Humanode or: How I Learned to Stop Worrying and Love the DLT
By Dato Kavazi, co-founder of Humanode
Hey there! Not so long ago Humanode papers came out describing how wonderful it is, etc. But for most people it is just a bunch of buzzwords and deeptech nonsense. So today I decided to go over the various aspects and try to lay out the key principles using a language that is non-techy so that anyone is able grasp the ideas. I’ll start from the hardest and move down to the easiest ones. If some question arises I suggest that you should head over and read the whitepaper or at least the part that interests you the most.
Epoch-CRDT
First that comes to mind is the DLT that is used to make sure that the transactions are valid — Take a deep breath — It’s not a blockchain. Yes, non-blockchain DLTs exist and some of them even work, but most of them fail to provide the same level of security and stability as blockchain does. How is Epoch-CRDT any different?
To understand that lets imagine that there is a room full of accountants, like 10 of them.
Accountants have separate ledgers and one main ledger that need to be filled out whenever somebody enters that room and tells them that he wants to send a transaction. As the transaction comes in the accountants start to validate it and after a thorough check they write it down in their separate ledgers. If 51% or 66% (depending on the type of the room) have considered that transaction to be legit then it is transferred to the main ledger where pages are glued together so that they can’t be rearranged in the future.
Those accountants that did their job right gain some money, others who are dumb, unlucky, or malicious are penalized accordingly. This is how a basic blockchain-based DLT works. They wait out until every accountant (which in reality is your mining equipment or a server) writes down the transaction or they take turns in doing so. There are two major flaws. First, every single time a transaction takes place, they have to ask each and every accountant whether he has written everything down properly. Any out-of-date delivered or corrupt messages slows it down. Even if there are no transactions the accountants still have to cross-check that every couple of seconds and slam the blank paper into the main ledger. Second, these guys can squeeze in any info they like (for different reasons) and until the cross-checking is complete, they can’t be trusted to reach the same state of the ledger before the page is added to the main ledger. This opens a door for multiple problems but mostly the absence of strong eventual consistency of data.
Now the Epoch-CRDT room works the same in many ways, but there are key differences that even out the difficulties mentioned above. When somebody comes to send a transaction through Epoch-CRDT he actually finds those accountants not in the room, but outside, without their ledgers casually sitting on chairs in front of the door, chilling and sipping on some late brunch cold coffee.
A dialogue occurs between the closest accountant and the sender:
- So, you are here to send some tokens?
- Yes.
- How much?
- A 1000.
*The accountant checks whether the balance is sufficient.
- Ok, do you have enough to cover the fees?
- Yes.
*The accountant checks whether the balance for the fees is sufficient.
- Ok, one sec pls.
He then turns to other accountants and hands them the locally verified files.
-Well, I’ve checked him, he’s alright. What do you guys think?
Then if 66% of them decide that the broadcasted data is legit, they would open the door, throw in the validated data, and close it. Inside the room there is only one person — the Merkle-CRDT guy.
Basically, as soon as he receives the verified data from the accountants, he starts going around their ledgers writing down the changes. The thing about the Merkle-CRDT guy is that he does everything in his own pace, but no matter what happens, he is mathematically guaranteed to make sure that every single ledger gets to the same state regardless of what happens to the accountants. Blockchains have consensus on validation and merging stages, the Epoch-CRDT has consensus on broadcast and after that it’s just Merkle-CRDT providing strong eventual consistency for each ledger. It means that we don’t have to wait for the accountants to sync at the exact same time and we can receive and propagate new transactions accordingly. Some things are quite different in Epoch-CRDT. First, for example, the pages in the main ledger are not glued together because they don’t provide consistency, Merkle-CRDT does. Second, if there are no transactions then no one’s stamping or cross-checking anything — Epoch-CRDT dynamically reacts to incoming transactions and works only when there are transactions coming in.
Phew, that was hard to describe and a lot of stuff is still to be told about this one, but the above-mentioned metaphor should’ve let you grasp some of the ideas behind Epoch-CRDT.
Fully Homomorphic Encryption (FHE) of biometric data
As an example, let’s go over some biometrics 101 that occur when you are using facial recognition. When you use biometrics on your device the camera takes several photos of your face, choses the best image and puts floating points on the face (small dots around distinct characteristics of human beings such as eyebrows, nose, mouth, chin etc. commonly 70 points are used to capture the face).
Every one of us besides identical twins has unique facial traits that’s why every floating-point face map is different from one another. Floating-points are used to crop and normalize the image and afterwards this map is inserted into a Deep Neural Network (DNN).
