RFP: Social-Graph-Based Proof-of-Personhood (Web-of-Trust DIM)

1. Background & Motivation

There are multiple Digital Individuality Mechanisms (DIMs) for Proof-of-Personhood (PoP) currently being developed by Parity as part of Polkadot's native PoP framework:

However, the ecosystem currently lacks a social-graph-based PoP mechanism where individuals attest to the humanity of others.

A Web-of-Trust (WoT) model allows people to build a decentralized social graph where identities mutually vouch for each other. Properly designed, such systems can:

• Scale organically without global ceremonies
• Operate continuously rather than at fixed events
• Preserve privacy while providing strong confidence in uniqueness
• Complement other PoP mechanisms

This RFP seeks proposals to design and implement a privacy-preserving social-graph-based PoP system suitable for experimentation within the Kusama ecosystem.

2. Objective

The objective of this RFP is to develop a Web-of-Trust-based Proof-of-Personhood system where individuals mutually attest to each other's humanity. The system should:

1. Allow individuals to vouch for one another through trust attestations
2. Preserve privacy outside direct (single-hop) trust relationships
3. Provide confidence proofs of personhood without exposing social graph data
4. Maintain Sybil resistance against fake identity clusters
5. Operate without reliance on centralized or permissioned graph analysis
6. Not require any specific third party capable of censoring or gatekeeping individual participation (e.g., KYC providers, centralized identity services) for attaining PoP confidence
7. Provide practical tools (mobile apps and integrations) to support real-world usage

The system should be implemented as an experimental DIM for Kusama.

3. Scope of Work

Proposals should include the following components:

3.1 Attestation Protocol

The system must allow individuals to attest to the humanity of others through trust edges in a social graph. Proposals must clearly distinguish between personhood (uniqueness) and reputation (trust quality). The primary goal of this RFP is Proof of Personhood, not reputation.

The attestation protocol should support:

• Mutual or unilateral attestations
• Multiple levels of trust strength
• Revocable attestations
• Time-decaying trust relationships
• Freshness requirements (attestations must periodically expire or be renewed)

Proposals must address how the renewal mechanism resists automation, since periodic renewal is burdensome and creates an incentive to automate.

Proposals must explain how uniqueness is established beyond simple accumulation of trust.

The system must not require any specific third party that could censor or deny participation to an individual in order to attain any level of PoP confidence. Designs that depend on centralized identity verification services (e.g., KYC providers) or any single external entity as a prerequisite for personhood attestation are out of scope for this RFP.

Proposals must describe a bootstrap strategy for early adoption, including: the minimum network size needed for the system's privacy and security properties to hold, how the system provides meaningful guarantees during the early phase, and how it transitions from a small trusted seed to an open permissionless network without creating a de facto permissioned system.

3.2 Privacy-Preserving Graph Design

The system must protect the privacy of participants and their social relationships. The system should:

• Not expose trust relationships globally
• Minimize exposure of the global social graph
• Allow users to prove personhood confidence without revealing neighbors or identities

Graph queries must maintain k-anonymity, with k ≥ 100 once adoption is sufficiently large. Proposals must define what network size is needed to achieve this threshold and how the system behaves below it.

3.3 Personhood Confidence Proof

Instead of exposing raw graph data, the system should enable users to prove statements such as:

"I am likely a unique human participant
 with confidence ≥ X
 derived from ≥ N unique individuals."

Proposals that use a confidence, score, or probabilistic measure of personhood must clearly define:

• What the confidence value represents (e.g., probability of uniqueness, resistance to Sybil attacks, or another formal interpretation)
• How the confidence value is computed, including the graph properties, signals, or credentials used
• Key assumptions, such as honest participant ratios, cost of identity creation, or limits on adversary coordination
• Limitations of the model, including cases where confidence may degrade or become unreliable

Approaches may include zero-knowledge proofs, aggregated confidence metrics, or privacy-preserving graph queries.

3.4 Sybil Resistance

Social graph systems are vulnerable to fake identity clusters. Proposals must explicitly address mitigation of: Sybil clusters, collusion rings, trust farming, dormant identity attacks, and reputation laundering.

The design must not rely on permissioned graph analysis. Possible approaches include: trust-flow algorithms (e.g., SybilRank-style models), weighted trust propagation, reputation decay, edge creation costs, stake or bonding requirements, and anomaly detection mechanisms.

Proposals must define the adversary model under which the system operates, including:

• attacker capabilities (e.g., ability to create multiple identities, coordinate behavior, use automation or AI agents)
• attacker scale (approximate number of identities under control)
• economic assumptions (cost of creating and maintaining identities)
• attacker goals (e.g., gaining influence, farming rewards, or disrupting the system)

Proposals must explain how the system ensures that contributing individuals are themselves likely to represent distinct humans, rather than coordinated or duplicate identities.

Privacy preservation and Sybil detection are in fundamental tension: the more the graph is hidden, the harder it is to detect fake identity clusters. Proposals should explicitly discuss how they balance these goals and articulate the tradeoffs their design makes.

3.5 User-Facing Application

Proposals must include a user-facing application (native mobile, PWA or equivalent) for iOS and Android that enables users to interact with the system. Given the experimental nature of this RFP, teams may propose a progressive web app or simplified prototype for initial milestones, with native user-facing apps as a later milestone or optional enhancement.

