Humanode: The First Crypto-Biometric Network

We present a novel 1 Human = 1 Node blockchain protocol which aims to overcome problems arising from plutocratic principles upon which Proof-of-Work (PoW) and Proof-of-Stake (PoS) heavily rely on. The advent of blockchain technology has led to a massive wave of different decentralized ledger technology (DLT) solutions. Projects such as Bitcoin and Ethereum managed to shift the paradigm of how to transact value in a decentralized manner, yet their core technologies give rise to a significant early adopters’ control bias and have led to financial systems flawed by massive inequality and centralization of power. In this paper we propose an alternative to modern decentralized financial networks by introducing the Humanode network. Humanode is a network safeguarded by cryptographically secure bio-authorized nodes on which users are able to deploy nodes by staking their encrypted biometric data. This approach can potentially lead to the creation of a truly public, permissionless financial network, based on consensus between equal human nodes with algorithmic emission mechanisms targeting real value growth and contribution-based wealth distribution.


INTRODUCTION
Over the past decade, increasing attention to decentralized ledger solutions gave rise to a whole class of projects oriented towards encryption methods and consensus mechanisms.An abundance of capital has created a massive research wave on a variety of decentralized transaction verification systems.Simultaneously, biometric processing has evolved to a stage where search and matching operations allow users to safeguard their privacy and liveness detection error probabilities keep declining by the day.
Humanode is a network based on cryptographically secure bioauthorized nodes.Using solutions that provide private search and matching operations and liveness detection algorithms, users will be able to deploy nodes to create a public permissionless financial network based on consensus between human nodes who share the fees and ownership of the network in an equal manner.
Modern decentralized verification systems rely on the concept of material obligations to prevent malicious activity: Proof-of-work (PoW) blockchain systems require mining equipment and energy consumption and Proof-of-Stake (PoS) systems slashes staked funds of malicious users.The main focus of these protection mechanisms is to create a system in which attacks are unimaginably costly for any hypothetical predator.This reliance arises from problems of distrust on many levels, but most importantly because any trust system requires an instrument for preventing malicious activity.On the Humanode network, human nodes are not created through mining farms or monetary obligations in the form of staking, and are therefore not exposed to the same angle of attack.The Humanode network prevents malicious activity by blacklisting biometric data, meaning that your biometric identity becomes your stake.
Human nodes are created through cryptobiometric authentication, which is a combination of cryptographically secure matching and liveness detection mechanisms to verify the uniqueness and existence of real human beings.Thus, the user's pseudonymous biometric identity becomes the stake that gives access to the creation of a node that verifies transactions.This approach mitigates the problem of the disproportion of power in decentralized systems such as mining cartels or validator oligopolies.In the Humanode network, only a single node can be derived from a single biometric identity.This also means that every node is equal in terms of voting and computation power, while rewards for verification and storage are equally distributed among all human nodes.
As the right to launch human nodes is not entangled with a native token, it allows the implementation of any monetary system without the necessity of conforming to the requirements of capitalbased Sybil-defense systems.With human nodes replacing staked assets, it is now possible to avoid a disproportion of token emission between those who stake, validate, or simply hold the asset.
Humanode aims to implement a hypothesis as the mechanism for monetary supply adjustment and proportional distribution of emission.The main idea behind the hypothesis is a full-reserve system that calculates the amount of goods and services sold in equal periods of time.If the value created in the new period is greater than the value in the previous one by 1%, the protocol issues 1% of the supply and delivers it to every single wallet in the network, depending on the account balance (savings).If the wallet holds 1% of the supply during the emission, it gets 1% of the minted tokens directly from the protocol.
Any person in the world, no matter where they are from or who they are, can become a human node, as long as that person has access to a device that can conduct biometric processing (for example, a smartphone with a camera and biometric processing applications for recognition) or other verified hardware.The system delivers the equality of every single human node by deriving only one node from one biometric identity and mitigates any disproportion of power due to reward equality of individuals.As the system implements the hypothesis, which negates the effect of devaluation on agents of the system, it constantly narrows the financial gaps between the users of the network since the emitted value is distributed proportionally to every participant.
The main goal of Humanode is to create a stable and just financial network that relies on the existence of human life itself.Humanode aims to alleviate all the intermediaries that stand between a person and his ability to become a validator of transactions.Humanode strives to deliver easy node creation flows and make it natural for any human to verify their unique existence privately in any digital service.

