Gitcoin Passport

Anti-Sybil Technology

5 min readFeb 1, 2023

Gitcoin Passport is a sybil resistance protocol and identity aggregation dApp built on the Ceramic Network. Users can collect various identity attestations, called “stamps”, from web2 and web3 authenticators all in one place.

hmm.. that was a good intro but what really is a Gitcoin Passport?

Quadratic Funding

Before introducing the solution we should go to the root of the problem.

One of the biggest problems which come from Gitcoin grants is Sybil Attacks and collusion strategies. And Gitcoin grants are based on Quadratic funding. To understand more visit this website.

WTF is Quadratic Funding?

A matching pool is raised, and then a crowdfund campaign is matched according to the QF algorithm: Number of…

wtfisqf.com

Due to the nature of quadratic funding, sybil resistance is foundational and essential to the Gitcoin funds. Not only this, a lot of things require some sort of sybil defense. Such as Quadratic voting, Gini coefficient measurements, UBI, one-person-one-vote DAOs, Data Collectives, and Sybil Resistant Airdrops.

What is the solution?

Gitcoin Passport. Gitcoin Passport is a tool that allows users to prove they have some credentials that make them more trustable. These credentials can come from Web2 or Web3. Examples from Web2 include having Facebook, Twitter, Github, or Google accounts that meet some basic criteria (number of followers/posts, etc). From Web3, BrightID, ENS and Proof-of-Humanity profiles can be used as stamps. The stamps are generated by the user exposing their Web2/Web3 accounts once, and then a stamp is minted in the user’s Passport, with no personal identifying data saved along the way. The passport only includes the stamps — the proof that evidence exists — and no actual identifying data (working like a zero-knowledge proof). These stamps are used to generate a “trust score”.

Various stamps can be used inside Gitcoin Passport

How does this work?

Connect your wallet at passport.gitcoin.co
Connect different accounts to collect and verify your stamps
Select which data points you’d like to verify for the account
Complete verification by signing off with your wallet
Done, now connect with dApps which measures Personhood scores easily.

In the background basically,

If you want the history, we started with

and in Grants Round 14 (around June 2022) we have,

Just imagine what grants round 89 will look like.

While doing this might not be enough for someone to stop sybils. The amazing thing is Gitcoin Passport is forkable and you can add your own Stamps, and you can tell what data your Passport should consume that can contribute to Sybil resistance. And if you think Gitcoin’s scoring algorithm is not good enough, you can even produce your own Scoring algorithm to produce better results.

And then, add your final Personhood score to your dApp.

More core concepts are,

Decentralized Identifiers (DIDs): The Decentralized Identifiers (DIDs) defined in this specification are a new type of globally unique identifier. They are designed to enable individuals and organizations to generate their own identifiers using systems they trust. These new identifiers enable entities to prove control over them by authenticating using cryptographic proofs such as digital signatures.
did:pkh: did:pkh also allows most if not all blockchain accounts to instantly leverage an existing identity/account and deploy a W3C Decentralized Identifier from it in a standards-conformant way. This “DID-wrapping” of an existing identifier can be used in combination with other DID-compatible technologies, such as W3C Verifiable Credentials or Authorization Capabilities, and produce proper signature-suite definitions, such as “metamask-signing” (signing according to the [eip712] protocol, soon to be a work item at W3C-CCG).
Verifiable Credentials (VCS): Credentials are a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy-respecting, and machine-verifiable.
Ceramic Network: Ceramic is a decentralized data network that brings unlimited data composability to Web3 applications. Used for open data storage.
Spruce DIDKit: DIDKit provides Verifiable Credentials and Decentralized Identifier functionality across different platforms. DIDKit’s core libraries are written in Rust due to Rust’s expressive type system, memory safety, simple dependency web, and suitability across different platforms including embedded systems, but the comprehensive DIDKit SDK includes many libraries and interfaces for using it almost everywhere.

Why Passport?

Privacy Preservation: No PII in the Passport
Decentralized: No centralized data storage. (Ceramic Network)
Prevent Capture: Fully public data, OSS, Open standards (DID/VCs)
Adaptive: Add more stamps, scorers, or data.
Multiculturalism: Built for communities to tune to their needs. (Custom scoring)

Right now, there are some points of centralization such as Gitcoin IAM Server, Gitcoin Ceramic node, etc which are planned to be decentralized soon.

Some wonderful dApps which already use Passport are EthStaker, Bankless Academy, Rabbithole, Snapshot, and Guild.

How to use it in your dApp?

There are two ways currently you can use it:

Passport SDK: https://github.com/gitcoinco/passport-sdk
Scorer (API): https://github.com/gitcoinco/passport-scorer

If you want to develop your dApp with Passport SDK follow these links:

Passport SDK Docs: https://docs.passport.gitcoin.co/gitcoin-passport-sdk/getting-started
Beginners Guide To Developing With Gitcoin Passport: https://youtu.be/MP4VnlcjDhk