ZKP tech, one of the most trending and promising technologies in crypto, enables individuals to prove that one is a unique person as seen in Worldcoin. But it also could allow them to sell private keys and tx signatures, which ironically could disrupt voting models in which each participant is proven to be a unique person.

P2P trading of the crypto identities / its one-time controlling ability must be pretty challenging as sellers have to convince buyers that he/she actually knows the private key of the corresponding public key(eth address) or can sign any data with the private key. However, it seems like it’s gonna be possible and even prevalent in the near future.

The project above is currently still under development but if such private trading is feasible, a user who scanned his/her eyeballs with an Orb and has a keypair tied to the hash of the obtained iris data can effortlessly sell the private key and tx signature for money on-chain.

Attack vector to Worldcoin-based voting system

This led me to wonder if a Worldcoin-based voting system that is supposed to ensure that each voter has only a single voting right can ever work out because voters can sell either the private key of the owner of the Safe (World App wallet) or the transaction signature for casting a vote, allowing adversaries to acquire many voting powers and carry out Sybil-attack fairly easily.

As Vitalik points out in his recent blog post, taking care of other security concerns, such as 3D-printed fake iris, phone hacking, and government coercion to steal IDs is also a vital task for Worldcoin to hold its promise. That said, stopping numerous people from making quick-and-easy money seems like by far the most difficult job.

It’s already been seen that many people have cheated the system to get fake WorldIDs by scamming other people and purchasing them. Physically acquiring lots of iris from others by having them show an incorrect QR code and convincing them to sell it IRL is way more expensive than purchasing them online. Hence, apparently, some people buy them from others via OTC on social apps such as Telegram and WhatsApp.

Though, accumulating them in P2P trades on social apps where you always have to trust counterparties wouldn’t be that safe and scalable. It can’t also be expected that they do it on legit websites as building such a service would be violating laws that protect Worldcoin. This is where a decentralized zk-powered marketplace for exchanging cryptographic objects comes in and plays a significant role to let adversaries accumulate hundreds of thousands of worldIDs with fewer costs and risks.

This just doesn't limit its uses to voting systems. Millions of worldIDs would be sold, traded, and used for hostile Sybil attacks on Worldcoin-based apps if they will ever employ its technology: iris-based PoP(Proof of Personhood).

Thoughts on Prevention

As they claim, the Worldcoin team is currently working on implementing a system that allows individuals to reclaim their PoP Identities by re-scanning their iris and tying it to a new key pair. I agree that such a recovery system could reduce the number of frauds and cheating to some extent as it discourages stealing and selling IDs that could become worthless at any point.

Nevertheless, not to mention it can’t eradicate such activities entirely, the recovery feature can never stop individuals from renting out their right of exercising the power of the worldID. To give somebody else voting power, all they have to do is sell its transaction signature instead of an owner's private key.

*Safe accepts EIP1271 transactions and it doesn’t care who sends the tx as long as the eth address recovered from the tx signature matches one of the owner’s addresses. So the signature gets sent from the buyer to the seller’s Safe and it can be successfully verified through EIP1271 tx.

Indeed, this appears to be practically preferable to sellers as they don’t have to hand over the private key of their wallet but can keep the ownership. More importantly, there is no need to do re-registration no matter how many times you sell votes. Plus, buyers also can reduce the cost of managing all the purchased addresses.

Here are some preventive approaches off the top of my head.

• Worldcoin-based voting apps block relevant adversarial parties such as dark market websites and transactions sent from eth addresses ( mostly buyers ) that interact with blacklisted dark markets ( leading to an endless game of cat-and-mouth )

• Modify Safe(World App) to limit access to only owners so that only owners can send transactions but external EOAs ( the current gas-sponsoring a.k.a Meta-tx model will have to be abandoned )

None of them looks perfect but can have a positive impact on diminishing the renting out of worldID. Any other idea?