HUMANODE NETWORK
At its core, Humanode combines different technological stacks to achieve a decentralized, secure, scalable, efficient, consistent, immutable, and sustainable financial network: • a bio-authorization module based on cryptographically secure neural networks for the private classification of 3D templates of users' faces • a private Liveness detection mechanism for identification of real human beings • a Substrate module as a blockchain layer • a cost-based fee system • a Vortex decentralized autonomous organization (DAO) governing system • a monetary policy and algorithm, where monetary supply reacts to real value growth and emission is proportional All of these implemented technologies have nuances that are crucial for the integrity of the network.In this paper we address these details, describing problems that might occur and their possible solutions.The Humanode core acknowledges the power of liveness detection and internal multimodal biometric processing methods that, implemented properly, will tremendously increase resistance against Sybil attacks and overcome the challenges and limitations of modern biometric authentication and identification systems.The main goal of Humanode is to create a stable and just financial network that relies on the existence of human life.
The Humanode network is a protocol that can prove one's unique identity through private biometric authentication schemes and grant permission to launch a node and verify transactions running a public permissionless network based on collective human existence.

The Consensus Mechanism
Unlike most centralized financial systems, decentralized financial systems that run on blockchains do not run on a centralized computer system that is under the control of one government or group of people.In order to ensure that the information in the ledgers are correct and that the computers agree upon what is written down, blockchain systems use a "consensus mechanism".
Technically speaking, a consensus mechanism is a fault-tolerant mechanism used in a blockchain to reach an agreement on a single state of the network among distributed nodes.In other words, it is a system that aims to make sure at least 51% of the computers/nodes in the blockchain network agree that what is being written down in the ledger (as blocks) is correct, valid, and that there are no intentional (or unintentional) errors.This includes a mechanism that will penalize those who try to tamper with the system, and a security mechanism that makes it very difficult to control 51% of the system.
The two most common mechanisms are Proof of Work (PoW) which Bitcoin operates on, and Proof of Stake (PoS) that Ethereum runs.
Humanode tackles the issue of consensus, staking, and block creation from a different perspective.The Humanode network bases its infrastructure on human biometrics.Instead of PoW and PoS, Humanode utilizes the combination of Proof-of-Uniqueness and Proof-of-Existence.Combined with blockchain technology, it creates the first ever human-based digital verification layer.Human nodes are created through crypto-biometric authentication which is a combination of cryptographically secure matching and liveness detection mechanisms to verify uniqueness and existence of real human beings.One unique human who is alive can create one node, and each node has one vote in the system.This also means that in order to gain 51% of the votes in the system, one would have to physically or track down 51% of the people that participate in Humanode across the globe, and basically force them to vote in a certain way.If you are a malicious actor, and try to scam the system, your biometrics get blacklisted, and you will be penalized depending on the severity of the offense.In the worst case scenario, you will lose all access to the network.
In the Humanode consensus mechanism, the nodes do not compete to gain the right to write the block and earn newly minted crypto or commission.All transaction fees in the network are shared equally across the validator nodes (assuming that the nodes were running at the same time), and all nodes in the network equally share the rewards from services provided.
At its first stage, Humanode is implemented on the Polkadot Blockspace Ecosystem, leveraging BABE block production and GRANDPA consensus mechanisms.[1] Humanode is envisioned to transform to a fully consensus agnostic protocol: A protocol for creating custom blockchains that is independent of any specific consensus algorithm.