The DNN does some magic and transforms your face into 128 numbers that represent your facial traits as coordinates on a 128-dimensional vector space (as if it made things less complicated) — that is called an embedded template and it is used as your personal key to sign into apps etc. After the embedded template is ready your original photographs and the floating-point map are deleted. Everything that I have described up until now happens in under a second, depending on the device.
What happens next is the hard part. So, bear with me. Embedded templates if stolen could be fed into another neural network, trained to recover the original face features, meaning that if some perpetrator gets their hands on them, they can revert it to an image that closely resembles the original face. Now losing your password is one thing because you can easily change it but losing your face kinda seems scary. That is where Fully Homomorphic Encryption comes in hand. What happens is that we add an additional step right after we get the template. We use one of many encryption algorithms to encrypt the embedded template and then we erase it along with everything else and only operate with so-called “ciphertext” (text generated through encryption) to conduct any operations (registration/log in/signing transactions, etc). Even if the perpetrator manages to get it somehow, he won’t be able to revert it back to the original state even closely. Not only that but the system that operates the ciphertext won’t be able to tell who you are. Basically, FHE provides the means for your biometrics to be private and solely belong to you, while allowing to match the faces and provide authorization.
Secret Network private smart-contract layer
Thanks to the brilliant work of engineers from Secret Network the world received an ultimate tool to conduct various computations in a fully private way. Imagine that you and your friend want to compare account balances, but you don’t want neither your friend nor the system to know how much money your account holds. Secret Network gives an ability to conduct this operation fulfilling all of the privacy requirements. Now remember the FHEd embedded template from the previous block? Private smart-contracts from Secret Network allow us to store the private keys that are derived from your unique biometrics so that nobody, neither you nor those who store data could see your original private key. Moreover, it is capable of conducting search and matching operations to compare your FHEd embedded template to other templates in the database. Meaning that all of these operations as well as the keys are hidden from any participant of the network, even yourself which makes it really secure.
Fath monetary algorithm
Fath is derived from the word “fathom”, which stands for understanding after much thought why something is happening. It is an approach to emission that incorporates two main basic principles:
1) A monetary base should be rebalanced according to the amount of value created in a system
2) Any emission should be proportionally delivered to each and every participant in the network
Let’s try to grasp why these principles are so important in the following simple example.
Alice, Bob, and Sarah each get 1$ at the beginning of their economic and monetary relations. But then suddenly Bob decides to print 100$ more and not share with the others. Now there was no real value created in the system through production of goods or services but an additional 100$ was printed on top of those 3$. The question is whether the 2$ held by Alice and Sarah retain the same purchasing power and maintain the same value as when there was only 3 $ in the system.
Though there are many factors that affect the price, it is common sense to state that Alice and Sarah were diluted and that their purchasing power was diminished because before the emission they each held 33% of the whole supply and now Alice and Sarah hold less than 1%. What makes it worse is that the economic output of the network stayed on the same level as when there was only 3$ in the system, which means that it led to reevaluation of the assets that exist in the network and their prices skyrocketed because $ suddenly stopped being as valuable and scarce as it was before. Meaning that Alice and Sarah found themselves in diluted positions and the purchasing power of their original 1 dollars migrated to Bob. That’s a tough situation. Remember this one.
On the other hand, if Alice, Bob, and Sarah decided not to print anything and just continued to work hard and create more value then they would be stuck in a so-called deflationary system. Basically, everyone would know that tomorrow those dollars would have more purchasing power than today because more value is created each day but the monetary base stays the same. Why would anyone spend anything if they knew for sure that tomorrow their money would cost more and have more purchasing power? Deflationary systems lead to stagnation. The lack of spending leads to the lack of activity, growth, or development. Deflation is also considered to be one of the main forces behind the Great Depression. Check it out.
As a solution to the cases mentioned above Fath rebalances monetary base according to the growth of value created in the system. Let’s get back to Alice, Bob, and Sarah to understand how it works. Once again each gets 1$. They have been working hard and the GDP (total of the goods and services sold to each other) of their network stood at 100$ in the first year. Now in the second year they worked even harder and were joined by Sam who managed to create even more value and together they were able to get a GDP of 200$ which is a 100% more than the first year. The Fath monetary algorithm calculates the difference and issues a 100% on top of the existing monetary supply enlarging it from 3$ to 6$. But Fath is a rebalancing mechanism that is why if for some reason the GDP in the second year is lower than in the first by 50% the algorithm would burn the monetary supply by 50% bringing it down from 3$ to 1.5$. By doing so we rebalance the monetary supply with the value created so neither people are diluted, nor the system falls into deflation.
