Topic: Human Hash (Read 778 times)

Maybe if you build and DNA reader in your computer, you just have to lick a stick and put it into the devise, so there is the one possibility, but, of course anyone can steal your DNA information from a cup of coffee , for example…

But the point should be… Why? In the world of control and lack of privacy building a new system of recognition… is there any point in doing so? And… as for crypto, it is not supposed to be anonymity the whole point of its existence? (even since they are not).

I am not judging here, I´m just really curious about the idea behind this.

There is a problem easily solved by humans and hard for a computer: recognition of another human.
Consider this solution:
One is initially identified by a picture or a short introductory video. Then while using the network one has to undergo an identification procedure which includes three 1 minute interviews with strangers via some kind of a videochat.
Mining = working as one of the strangers that identifies that someone who is trying to make a transaction is a real person and he is the same person as on the identification introductory video. You can make sure that identification is done thoroughly by consensus procedures (3 interviewers have to agree on the identity of the person, and if one disagrees with majority he gets penalty).
You can eliminate those who try to create more then one account via simple face recognition software (plus some extra mining-interviewing). But I believe that this is unnecessary. Blockchain is about having as many identities as you want.

As of now mate I think every physical recognition can be faked for instance finger prints and facial recognition.

And what might be this biometric locks, its the same as the others they could only develop algorithms to match up every person's identity?

That's technology for you.

In the end, everything that have mentioned by the author is possible except for being decentralized, its quite impossible - at the moment.

It's done now, it's called a faucet and currently the best tech is captchas.  You could have a captcha use an algorithm to analyze fingerprints, and each unique fingerprint gets 1 coin per day.  captcha's can be done multiple times and theoretically you could use fake fingerprints but still it is pretty good proof you aren't a bot.  However the fingerprint reading algorithm would need to be cryptographic in the sense that it is easy to verify a print but impossible to create a print digitally to fool the algorithm.

You need a ZK-SNARK to make this happen.

That means, you need some sequence of bytes that gets generated (because i assume you'd want to store it on a blockchain) which would need some information that a human has that a computer doesn't.

Consider this.
Assume a human does generate some byte sequence that a computer cannot produce. The human also needs to prove that he/she has provided the correct sequence.
This proof will be an algorithm that a computer can run on the byte sequence.

We have been able to device SNARKs in math because we understand the fundamentals of modulo operations (In case of public private key encryption), because we invented both math and computers.

I am not sure if we have an understanding at that level for any property associated with humans.
What is the underlying logic that creates a fingerprint/DNA? Can that logic be exploited to produce ZK-SNARKs?


PS : I add "ZK" because i'd assume you want to maintain privacy of the human

I'm not sure if you already have seen this or if it will be of use to you, but here is a whitepaper on a decentralized secure identification system.  I haven't read the whitepaper thoroughly, so my apologies if it doesn't apply to your post.

https://github.com/the-laughing-monkey/cicada-platform/blob/master/Identity-Without-Authority-2017.21.3.BETA.pdf

Biometrics are not a secure identification method, they change and can be faked relatively easily. Digitizing human identity is a big challenge when it comes to making it foolproof and accessible but still secure. We've had private key encryption for decades but it's difficult to get people to use it, so phone's etc use biometrics because they are easy for people to implement.

It doesn't seem possible for it to be decentralized.

If you were to go the DNA route you could do sha 256(DNA+password)
That would prevent problems with twins/DNA thieves

Any biometric would probably be good enough, but to satisfy the second point, it would probably have to be a combination of more. The problems would would really be the opposite, not how to create a unique hash for a person, but how to recreate it, because scanners are not precise enough etc and you'd be locked out. The real problem of course  is 3, there  could be a decentralized system that would recognize your biometric data as that datatype, but you could always (in principle imo) spoof it with similar data. At best you could make a system that would employ many different solutions against spoofing and get a high probability of a unique person. For this person to have a fixed identity would again be impossible to solve with certainty and a whole other set of solutions against swaping/trading accounts would have to be developed. 

Your points contradict the anonymity of bitcoins. And why one hash for one person? In the end, a large number of wallets do not interfere with the system.

Im agreeing to all the people here. Thumbprints would do. Even identical twins have different set of finger prints in them but a high chance of DNA match. DNAs use is much better for connecting people and thumbprints for identifying people. DNA requires labs, resources, time, thumbprints doesnt. Just a couple of computer i guess.

