm. The funds will be used to speed up development of the company's flagship platform, which provides developers with testing and validation solutions for secure decentralized applications. BuildBear Labs' platform is dedicated to dApp development and testing, offering developers the ability to create customised Private Testnet sandboxes across multiple EVM and EVM-compatible blockchain networks, with features including private faucets for unlimited Native and ERC20 token minting.

  • Programmable IP: Ushering in the Onchain Renaissance back Programmable IP: Ushering in the Onchain Renaissance

    Story Protocol transforms IPs into networks that transcend mediums and platforms, unleashing global creativity and liquidity.

  • Introducing Ondo Global Markets - A New Paradigm for Securities Tokenization

    The biggest challenge in tokenizing real world assets (“RWAs”) is liquidity.

  • Thoughts on Dune’s business model

    When something is free you have to ask, but how do they make money? So here are some thoughts on Dune’ business model and what it means for our users and customers.

  • Multiple incidents of stETH being stolen and cross-chained to the Blast mainnet were discovered. The victim’s mnemonic words/private keys may have been leaked.

    SlowMist founder, Yu Xian, posted on X platform stating that SlowMist and MistTrack have received at least four cases of stETH being stolen and cross-chain transferred to the Blast mainnet. The common feature is that a small amount of ETH transaction fee is sent from an address with obvious traces (including exchanges) to the stolen address, and then stETH is cross-chain transferred to the Blast mainnet for subsequent transfer, and finally the remaining small amount of ETH in the victim's address is transferred to different ETH addresses. The known loss exceeds 100 stETH, and it is likely a group event. The mnemonic phrase/private key of these victims must have been leaked, and the attackers lurked to start on the Blast mainnet. Previously, Scam Sniffer monitoring showed that a certain address lost over 10 BTC pledged on Aave and some PANDORA due to interaction (clicking on the signature authorization) with a fake Blast airdrop website, with a total loss of approximately $717,817.

  • Hong Kong has closed the application for virtual asset trading platform licenses, and a total of 22 virtual asset trading platforms are waiting for approval.

    The Hong Kong Securities and Futures Commission website shows that the deadline for virtual asset trading platform license applications was yesterday (29th). As of the update on February 28th, there were a total of 22 virtual asset trading platform applicants.The applicants include Bybit, OKX,,, HTX, Bullish, and others.Ammbr, BitHarbour, and Huobi HK withdrew their applications, while Meex had its application returned by the Securities and Futures Commission.In addition, virtual asset trading platforms operating in Hong Kong that did not submit license applications to the Securities and Futures Commission by yesterday (29th) must end their business in Hong Kong by May 31, 2024, at the latest.

  • In February, NFT sales on the Bitcoin chain were approximately US$301 million, down nearly 10% from the previous month.

    According to cryptoslam data, the sales of NFTs on the Bitcoin blockchain in February reached $301,983,035.33, a decrease of nearly 10% from the previous month's $335,121,977.66, and the fourth-highest monthly sales to date. The total number of NFT transactions on the Bitcoin blockchain in February was approximately 203,000, a decrease of about 18.4% from the previous month. In addition, there were 67,139 independent buyers and 57,724 independent sellers of NFTs on the Bitcoin blockchain last month.

  • Attorneys general of many U.S. states: SEC is expanding the definition of “investment contract”

    Law enforcement officials from Montana, Arkansas, Iowa, Mississippi, Nebraska, Ohio, South Dakota, and Texas submitted a joint amicus brief (or friend of the court brief) to the United States Securities and Exchange Commission in the lawsuit against Kraken on Thursday. The brief states that the states are not supporting the exchange, but rather opposing federal regulatory agencies. If the SEC wins, it may prioritize state consumer protection laws and state regulations surrounding cryptocurrencies.

  • Ethereum mainnet interaction costs rise sharply

    On March 1st, due to the heat of the market and the rise in the price of Ethereum, the interaction cost on the Ethereum mainnet has significantly increased. In the past 24 hours, the lowest average value of Gas on the Ethereum mainnet was about 50 gwei, under which:

  • Blockchain data analysis company Octav completes US$4 million in strategic financing

    According to official sources, blockchain data analysis company Octav has announced the completion of a strategic investment of $4 million. The funding round was led by high net worth individuals in the cryptocurrency space, but their identities have not been disclosed. Currently, Octav is primarily focused on unlocking the potential of on-chain data using machine learning technology to improve the accuracy of data labeling and classification. Its clients include Gelato, Request Finance, and Alchemix.