Simply put:
If GDP first period < GDP second period, then emission =
%(GDPsecond period / GDPfirst period )
but
If GDP first period > GDP second period, then burn =
%(GDPfirst period / GDPsecond period )
The second principle is easier to grasp because the fairness of this approach is much more obvious. So here is a brief overview of how emission is poured into modern Fiat Credit-Cycle systems.
With the global conversion to fiat and decimalization that overwhelmed most countries in the early 1970s, world leaders decided to transcend us all to a system into which emission is injected in a form of debt. Afterward, it is passed down the system in the form of loans. Even if we leave out the fact that some of that issuance forever resides on one of the upper levels because of corruption and fraud, people, enterprise, and retail banks are the ones who are constantly cornered because they are t paying for that emission and the only ones, they can resell their debt to is each other.
If for some reason one of the large financial organizations fails to accumulate enough money to cover its expenses and interest, then in most cases the emitting entity prints a relief package to save it. If ordinary people or enterprises fail likewise, in most cases they are fined, thrown onto the street by law enforcement, go bankrupt, or go to jail. Consider the fact that every time the emitting entity prints money it increases the money supply and devalues the currency, meaning that agents at the bottom of the emission pyramid not only get devalued with each coin printed, but they also pay for it to happen.
Fath delivers emission to each and every participant of the network proportionally, regardless of whether he is a financial entity or not.
If you have a 100$ on your account and it happens that the Fath algorithm calculated that this year GDP is 3% higher than the last year, then the protocol will issue and deliver 3$ on top of the 100$ that you already hold, making it a 103$.
Rebalancing the monetary supply according to the economic growth will safeguard the system from devaluation effects and deflation and the direct proportional distribution makes the issuance events much fairer.
Cost-based fee system
So how does one calculate the fees required to pay for your transaction in a decentralized network? For most of the networks out there the formula looks like that:
(demand + hype)2 * gas market manipulation / will of the gods = transaction fees
Just kidding.
In reality there is an internal market of gas which is affected by the number of transactions as well as personal will of the users to pay more so that their transactions are processed earlier than the others. In simple terms, the more is the demand, and the more people are willing to pay — the bigger the fees are. But why is it like that?
Because literally no one knows how much your transaction is worth. Let me break it down for you. Your transaction consists of two main parts: computation and storage. Any network that you use to send transactions must provide the means to compute your transaction and then store the data for you. In modern decentralized systems both steps are conducted by independent validators and the protocol that binds them together. The validators are constantly running servers that conduct computations and store the data of your transactions. Blockchains are made so that any transaction that goes through the network is eternally stored in the ledger. Btw, this leads to a problem of the ever-growing storage space. But how do you calculate how much it costs to compute your transaction and to store it forever? There is no answer to that. We can’t properly calculate the amount of fees for computations as in most networks’ validation power is disproportional and different validators receive different amount fees because they validate more. We can’t calculate the fees for storage because how do you calculate infinite storage? That is why the fees are calculated through a market. Easy way to decide how much something is worth through accumulative subjective mechanisms of price discovery. Because of that if the demand is high and people are willing to pay more the price goes up, if the demand is low and people are not willing to pay more the price goes down. Remember it next time you are wondering why sending 10$ through ERC-20 costs you a 40$.
So how is Humanode’s approach different? First of all, the validation power of every single human node (validator in the Humanode network) is equal. That means that we can precisely calculate the cumulative costs that validators are handling to run the nodes. Second, Epoch-CRDT is built the way that transactions are not forced to be stored forever. When you are sending a transaction, you choose for how long your transaction is stored and after the timer runs out human nodes are not obligated to keep that data anymore. This point also affects the problem of ever-growing ledger, the storage requirements still grow but not as much as when you store everything. Third, most of the transaction ordering models in modern decentralized networks really look and feel like a queue in a post-soviet hospital (pls don’t trigger) — regardless of the time you came at if you have more money to pay than others then you go first, and others will wait. In Humanode we decided to make a model that closely resembles a Japanese queue — you wait for your turn and can’t pay more to be processed faster than the others. As we can calculate the costs of validation, and storage is not infinite we use a simple formula to calculate how much you have to pay for your transaction.
It goes like this:
Price of Tx = Computation cost + GB per period * TXsize * Storage time
But there is an additional thing that makes the whole process much fairer. If you want to send a transaction that is to be stored less than a year, then you will pay only the computation costs and the validators will not get anything on top. It means that users conducting transactions that are stored for less than a year will pay for the electricity and hardware rent spent on their operations and nothing else. This approach should create a stable fee system where the fees are as cheap as possible. Human nodes are incentivized by computing and storing transactions that need to be stored for more than a year.