BIOMETRIC APPROACH TO USER IDENTIFICATION
Rapid development in IT, DLT (Distributed Ledger Technology), and AI are prompting biometrics to constantly innovate and make the most of market demand.According to the latest reports, the global biometrics market is forecasted to reach $82.8 billion to nearly $100 billion by 2027 [2], growing at a 19.3% compound annual growth rate (CAGR) from an estimated $24.1 billion in 2020 [3].According to these reports, the multimodal biometric systems segment is projected to increase in revenue at a significant CAGR during the forecast period.
In terms of authentication type, voice recognition is supposed to witness significant growth due to consumer desires for a safer identity mechanism.Facial recognition is also poised for growth, as it is witnessing a boost from the launch of Apple's Face ID system [4].
In 2020, the global market for mobile biometrics was estimated at $18 billion, and it is projected to reach a size of $79.8 billion by 2027, growing at a CAGR of 23.7% over the analysis period 2020-2027 [5].Growth in the scanner segment was readjusted to a 20.1% CAGR for the next seven-year period.
Furthermore, the post-COVID 19 global digital identity verification market is forecast to grow from $7.6 billion in 2020 to $15.8 billion by 2025, at a CAGR of 15.6%.
The ability to privately secure user authentication through biometrics has been the goal of many cryptographic researchers.For the last two decades, cryptographers have concentrated their efforts on solving the problem of biometric protection against malicious activities of the verifier.Solutions like biohashing, biometric cryptosystems, and cancelable biometrics have not evolved enough to become efficient and secure for a hypothetical user [6] [7] [8] [9] [10 [11] [12] [13] [14].
Until not so long ago, biometric identification methods carried a heavy risk to personal privacy.Biometric data are considered to be very sensitive, as they can be uniquely associated with a human being.Passwords are not considered PII, as they can be changed and not associated with any person directly.The main risks associated with biometric matching in the past were based on the fact that they required the biometric data to be visible at some point during the process.

Humanode bio-authorization overview
The privacy and security of biometric data have been among the most critical aspects to consider when deciding on a biometric and cryptographic technology to use in Humanode.In the Humanode protocol, biometric registration and authentication are carried out through a novel method based on cryptographically secure neural networks for the private classification of images of users' faces so that it can: • guarantee the image's privacy, performing all operations without the biometrics of the user's face having to leave the device • obtain a certificate or proof that the operations are carried out correctly, without malicious manipulation • have resistance to different attacks, such as the Sybil attack and reply attack • carry out all registration and authentication operations without the need for a central entity or authority that handles the issuance and registration of users' cryptographic keys • compare the feature vector each time the user wants to authenticate in a cryptographically secure way Let us now examine how the different technologies that are used to perform the registration and authentication of users are applied, guaranteeing privacy in a decentralized environment.
Traditionally, neural networks are used to identify an image.A neural network is a particular case of a machine-learning technique that consists of a series of so-called nodes structured in layers.These nodes or neurons are mathematical functions that perform a specific operation according to the layer they belong to.
For example, the convolutional layer is in charge of filtering the information to determine the similarity between the original image covered by a filter and the filter itself.The activation layer also determines if the filter pattern defined in the convolutional layer is present at a particular position in the image.There is also a layer called max pooling that modifies the data to make them easier to handle [15].
When the user logs into the system for the first time, the neural network produces a unique feature vector that identifies the user.Once this vector is registered, the system can store it for future comparisons when the user wishes to authenticate.
The main objective of the biometric registration and authentication system is to protect the images of users throughout the whole process and on the different layers of the neural network.It is required that the operations are carried out effectively and efficiently, preventing unauthorized access to the data, from the time when they are obtained on the user's device to when they are processed in the neural network and registered in the system [16].
A malicious user gaining access to the neural network should not be able to obtain any sensitive information.This is why Humanode biometric system architecture is designed to run neural networks locally on the user's device and only send the proof that all the neural network layers were executed.The user will also send the neural network's output in the form of an encrypted feature vector.

Convolutional neural network
Often referred to as CNNs or ConvNets, convolutional neural networks specialize in processing data that are grid-like in topology, such as images.
In a digital image, each pixel contains a binary value that denotes how bright it is and what color it should be.It contains a series of pixels that are arranged in a grid-like format.
Each neuron works in its own receptive field, interconnected with other neurons so that the entire visual field is covered.The human brain processes enormous amounts of information as soon as it sees an image.
In the same way that each neuron in the biological vision system responds to stimuli only in its receptive field, each neuron in a CNN also processes information only within its receptive field.With a CNN, one can enable computers to sense simpler patterns (lines, curves, etc.) at the beginning and more complex patterns (faces, objects, etc.) as they progress.
There are four main layer types of CNNs: a convolutional layer, pooling layer, fully connected layer, and one or more activation layers.

