The Future of Digital Identity with Worldcoin: A Conversation with Steven Smith

From Cryptography to "Crypto": Shaping Secure, Decentralized Digital Identities via new and exciting Secure Multi Party Computation technics.

Hello Cyber Builders 🖖

I’d like to cover crypto this week, as many are getting it today. 😉

When I started my career in cybersecurity 20 years ago, crypto was about cryptography—hash algorithms, digital signatures, asymmetric cryptography—and its all-time stars, such as Ron Rivest, Whit Diffie, and Adi Shamir. I love listening to Shamir at the RSA Conference—a pure no-BS moment on security technologies. 😁 By the way, I share my passion for cryptography yearly in an Introduction to Cryptography course at IMT Ales Engineering College.

But now, when you hear crypto, you think about Bitcoin and its energy-hungry Proof of Work and Ethereum with its newest Proof of Stake. 

Crypto, as cryptocurrency, decentralized trust, and smart contract, has been up and down for 15 years. Markets rose and crashed. Regulations have been catching up for a few years. Applications such as DAO (decentralized autonomous organization) are growing with nice use cases (ex: Helium Network).

I am starting a new multi-post series on Web3 and will try to help you understand more, not just the classics like Bitcoin, Ethereum, and others.

So, to kickstart it, I am pleased to cover the latest system coming to the party this week: Worldcoin.

To understand the latest development of their Trust Stack, we sat down with Steven Smith, a renowned blockchain and cryptography expert and Head of Protocol at the Worldcoin Foundation, to discuss Worldcoin and World ID in general. Here’s what he had to say.

---

Cyber Builders: What exactly is Worldcoin?

Steven: The Worldcoin project is focused on creating the tools humanity needs to prepare for the age of AI. A major part of that, and my area of focus, is the Worldcoin protocol – an open-source, decentralized, privacy-preserving protocol built on the concept of “proof of personhood.” The protocol allows individuals to prove they are unique humans, without revealing their real-world identity, while maintaining their privacy using zero-knowledge proofs. Worldcoin doesn’t want to know who you are, just that you are unique and human. 

Advancements in AI are making it more and more difficult to distinguish between bots and humans, and the inability to do so can lead to major consequences. The first offering at the center of the project is World ID, a secure, permissionless, digital passport that verifies an individual is a real, unique human. 

Cyber Builders: Can you explain the concept of World ID and its significance?

Steven: Absolutely. In the simplest terms, World ID is like having a private digital passport that says “Hey, I’m a real person,” without giving away your personal information. More than five million people globally have a verified World ID.

World ID leverages standard private/public key cryptography with the user in control of the private key on their device at all times. It can be used to sign in to online services and apps while preserving privacy and allows you, as a unique human, to participate in activities only once, such as claiming an airdrop or voting in a DAO. Some existing integrations with popular services and apps are Okta’s Auth0 authentication platform, Discord, Minecraft, Shopify and Reddit.

Bots now make up about half of global internet traffic. As they get smarter, the tools we use to screen for them must become foolproof. World ID is addressing the challenge of proof of personhood in the age of AI to help guarantee the genuineness of online interactions and transactions, which benefits both internet users and organizations.

Visit Steve's Twitter at https://x.com/reldev

Cyber Builders: Cybersecurity folks would like to know more about the security aspects. What are the primary security concerns with Worldcoin and World ID, and how are they addressed?

Steven: Great question. Security and privacy are at the heart of Worldcoin and World ID. This year, the teams working on Worldcoin have rolled out a number of security enhancements that increase user control and transparency. I’ll touch on a few of them.

First, I’ll point to the implementation of Personal Custody. This means all the information needed to create a World ID is securely stored on the individual's device, giving them full control over their data – including how it’s used and deleted. This includes the iris code, which is utilized to verify unique humanness, 

Another key update is the option for World ID holders to unverify their World ID, which means permanently deleting their World ID, including their iris code. This was developed with privacy and security experts and provides participants in the Worldcoin network with even more control over their data directly from their device.

