Executive Summary
Biometric Proof-of-Humanity (BPoH) is JIL Sovereign's protocol-native identity layer, purpose-built to eliminate the Sybil attack problem that costs the crypto industry an estimated $10 billion or more annually. Unlike external identity services that bolt onto existing chains, BPoH is embedded directly into JIL's Layer 1 infrastructure, making human verification a first-class primitive of the network itself.
The system enables any wallet holder to cryptographically prove they are a unique, living human being, without revealing any personally identifiable information. This is achieved through multi-modal biometric capture processed entirely on-device, zero-knowledge proof generation, and the issuance of a soulbound (non-transferable) Humanity NFT.
The Sybil Attack Problem
Current blockchain ecosystems are fundamentally wallet-based. A single actor can create thousands of wallets at near-zero cost, and the network has no native mechanism to distinguish one human operating one wallet from one human operating ten thousand.
| Attack Vector | Current Impact | JIL with BPoH |
|---|---|---|
| Airdrop Farming | Bots capture up to 99% of airdrop value | 1 Humanity NFT = 1 claim; bots get 0% |
| Governance Manipulation | Whales fragment holdings across thousands of wallets | 1 human = 1 vote weight |
| Faucet Draining | Bots drain faucets within seconds | Rate-limited per verified human |
| Social Pollution | ~80% of on-chain social interactions are bot-generated | Humanity NFT required for participation |
| Wash Trading | Artificial volume misleads market participants | BPoH-gated markets expose true volume |
System Architecture
BPoH operates across three tiers: the client device layer (biometric processing), the zero-knowledge proof layer (privacy-preserving attestations), and the on-chain layer (soulbound NFTs and uniqueness registries). No biometric data ever leaves the user's device.
Multi-Modal Biometric Capture
JIL employs four independent biometric modalities to achieve a combined false-accept rate well below one in ten million.
| Modality | Method | False Accept Rate | Time |
|---|---|---|---|
| 3D Face Recognition | Depth-map scan via TrueDepth / structured-light sensor | 1 in 1,000,000 | ~30s |
| Voice Print | Vocal tract resonance, formant structure, deepfake detection | 1 in 100,000 | ~10s |
| Behavioral Biometrics | Typing rhythm, touchscreen pressure, gesture dynamics | 1 in 50,000 | ~2 min |
| Liveness Detection | Randomized challenge-response, skin micro-analysis, blood-flow | Supplementary | ~5s |
Zero-Knowledge Privacy Architecture
On chain (privacy-preserved): Biometric hash (irreversible), ZK uniqueness proof, humanity score (0-100), soulbound NFT ID.
Not accessible to anyone (including JIL): Original biometric data, user identity, cross-account linkability, biometric-to-person mapping.
Enrollment Data Flow
- Biometric capture - Device sensors collect face depth map, voice recording, and behavioral inputs.
- Local processing - On-device ML models extract feature vectors and generate an irreversible biometric hash.
- Uniqueness proof generation - ZK proof constructed on-device: "This hash belongs to a unique human who has not previously enrolled."
- Liveness attestation - Separate ZK proof confirms liveness checks were passed in real time.
- On-chain submission - Hash, ZK proofs, and liveness attestation submitted to BPoH contract.
- Validation and minting - Contract verifies proofs, checks uniqueness registry, mints soulbound Humanity NFT.
Smart Contract Architecture
Three primary contracts work in coordination: BiometricHumanity (enrollment, proof storage, NFT minting), UniquenessRegistry (global deduplication), and HumanityGate (access control library).
HumanityProof Data Structure
| Field | Type | Purpose |
|---|---|---|
| biometricHash | bytes32 | Irreversible, quantum-resistant hash of multi-modal biometric data |
| enrollmentTime | uint256 | Block timestamp for aging and re-verification scheduling |
| humanityScore | uint256 | Confidence score (0-100); applications can set minimum thresholds |
| verified | bool | Whether proof is currently active; revocable on failed re-verification |
| uniquenessProof | bytes32 | ZK proof digest attesting no prior enrollment by any other wallet |
UniquenessRegistry
Standalone mapping contract storing consumed uniqueness proofs as boolean flags. Deliberately separated from BiometricHumanity so the deduplication set persists across contract upgrades. Once consumed, a uniqueness proof can never be re-used.
HumanityGate Modifier
A Solidity library that any JIL contract can import. A single modifier, requireHumanity(minScore), gates any function behind BPoH verification. This makes it trivial for dApp developers to convert from wallet-gated to human-gated.
Attack Resistance Analysis
| Attack | Technique | BPoH Defense | Result |
|---|---|---|---|
| Deepfake Video | AI-generated face video | 3D depth required; unpredictable liveness challenges; skin micro-texture analysis | REJECTED |
| Photo Replay | High-res photo to camera | No blink, no head movement, no 3D depth; behavioral biometrics absent | REJECTED |
| Synthetic Voice | TTS or voice cloning | Vocal tract mismatch; micro-timing absent; spectral synthesis detection | REJECTED |
| 3D Mask | Silicone or 3D-printed | No pores, no blood flow; infrared sub-dermal checks; behavioral mismatch | REJECTED |
| Duplicate Enrollment | Same person, new wallet | Hash collision detected in UniquenessRegistry | REJECTED |
| NFT Transfer | Buy/steal Humanity NFT | Soulbound: transfer function reverts unconditionally | IMPOSSIBLE |
| Coerced Enrollment | Force another person | Behavioral stress detection; re-verification cadence | DETECTED |
Integration with JIL Ecosystem
Governance: One Human, One Vote
Constitutional and protocol-level votes use BPoH to ensure no single entity can manufacture artificial consensus. Token-weighted voting remains available for economic decisions.
Fair Token Distribution
Airdrops, faucet claims, and initial distributions gate participation behind BPoH. Each Humanity NFT can claim exactly once.
Humanitarian Fund Verification
Only wallets holding a Humanity NFT can submit impact reports, vote on fund allocation, or serve as community validators for project milestones.
Compliance and KYC Augmentation
BPoH serves as a pre-screening layer that significantly reduces the cost and complexity of downstream KYC processes for regulated institutions.
Anti-Bot Transaction Gating
NFT mints, DEX access, and lending protocols can require BPoH verification, exposing true human participation metrics.
Implementation Roadmap
| Phase | Timeline | Milestone | Details |
|---|---|---|---|
| Phase 1 | Months 1-3 | Foundation | Core smart contracts, single-modality enrollment (3D face), basic liveness detection, testnet deployment. Contracts audited; liveness rejects all static images. |
| Phase 2 | Months 4-6 | Multi-Modal | Voice print, behavioral biometrics, ZK proof circuit for multi-modal fusion, mobile SDK (iOS/Android). Combined FAR below 1 in 10M. |
| Phase 3 | Months 7-9 | Mainnet | Mainnet deployment, governance integration, HumanityGate library published, re-verification cadence, quantum-resistant hash migration. |
| Phase 4 | Months 10-12 | Scale | Advanced deepfake resistance (adversarial ML), cross-chain attestation bridges, enterprise SDK, continuous authentication pilot. |
Quantum Resistance
BPoH uses lattice-based cryptographic primitives secure against known quantum algorithms. ZK proof circuits are built on post-quantum-compatible frameworks. JIL's pq-epoch-registry provides key-rotation mechanisms allowing BPoH proofs to be re-issued under new cryptographic parameters without requiring users to re-enroll.