[Cryptography] People vs AI
Marek Tichy
marek at gn.apc.org
Wed Mar 12 15:10:59 EDT 2025
On 12. 03. 25 19:34, Jon Callas wrote:
>
>> On Mar 12, 2025, at 00:06, Marek Tichy<marek at gn.apc.org> wrote:
>>
>>
>> On 11. 03. 25 22:03, Jerry Leichter wrote:
>>>>>> ...Proof of Human is the cornerstone of the networks security.
>>>>> I don't see any hope of being able to prove that an entity on the network is human, given even the current state of AI (and it only gets harder from here). That train left the station.
>>>> I disagree here. The vast majority of our immediate peers we still have
>>>> in person interactions with on a fairly regular basis. This is all that is
>>>> required to bootstrap the security of the network.
>>> But that has nothing to do with proof of humanity. You already know your peers are human - they need prove nothing to you.
>>>
>>> Then again, most of the people I interact with I almost never meet physically. I've only ever met a few of the members of this list, for example.
>> Have we lost the web-of-trust track here? If Bob who I know in person tells me that Alice is a person then I have very good reasons to believe that Alice is a person, even though I never met her.
> Do you?
>
> There seems to be an assumption in here that a person would neither lie nor be mistaken about it. I have long comments, but a short one here is how you'd handle a pseudonym. How does a person who wants to have a pseudonym and be known by that demonstrate they're a person?
>
> Personally, I think the web-of-trust is problematic in many ways, one of the primary ones being the issue I bring up in the previous paragraph. How does someone who has a pseudonym get verified?
DID is globally unique identifier of person Alice in the ledger. One
important concept within SSI is "pairwise identifiers" (or pairwise
IDs). When Alice wants to consume my service S, she will ALWAYS do it
through a "pairwise pseudonym X" . In other words, every actor has an
unlimited number of pseudonyms, no third party ever gets to see the
actual DID.
I as a provider of service S can verify that X is a valid identifier
generated from the valid entry in the ledger (valid DID). "Valid" means
that there were two humans Bob and Cecilia, who at some point gave their
mutual consent to Alice for creating her DID.
S can also on top of that request that the pseudonym X presents some
additional Verifiable Credentials like "The holder of this certificate
has passed a Turing test (CAPTCHA) at least once" (or "Is over 18" or
"Has a valid driving license" etc...). But it doesn't and mustn't care
about the actual name AT ALL. Anonymous proof of x/y/z... is the core
principle of Self-Sovereign Identity (SSI) systems.
-- Marek
>
> Jon
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> https://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250312/65ad08ec/attachment.htm>
More information about the cryptography
mailing list