Convolution Layer.
CNNs have a convolution layer that carries a vast amount of computations.Using this layer, the Humanode protocol performs a dot product between two matrices, one that contains the set of learnable parameters, known as a kernel, and the other that contains the restricted portion of the receptive field.
In the case of an image composed of three (RGB) channels, the kernel height and width will be smaller than the image, but the depth will encompass all three channels.
When the forward pass is made, the kernel slides across the height and width of the image, creating an image representation of the receptive region.A kernel response is generated by computing an activation map in two dimensions, which results in a representation of the image for each spatial position.A stride refers to the size of the kernel as it slides.The size of the output volume can be calculated as follows: Assuming an input of size  ×  ×  and a number of kernels of size F with a stride S and a padding P: This will yield an output volume of size   ×   ×   .
3.2.2Pooling Layer.During the pooling layer, summary statistics are derived from the nearby outputs to replace certain outputs of the network.As a result, the size of the representation is reduced, resulting in a decrease in computation and weights.The pooling operation is applied to every slice in turn.
In addition to the rectangular neighborhood average, there are several pooling functions such as the L2 norm of the rectangular neighborhood and the weighted average based on the distance to the central pixel.Max pooling, however, is the process most commonly used, which reports the max output from the neighbors.The size of the output volume can be determined by this formula if we have an activation map with dimensions  ×  × , a pooling kernel with dimensions F and a stride: This generates an output volume of   ×   ×   .The translation invariance of pooling makes it possible to recognize objects wherever they appear in the frame regardless of their position.

Fully Connected Layer.
As with regular FCNNs (Fully CNNs), neurons in this layer are fully connected to neurons in the preceding and following layers.Thus, it can be calculated as usual by a matrix multiplication followed by a bias effect.This layer enables mapping of inputs and outputs between representations.

Activation Layers.
Non-linear layers are often placed directly after the convolutional layer to introduce nonlinearity to the activation map, due to the linear nature of convolution and the non-linear nature of images.

Sigmoid
The Sigmoid nonlinearity has the mathematical form  () = 1/(1 +  − ).This formula takes any real-valued number and "fits" it between 0 and 1.However, the gradient of the sigmoid is almost zero when the activation is at either tail.In backpropagation, if the local gradient becomes very small, it will effectively "kill" the gradient.Furthermore, if the Sigmoid is always positive, it will produce either all positives or all negatives, resulting in a zig-zag trend in gradient updates for the weights.2. tanh tanh fits any real-valued number between -1 and 1.The activation of Sigmoid neurons saturates, but the output is zero-centered, unlike Sigmoid neurons.

ReLUs
In the last few years, Rectified Linear Units (ReLUs) have been very popular.They are computed with the function   =  (0, ).In other words, the activation threshold is simply set to zero.With ReLUs, convergence is six times faster than the Sigmoid and tanh non-linearities.The disadvantage of ReLUs is that they can be fragile during training.They can be updated by a large gradient in such a way that the neuron is never further updated.This can be addressed by setting an appropriate learning rate.

Cosine similarity for feature vector matching
Humanode facial recognition system uses modified ResNet architecture for facial feature extraction and uses cosine similarity for matching.
Cosine similarity is a measurement that quantifies the similarity between two or more vectors.It is measured by the cosine of the angle between vectors and determines whether two vectors are pointing in roughly the same direction.The vectors are typically non-zero and are within an inner product space.It is described as the division between the dot product of vectors and the product of the Euclidean norms or magnitude of each vector:

𝑖
Cosine similarities are therefore constrained between 0 and 1.The similarity measurement is a measure of the cosine of the angle between the two non-zero vectors A and B.
Assume the angle between the two vectors is 90 degrees.The cosine similarity will be zero in that case.This indicates that the two vectors are orthogonal or perpendicular to each other.The angle between the two vectors A and B decreases as the cosine similarity measurement approaches 1.The image below illustrates this more clearly.Humanode uses cosine similarity in the facial feature vector matching part.

