While blockchains are incredible innovations, their potential to change is not the only factor driving their adoption forward.

As teams and projects build to make crypto a better place by increasing decentralization at every level and context, the social structure that supports and runs these projects needs to be completely decentralized as well. However, these situations are ideal for Sybil attacks, where bad actors create a large number of pseudonymous identities to subvert the service’s reputation system and gain a disproportionate amount of influence.

In PoS and PoW based blockchains, the cost of attack should be high and the cost to defend should be low to maintain the security of the system. In a broader sense, this framework can be used to subvert Sybil attacks through building identities that are verifiable, while the cost of making multiple identities to attack the system should outweigh the outcome of gaming the system.

Decentralized Identities

Decentralized identities (DIDs) are a core concept in the world of decentralized autonomous organizations (DAOs) and blockchain governance.

They aim to give individuals back control over their identity without relying on centralized, monolithic gatekeepers. DIDs consist of two components: the identifier and the associated data. Traditional, centralized identity systems are problematic because there is a lack of agreement on what identity should be and how it should be run. This has created a power asymmetry between individuals and the parties that manage our identities and data.

DIDs solve this problem by being decentralized, persistent, resolvable, and verifiable. They are issued and stored on verifiable data registries (VDRs) that act as autonomous namespaces and can be authenticated and managed using decentralized public key infrastructure (PKI). Wallets have become a starting point for managing decentralized identities, enabling users to self-custody their assets and interact with web3 applications.

Decentralized identities have profound implications for the future of crypto, and will be crucial for onboarding, voting, carrying reputation, and other governance activities in DAOs.

Leveraging DIDs in Governance

Voting

Although they can be susceptible to plutocratic capture, token-based voting mechanisms have been widely adopted within the governance of DAOs.

There are alternative methods such as NFT-based voting, conviction voting, and quadratic voting that show promise in improving governance and funding for public goods. Quadratic voting, in particular, is a breakthrough where the influence of a voter is proportional to the square root of the number of votes deployed. While this system has a higher cost as the influence rises, it is vulnerable to Sybil attacks in DAOs, where voters can divide their tokens among multiple addresses. To address this issue, a DID infrastructure that can verify unique IDs while preserving privacy is essential. Gitcoin’s passport is an example of a tool that aims to make Sybil attacks more costly.

Additionally, the Token Engineering Academy NFT holders who received it through completion of the course can use it to get better matching in the token engineering featured round of Gitcoin.

Sybil-resistant Airdrops

Aidropping governance tokens is the next step in decentralization for DAOs, as they put the governance in the hands of communities.

But, it’s very common in DeFi platforms for multiple bots to game the system for the airdrop, and possibly accumulate significant tokens through it. This enables bad actors to gain excessive governance, which can be counterproductive to the DAO.

For instance, in the recent Arbitrum airdrop 135,000 sybil wallets were identified before the drop, indicating prevalence of this issue. To address this, badges and attestations that can prove certain on-chain activities could be used to better distribute tokens through a novel mechanism that provides better matching for airdrops.

Portable Reputation

The web3 reputation stack has seen a surge of new projects that capture reputation in various forms such as SBTs, badges, attestations, scores, and more.

These reputational data are distributed across multiple chains, but the challenge lies in how to make these distributed reputations composable and bring them under unique identities to open up various use cases for governance and community management. A possible solution is to have something like a Lens ID that individuals can carry to prove uniqueness and display on- and off-chain reputation.

A composable and interoperable identity will enable users to move seamlessly across networks with all their information, reputation, claims, data, and identity.

Contribution Management

Contribution management is a crucial aspect of sustainable DAO operations, as it involves keeping track of individual labor units for a given community.

Through various tools and techniques, contributions can be recorded, surfaced, and given value when necessary. DIDs can play an important role in the verification and confirmation of contributions in a bottom-up, self-reporting system that enables contributors to be involved in each other’s work, progress, and goals.

Contribution management is also useful for retroactive payments and funding, allowing easy access to records of contributions. Additionally, DIDs can be used for personal provenance, keeping track of important achievements and milestones that can be carried across through DIDs. Platforms such as Govrn are examples of tools that can be used for contribution management in both community and personal settings.

Tooling Landscape for DIDs

The tooling landscape in decentralized identities plays a crucial role in building a robust web3 ecosystem.

One of the limitations of web3 applications is the tradeoffs of using a smart contract backend or a traditional centralized backend for data management. To address this, developers can use something like the DID Datastore on Ceramic, which allows them to create a datastore for each user’s blockchain account, providing full control over their data and enabling interoperability across platforms and blockchains through DIDs and data models.

Building a Sybil-tolerant reputation system that can scale requires trusted oracles that can query off-chain data. Clique is a platform that pulls data from Twitter and Discord to create behavior data that translates into on-chain data. Porting this behavior to on-chain will help onboard new users and funnel existing ones, as most communications happen off-chain.

Another essential element of building a web3 ecosystem around identity and reputation is proof of personhood, which verifies the uniqueness of an individual. Proof of Humanity (PoH) and World Coin have been instrumental in this direction with high adoption rates. PoH also increases the cost of forging identities for malicious intent.

Bright ID is another identity tool that allows users to prove to applications that they exist only once in any given system. It creates a pseudonymous social graph using a decentralized network of nodes that verify the uniqueness of each account, enabling users to prove their identity across different systems.

Traditional web3 key management practices store private keys on local machines or through third-party custodial services, which can lead to risks such as loss, theft, or hacking. Decentralized key management, as implemented by the Lit Protocol, offers a more secure alternative and enables access control through on-chain conditions, such as the assets held in a user’s wallet. Spruce ID’s SSX provides developers with a simple way to integrate decentralized identity into their applications, enabling DAO logins and a direct relationship with users.

Gitcoin Passport is a platform that allows users to prove their trustworthy credentials from both web2 and web3 platforms like Facebook, Twitter, Github, BrightID, ENS, and Proof-of-Humanity. The platform generates a unique stamp to protect user privacy, and communities can screen this stamp to identify malicious users and generate a “trust score.” Builders can use the API exposed by Gitcoin Passport to integrate prebuilt open-source tools for analyzing and digesting Passport data into a Sybil defense/identity system.

These tools provide the necessary infrastructure for building a decentralized identity system that ensures privacy, security, and trustworthiness.

Closing Thoughts

The Gitcoin Passport platform exemplifies the importance of aggregating decentralized identities to create a score and reduce the cost of forgery.

Smart contract and asset interoperability are convenient, but user adoption of Web3 tech depends on a persistent, rich, and manageable UX across applications of identity-based platforms.

The future of decentralized autonomous organizations and blockchain governance relies heavily on the development of Sybil-resistant reputation systems and contribution management tools that can leverage the power of decentralized identities.