The application should support:

Identity Pairing

• In-person pairing: QR codes, NFC interactions
• Optional remote pairing: secure smart links, mechanisms preventing automated abuse

User Capabilities

Users should be able to:

• inspect their personhood confidence level
• create or revoke attestations
• prove their personhood to others
• verify proofs of personhood from other users

The application should prioritize usability, privacy, and security.

3.6 Web2 Integration

The system must support mechanisms allowing Web2 services to verify proof of personhood. Possible approaches include:

• OAuth-style identity extension
• DID-based credentials
• zero-knowledge login proofs
• HTTP verification tokens
• browser wallet integration

Logins must provide contextual pseudonymity: each user must be able to present a unique pseudonym per service, and pseudonyms across different services must be unlinkable, even if those services collude.

The goal is to enable personhood-aware services such as:

• Sybil-resistant login
• human-only access controls
• anti-bot community participation

3.7 Demonstration Application

Proposals must include at least one demonstration application that benefits from unique human participation. Examples include:

• quadratic voting
• fair airdrops
• spam-resistant social platforms
• human-only governance participation
• anti-bot online communities

The demonstration should clearly show why unique human identities matter.

4. Required Deliverables

Proposals must include following deliverables:

• A published whitepaper detailing the full protocol design, privacy model, Sybil resistance analysis, graph manipulation analysis, economic attack modeling and bootstrap strategy (this is the required first milestone)
• Protocol specification and reference implementation (see 3.1–3.4)
• User-facing application (see 3.5)
• Web2 verification mechanism (see 3.6)
• Demonstration application (see 3.7)
• A real-world testing plan, including target group size, recruitment approach, and success criteria

5. Optional Enhancements

Teams may optionally include:

• cross-DIM composability, such as using DIM1/DIM2 attestations as supplementary inputs to the WoT confidence model, or producing proofs that are interoperable across DIMs
• zk-proof based reputation systems
• cross-application PoP proofs
• trust graph visualizations
• decentralized identity wallet integration

6. Evaluation Criteria

Proposals will be evaluated across the following areas, listed in approximate order of priority. Curators reserve discretion in how these criteria are balanced across proposals. Across all criteria, reviewers will consider whether the proposal clearly defines its model, inputs, assumptions, and limitations.

1. Sybil Resistance Design — How well the design addresses realistic adversarial conditions; clarity of adversary model assumptions; soundness of personhood guarantees (i.e., meaningful support for one unique human per identity, not reliance on trust accumulation alone)
2. Privacy Preservation — Soundness of the privacy model; clarity of limitations, tradeoffs, and deanonymization risks
3. Technical Architecture — Clarity of protocol design; transparency of key mechanisms (e.g., scoring, graph logic, proofs); whether the system can be realistically implemented and adopted
4. Usability & User Experience — Practical adoption considerations; quality of UX design
5. Integration Potential — Web2/Web3 integration approach; interoperability with other DIMs
6. Team Expertise & Timeline — Relevant track record; realistic milestones

7. Proposal Requirements

Submission

Proposals must be submitted through the Kusama Vision PoP Bounty submission form. Submissions must clearly indicate they are in response to this RFP. Submissions require a proposal document hosted on Fileverse using the provided template, along with contact details for curator coordination via Matrix.

Licensing

All deliverables must be open sourced under one of the following licenses: GPL ≥ 2, MIT, or Apache 2.0. Acceptance of the PoP Bounty charter and transparency commitments is required at submission.

Proposal Content

Proposals must address each of the evaluation areas outlined in Section 6, and include:

• Team background and relevant experience
• An implementation plan with timeline and milestones
• A detailed and justified cost estimate (see Budget & Milestones below)
• A plan for ongoing maintenance, parameter governance (e.g., trust decay rates, k-anonymity thresholds, edge creation costs), and community stewardship after initial deployment. This may include plans for transitioning governance to the community, open-source maintenance commitments, or integration into existing Kusama governance structures.

Budget & Milestones

Given the experimental nature of this RFP, budgets are not fixed. However, proposals should aim to balance scope, feasibility, and impact, and clearly justify all requested funding.

Proposals must define a reference currency for the total amount requested. Funding will be disbursed in DOT on Kusama AssetHub on a milestone basis. Proposals must include:

• A breakdown of costs per milestone
• Clear, verifiable deliverables for each milestone
• Expected timeline for each milestone
• Any dependencies between milestones

Proposals must also link a detailed budget spreadsheet (dSheets or equivalent decentralized spreadsheet) breaking down costs per milestone by role, estimated hours, rates, and any non-labor costs (e.g., infrastructure, audits, tooling).

Curators may negotiate milestone structure and amounts before approval. Partial funding may be offered where scope adjustments are appropriate.

8. Conceptual Architecture

          Participants
               │
               ▼
     Mutual Trust Attestations
               │
               ▼
      Privacy-Preserving Graph
               │
               ▼
    Personhood Confidence Proof
               │
      ┌────────┴────────┐
      ▼                 ▼
  Web3 Applications   Web2 Services

9. Expected Outcome

The goal of this RFP is to produce an experimental Web-of-Trust PoP mechanism for Kusama that:

• scales organically through social connections
• preserves participant privacy
• resists Sybil attacks
• enables practical applications requiring unique humans

The resulting system may serve as an additional Digital Individuality Mechanism (DIM) alongside other PoP approaches as they become available across the Polkadot and Kusama ecosystem.