Active and Passive Liveness detection
Enterprises use face recognition for onboarding, validating, and approving customers due to its reliability and ease of use.The demand for liveness detection is growing rapidly.Liveness detection This makes it much harder for an adversary to spoof an identity.Facial recognition determines whether the person is unique and similar, whereas liveness detection determines whether the person is a living human being.Liveness detection confirms the presence of a user's identification credentials and that the user is physically present, whether on a mobile phone, a computer or a tablet, or any camera-enabled device.
Two methods of facial liveness detection exist: active and passive.
Active liveness detection requires that the user performs an act to confirm that they are a live person.A user would be normally asked to change the head position, nod, blink their eyes or follow a mark on their device's screen with their eyes.A malicious user can still fool the active liveness system using a Presentation Attack Detection (PAD) attack.Scammers can use various gadgets or "artifacts" to fool the system, some of which are remarkably low-tech.
The Humanode active liveness detection model requires that the user turns their face left or right, blink their eyes, or show emotions like happiness, anger, or surprise, and determines whether the user is fake or real depending on the result.
With passive liveness detection, the user is not required to do anything.This provides end-users with a modernized and convenient experience.It is an excellent method for determining whether the user is present without any specific movement or gesture.Passive methods use a single image, which is examined for an array of multiple characteristics to determine if a live person is present.
The Humanode passive liveness detection model determines if a live person is present, based on texture and local shape analysis, distortion analysis, and edge analysis: • Texture and local shape analysis -analyze the input image from a textural analysis point of view by image quality assessment, characterization of printing artifacts, and differences in light reflection • Distortion analysis -analyze the input image using an image distortion analysis feature vector that consists of four different features, specular reflection, blurriness, chromatic moment, and color diversity • Edge analysis -analyze the edge of the input to find out whether the edge component is presented or not On the Humanode system, as the active liveness detection process is going on, passive liveness detection is performed in the background.By combining the advantages of active and passive liveness detection approaches, Humanode creates a more secure liveness detection system.

Cryptobiometric search and matching operations
When the user registers in the Humanode system, the executed private neural network allows the feature vector to be extracted from the user's face for the first time.It is essential to safely store this vector to evaluate the subsequent times that the user wants to authenticate in the system.But this storage must be encrypted.Moreover, to compare the new vector with the already stored one, the data cannot be decrypted.One must therefore use homomorphic encryption method.Homomorphic encryption is nothing more than an encryption algorithm with the additional characteristic that operations can be defined so that they can be preserved by encryption.In mathematics, the preservation of an operation is obtained when we have an operation and a function between two spaces.The function that goes from one space to the other is said to preserve the operation if it is invariant under the operation.
Formally we say that the function f, from space A to space B, is an homomorphism if given two elements  1 ,  2 ∈ , then the function f has the following property: This section will discuss a method used in neural networks to evaluate the similarity between two feature vectors.Then, we will define the homomorphic encryption method that will allow us to store the encrypted feature vector and perform the similarity operation without decrypting the vector.

Cosine Similarity Encryption.
As mentioned above, one of the most efficient and natural ways to find the similarity between two feature vectors in neural networks is cosine similarity.Let  = ( 0 , . . .,   ) and  = ( 0 , . . .,   ) two vectors in R  , the cosine similarity between a and b is then defined by the equation  (, ) =  •   where  is the norm of the vector  [16].From the equation above, if we calculate the inner product between two vectors, we can determine directly if two vectors are similar.In simple terms, the cosine similarity of the angle of two vectors tells us whether two vectors point in the same direction.If in addition the vectors are normalized, then it is evident that: In the cryptobiometric authentication system, we must define an encryption scheme that allows us to calculate the internal product between two vectors, which will give us the similarity between them.This calculation will be carried out on the encrypted vectors without the need to decrypt them.It is natural to look for a homomorphic encryption scheme where the calculations to determine similarity are performed in the encrypted space.
In a traditional encryption scheme, which only encrypts the data to be sent out, it would have to handle the private keys with which the user encrypted the data, decrypt the vectors, and then make the similarity calculation on clear data.From a decentralized perspective, this traditional approach has a flaw, as users' private keys are in an environment where peers are by nature untrusted.In a decentralized environment, there is no trusted third party to handle the keys securely.