Sybil-resistance
One of the main goals of Humanode is to create a robust decentralized system where 1 human = 1 node. Now in a world where Pakistani bot farms overwhelm most of the centralized networks with fake identities, we had to devise a proper strategy of fighting off clones. When I say strategy, I mean coordination and combination of different software modules, constant research, and hardware devices to minimize the possibility of creating a fake identity. As any security problem sybil-resistance is an arms race against perpetrators that become smarter by the day. There is no overwhelming solution that can be implemented to just stop clones from being propagated.
So, we combine three major aspects to try and stop the clone attack:
1) Combination of different biometric modalities in node creation and constant verification of existence, including brain signature;
2) Liveness detection software;
3) Authorized hardware devices.
Let me briefly go over each one of them. First, Humanode requires a combination of unique biometric traits of a human being to deploy a node and the need to verify it once in a while (at the early stages Humanode will require to verify a human’s existence once in a month, but later it will be shifted to constant real-time verification). Second, liveness detection protocols that use computer vision and other modules of the devices can tell whether it is a real human being they are seeing in front of the sensor. There are hundreds of modules that can be incorporated for computer vision only, which capture heat, micro-movements, skin motion, light-bending, etc. In fact, liveness detection has evolved so significantly that there are new research papers and approaches to liveness posted on various scientific resources every week. Third, the authorized hardware devices that attach to the private biometric identity that you have created limit the amount of people that can be created inside a network. One device = One person. That way we can ensure that no matter how smart the perpetrator is he would have to go and buy dozens or hundreds of devices and bypass state-of-the art liveness detection, spoofing unique combinations of biometric traits and remain undetected. Another thing is that Humanode will gradually make the requirements to become a human node much stricter. If at the beginning it would be possible to deploy a node using external biometric traits and their combination, on the later stages only internal modalities and their combination such as neurosignatures and DNA-matching with real time passive proof of existence will be eligible for node deployment.
But in reality, anything can be cracked. Because the offensive side is always a step ahead of the defense. The real security is determined through a vague equivalence of several factors. Time + Resources + Experience + Risk vs Potential Gains.
Vortex
Can a decentralized network be truly decentralized if the means to control it are in the hands of the few? Governance in the Humanode Network will be decentralized from genesis and is to be known as Vortex — the Humanode DAO. The governors will have different rights according to their ranks. Ranks are based on Proof-of-Time (PoT) and Proof-of-Devotion (PoD), meaning that devotion in the system is valued more than the riches one has. The ranks do not give any additional voting powers to their holders, instead they are given an ability to make proposals on crucial matters. Tier 1 ‘Citizen’ would be able to make proposals on the product level, but Tier 4 ‘Consul’ would be able to make monetary and protocol level proposals. Regardless of their ranks their voting power remains equal. We can say that Humanode is all about 1 human = 1 node = 1 vote.
In most “decentralized” networks the voting power is entangled with the token making systems really plutocratic as those who don’t wield enough shmekels to buy enough tokens won’t have enough power in the voting procedures. Vortex is built on PoT and PoD, meaning that progress in rank occurs when a person spends enough time governing the system and has shown his dedication through either participation in the projects inside the Humanode ecosystem or by creation of such projects.
There are four governing tiers: citizen, senator, legate, and consul. A human node becomes a citizen as soon as it starts to participate in the voting procedures, to progress to a senator the 1 year of constant governance is required. Each month governors will be faced with governing requirements they have to meet to be eligible for the next month. If the requirements are not met, then a governing node is converted to a normal human node automatically. So, to become a senator one would have to govern for 12 months but they don’t have to be consecutive. Then to become a legate one would have to govern for 24 months and somehow participate in projects that are being developed inside a system, it can be anything from Dev to Sound design. Finally, to become a consul one would have to govern for 48 months and have any of his proposals approved by Vortex.
As you see the system requires proper proof of time and devotion to receive a rank that allows to make core changes in the system but, as I’ve already stated, rank doesn’t give any additional voting power.
Some random thoughts
Since the beginning of the internet there has been a massive movement of people that tried to make sure that our limitless connectivity doesn’t fall into the hands of centralized entities. Well, we know how that went down. Limitless connectivity became as essential to humans as access to water or food, road infrastructure and thermal energy. It is a basic value that should be distributed in a less centralized way that it is right now. Those who control our interconnectivity, and our informational fields have all the means to control us. Creating robust biometrically encrypted private decentralized networks with equality of nodes and people established at the very core of a protocol is one of the solutions to evade the future of most dystopian cyberpunk fiction.
Hope my small article shed some light on what we are trying to accomplish. Have a wonderful rest of the day!