In addition, the Worldcoin Foundation open-sourced key components of the Orb’s software. The essential code for capturing and securely transferring images to users' devices is now available on GitHub under an MIT/Apache 2.0 dual license.

Finally, the most recent, and perhaps most exciting, breakthrough, is the Worldcoin Foundation’s new Secure Multi-Party Computation (SMPC) system, which is open source in a Github repository.

Cyber Builders: Yes, I read about that. You released a new Secure Mult-Party Computation system to check uniqueness via biometric data (Iris Codes) without disclosing private information (link). How does the latest verification protocol in World ID preserve privacy?

Steven: The new SMPC system allows the iris codes to be encrypted into multiple secret shares held by multiple parties. These parties can then work together to compute results over the secret information without learning anything about the secret itself. In final form, no single party (other than the user) has access to a complete iris code. SMPC comes with perfect information-theoretic security, which makes it post-quantum secure.

This layer of privacy, on top of using zero-knowledge proofs (ZKPs), further enhances the privacy and security of Worldcoin’s World ID system and its “uniqueness check.” 

Watch this video if you’d like to know more about why SMPC is a neat system. You’ll learn more about SMPC and how it brings Perfect Secrecy to the Iris Code - a 12800-bit number. You'll be covered if you remember your good old cryptography course on the Vernam Cipher and how XOR ops on 0 and 1 leak no information on clear or cipher text!

Cyber Builders: What excites the crypto nerd you are in that SMPC system? Is it because it is the first SMPC on an extensive world scale? Is it to build a truly open-source and decentralized system?

Steven: What excites me about the new SMPC system is its potential to set a new security standard for others to follow. To my knowledge, this is the first time SMPC techniques have been applied to the deduplication (verification of uniqueness) of biometric templates and at this scale. Thanks to breakthroughs the Worldcoin Foundation achieved in collaboration with other experts, it is now possible to utilize SMPC for this use case.

It's an amazing time to witness advanced cryptographic techniques being put into practice in new ways that can transform digital security and identity verification. 

Cyber Builders: Many people are impatient to see Worldcoin and World ID deployed globally. I am in Europe, and there is no Orb where I can get verified. Is there any progress on that front? Can I register as an Orb?

Steven: We’re excited about the growing demand for World ID globally, and a major focus right now is to meet that demand and serve more people in more places. World ID verification services recently expanded in Latin America, launching in Peru and Colombia. 

We’ve ramped up the production of orbs (which are the custom, state-of-the-art hardware devices built for the Worldcoin project to verify humanness and uniqueness) and look forward to continuing to roll out globally.

Cyber Builders: How do you see Worldcoin and World ID contributing to financial system stability, especially with the increasing use of cryptocurrencies as a refuge and stable coin for cross-border exchange and inflation-neutral currency?

Steven: Worldcoin aims to build the world’s largest financial and identity network by being inclusive and allowing anyone, anywhere to join. It’s no small feat; we’re talking about systems that can handle billions of users, pushing the boundaries of what blockchains can do.

What’s exciting is how Worldcoin is already increasing financial access. World App, the first wallet created for the Worldcoin project by Tools for Humanity, recently passed 10 million users and 70 million total wallet transactions. World App enables users to send digital currency to friends or family, and pay for goods or services. It is designed for ease of use and is compatible with 90+% of the smartphones in use today.

World ID, on the other hand, offers a secure way to verify identities, opening the door to increase trust and reduce fraud in financial transactions.

Cyber Builders: We would like to know more about the potential “on-chain” application for cybersecurity. Can you give me an example of a smart contract, DAO, or other app that can improve security worldwide?

Steven: Absolutely. Unfortunately, outside of the Web3 space, usage of advanced cryptographic methods that put user privacy front and center is limited. There are so many technologies that could benefit the security of organizations globally as security breaches continue to increase year after year.

Top of mind are proven technologies like ZKPs and computational privacy technologies like SMPC and homomorphic encryption (HE).

I believe any organization that stores sensitive or personal data should consider using these technologies to safeguard information to the highest standards.

See you next week!

Laurent 💚