Search

SearchSearch

Soul Bound Identity

6 min read, last updated Mar 30, 2025

Summary

What do dysfunctional democracies, spam calls, and AI poisoned misinformation landscapes have in common? All will thrive until people can trust specific messages came from a specific human, at a distance, inexpensively.

For lack of this foundational civic technology, interesting democratic technologies like quadratic voting, liquid democracy, scalable collective deliberation, or even simple trustworthy electronic voting are out of our grasp. And our commons will continue to be polluted by a rising rate of spam calls, fraudulent emails, identity theft, deeply fake news, and worse.

What

To use security speak: Alice must be able to publish messages to the internet and have Bob trust Alice really sent it. The existing public internet gets us partway, but we still need a public key cryptography in which then Alice must keep a private key (e.g. password) only she knows. Bob must have a way to know Alice’s public key is really hers, meaning he must be able to stay up to date if it changes, even if they are not physically nearby.

To do that Bob needs to generally trust the digital network he’s using is functioning and there needs to be a protocol riding on top which keeps an open record of Alice’s public key mapped to her identity (a SSN in the US) and which has a protocol for her to update her key when needed.

In general this is referred to as soul bound identity. We need that, and we need it to be cheap to use and that means it needs to be robust against attack from actors interested in feinging messages.

How

It will be slow to come about as it’s fruits are mostly a public good rather than a private good. At least, unless you expect WorldCoin to work - most on that later. In general, I haven’t seen a proposal I expect to work, including this one. It’s a work in progress, and I’m writing it out to clarify my own thinking and hopefully inspire others.

The key insight behind this proposal is that humans already spend a lot of computation validating the social identity and connections of those near them. When my friend knocks on my door, I run quite a few mental algorithms confirming his identity and mental state (e.g. not seeming coerced). If he was to call me from an unknown number, I could call on a long list of share histories to try to validate it’s really him. Much like how cryptocurrency uses a proof of work computation to defend against attack, we can leverage this social computation to defend a soul bound identity system against attack.

The next best alternative I can see is a sprawling state run system where ones identity is constantly maintained by biometric scans at their nearest Post Office, and where the inevitable fraud perpetrated on this system is investigated by necessarily ballooned FBI. So let’s try to avoid that. Let’s build a system which recognizes who is highly connected to whom (e.g. family, biological or otherwise) and leverages that to perform key operations. For example, if Alices private key is stolen, three of her closest family can signal to the network to that it must discard her key and begin a process to regenerate one. They’ll feel emboldened to do this because Alice will ask them, they are confident they know when Alice is really Alice and that she is not being coerced.

Here’s more of what that would look like:

  • A graph of souls (persons) and the strong connections between them.
  • Each soul has a private key which they should securely keep.
  • Because we’re relying on social computation, the system should consider a soul to be a single living biological human. Edge cases exist but we can use conventions like “do they have a unique name” and a patchwork of other case law as needed.
  • New souls should be added to the network (at birth) via the signed attestation of the parents and witnesses. Perhaps by attesting to the date, location, SSN and general legitimacy of photographs taken of the parents and child together.
  • Souls can add or remove strong connections by publishing attestations to the network.
  • Inevitably attackers will try to create fake souls which only exist on the network (false immigrants, births, etc) and so some authority must have permission to find and flag such souls. This will not be difficult if the system is well designed.
  • Souls should be given at least two confidence scores by the network, one for how likely they are to be a real human, and one for those savvy they are at making attestations. Souls would build up their realness score by having familiar connections with others in high standing, although they could lose it in the same fashion. Souls’ savviness score would increase as they take network actions, but decrease each time they reset their key or are attested to be of limited faculty by familial connections.
  • This can all be implemented either centralized or p2p, but endorsement by a governing body with a legal and executive function makes it far cheaper to defend from attack.

Rollout

A system which uses the existing social graph is most at risk of attack as new clusters participants come in to the edges. A group of mutually endorsing but fraudulent actors (e.g. a sybil attack) could infiltrate at this stage, accumulating trust from the network until they decide to cash in their chips. Consider if this system was rolled out slowly in the US, enterprising criminals might harvest the identities of their nearest Amish community and join the network as them, anticipating an ability commit financial crimes or interfere in elections. To avoid this, we should roll it out fairly completely one county at a time. We might boot strap off biometrics, as WorldCoin is trying to do, but i don’t think it’s necessary (nor, I think, is it politically feasible in the US).

Dangers

Unless there is a clever way to mask the topology of the graph while keeping it’s essential function, this identity network would provide legibility of the social fabric not previously available. People far away would know who my closest family is, surely a boon to advertisers, extortionists, stalkers, and enforcement agencies. This isn’t simply bad, it’s going to make rollout politically infeasible. Thus, it would be an interesting area of research to see to what extent we could hide familiar graph connections. Here’s one proposal by Barry Whitehat, which I have not evaluated yet.

Ultimately, I’m not working on this. I just keep thinking of other ideas which are blocked by this not existing. As a result I’ve found myself coming back to this year after year. If you’ve read this far, you should absolutely make sure to read Vitalik’s take on the subject.