Beyond DNA not being unique, how do you even know the DNA you're seeing is actually that of a living person? It could be the DNA of someone who died 50 years ago, or it could be completely made up DNA that never belonged to any individual. What then?

Note: DNA is not unique, identical twins have identical DNA.


1) Uniqueness is easy. The most secure method would be to assign a random number (or, rather, allow the individual to assign themselves a random number) and register its hash with a blockchain-based notary.

2) This constraint is impossible to satisfy through any non-interactive system because it requires a continuous proof-of-life. Let's say Alice and Bob are in a room together. They can each be sure that the other is alive simply by observing the other person (let's call this "visual verification of liveness"). As soon as Bob leaves the room, however, Alice cannot be certain that Bob is still alive without some updated proof-of-life. Even if he gave her a public key just before he left the room and a message arrives one hour later signed with the matching private key, someone could have kidnapped Bob, composed the message, forced him to sign it, and then shot him. So, when Alice acts on the belief that Bob is alive - based on "his" message (as verified by the PK signature), she is mistaken about his actual state of liveness. Instead, Alice would need a provably fresh "proof-of-life" or "remote verification of liveness" and, no matter how you set this verification mechanism up, it must by definition be interactive since the definition of "Bob is presently alive" is "Bob can be presently interacted with."

That said, if your need for identification is sufficiently paramount, then the individual to be ID'd can be troubled with an interactive verification. There's an ID company I read about recently (the name escapes me) that is using a multi-factor ID system pioneered by intelligence agencies that uses three (or four, depending on how you count) factors to verify identity. These boil down to "something you know, something you are, and something you have." So, you might know a passphrase, for example, you might be your fingerprint or retinal scan, and might have some kind of tamper-proof dongle. We can add the blockchain into that in order to prove presence (i.e. that the verification is interactive and not stale or pre-recorded). There is no "fire-and-forget" method that will substitute for this, however, so this is not the kind of ID that you use for buying alcohol and cigarettes, it's the kind a CEO uses to remotely validate a business decision or which a President uses to remotely authorize a politically sensitive air-strike.

3) This is also easy, what with the blockchain.

This is a very tough challenge, because they system has to distinguish between real people and procedurally generated "humans".
Here's an example: let's say we have a person who is precisely 20 years old, so the id of this person is valid today because it's a real person. But 20 years and 1 day ago this person hasn't existed yet, so its current id should have been false on that day. And even if you use a perfect Turing test, it won't be enough, because a real human can pass it on behalf of a dummy. So, maybe some Web of trust solution would work instead - participants will sign each other's id's to authenticate new members, and all the data will be stored on the blockchain of p2p network.

Nice idea out there, I think adding some artificial intelligence neural network attached to the hashing method will increase the possibility to detect if a certain transaction is performed by a human or a bot. I'm not good about it but I have just read an article suggesting the two could be mixed it up to make system more powerful. Anyway, good luck with your project and wish you a great success.

The only way is with a central authority that control the access to a digital identity and its anchoring on the blockchain. But this doesn t mean it won t be a decentralized system, it s just a way to certificate one shot authenticity.

Nice to see you here Colorblind ...

Hey guys do you remember years ago when  
Motorola filled this patent about ingest a pill to log on in the systens surround you ?

Yeah. That as well.

I don't think the majority of the people in this thread actually understand the problem correctly. When you provide your hash of whatever ID system you come up with to the blockchain, the blockchain has to be able to verify the correctness of this hash, which it cannot possibly do without a central authority.

Normal Hash function would do the trick if only you could find something that have following properties in human:

1. Something that can be represented in digital form
2. Something that you can't remove/replace in you
3. Something that no outsider can extract from you

Sad part is that you is the major part of the problem since if you once leak your "key" you will never ever have any option to create new one.

Human have a lot of unique parts (for example DNA, eye pupils, fingerprints, auricles) however once malicious entity take digital "picture" of that part he can recreate "you", so it's inherently flawed as an ID method (still strong enough to avert most of attacks). Certain private part can be copied if it can be digitized.

Same with BitCoin - once attacker have access to your private key - it is game over for this key.
If your private key is your body - it will be much more sad to leak it since you can't just start over by generating a new one....

In theory something bitcoin-like can be done with the parts human can regrow (like hairs) - they all have same "seed" - DNA, but they all unique (i.e. hair = bitcoin address, DNA = your public key, but something still should act as your private key and that is another dead end).