Homomorphic Encryption.
There are different proposals for encryption schemes that preserve operations in a homomorphic manner through the encryption function.In particular, one of the most straightforward and most efficient is encryption based on learning with errors (LWE) [20].In this section we will examine the mathematical preliminaries of this cipher and the algorithms that compose it, namely: Key generation Encryption Decryption Homomorphic operations Lattices In group theory, a lattice in R  is an algebraic subgroup of R  that spans the vector space R  with integer coefficients in its basis.
Formally, let  ∈ N,  ∈ R × be a matrix, and Then the linear combinations of   are defined as is a subgroup of R  , where   ∈ Z.If the   are linearly independent, we say that L () is a lattice in R  of dimension n.
Lattice-based ciphers are some of the leading candidates for post-quantum cryptographic algorithms.If an efficient quantum computer is ever built, a post-quantum encryption scheme can resist attacks.In 1994, Shor [21] theoretically demonstrated that a protocol could be built on a quantum computer that would break in polynomial time the problems on which most public-key ciphers such as the RSA, Diffie-Hellman, or cryptosystems of elliptic curves are based.
Nevertheless, the computational complexity of the problem that shapes cryptosystems based on lattices ensures their quantum resistance.Furthermore, the LWE-based cryptosystem can be completely homomorphic: it possesses homomorphism in both operations of addition and multiplication.Which is very useful for the calculation of the inner product, and consequently for the similarity of the cosine [22].

Construction of the ring-LWE scheme
Let us now see in detail how the ring-LWE encryption scheme works and how the homomorphic operations are defined [23], [24].Setup parameters First of all, we need to define certain general parameters to be used in the key generation algorithm: • set  ∈ N, a degree parameter.
• let q be a prime number, defining the ring   = / =   []/ ().This ring is the ciphertext space.• take t as an arbitrary integer, with t < q, defining the ring   = / =   []/ ().This ring is the plaintext space.• define the standard deviation , as the parameter for the discrete Gaussian distribution  =    , .Key generation First, we sample random elements as follows: • sample s from the Gaussian distribution .
• take a random  1 ∈   and the error e sampled from .
Then the public key is defined as  = ( 0 ,  1 ), where  0 = −( 1  + ), and the secret key is  = .Encryption After encoding the plaintext m as an element in   and given the public key  = ( 0 ,  1 ), u, f, g from the distribution  and compute

Decryption
If  = ( 0 , . . .,   ) is a ciphertext and  =  the private key, then the decryption is simply

Extracting inner product from the encrypted value
The cosine similarity operation requires, as we saw, the calculation of the inner product in the encrypted space.It is evident then that if we define accordingly a transformation in the encrypted space, thanks to the homomorphic properties of the encryption scheme we can extract the inner product as a constant term from the encrypted result [25].Thus, let P, Q be bit sequence representations of vectors and F a transformation onto the ring   such that  () If we multiply  () *  (), then = ,  + . . .Thus, if we encrypt F(P) and F(Q), thanks to the homomorphic properties of the encryption scheme, we can extract the inner product as a constant term from the encrypted result:  ( () *  ()) = ,  +  (. ..)

ZKP for verifiable computation
In our setup, a node does not trust any other node in the system.This means that a node can be trusted to follow the protocol but may not be trusted with the computation of the feature extraction and liveness detection processes.
During the registration process, a node will extract a feature vector from the face image and then send it to a peer node.The problem is how does the peer node trust the feature vector?A node may or may not have followed the feature extraction process as required.In this situation, zero-knowledge-based verifiable computation is valuable.
Verifiable computation is a technique to prove that the computation process was followed correctly by an untrusted party.Let  =  () be the result of computation on input .The prover generates a proof of computation, , along with the result, and sends , ,  to the verifier.Using ,  and the verification keys, the verifier verifies the correctness of the proof .Some related work for reference: 1. SafetyNet: Specialized interactive proof protocol for verifiable execution of a class of deep neural networks.It supports only quadratic activation functions, but in Humanode's neural network model, ReLU is necessary to achieve higher accuracy.2. zkDT: Verifiable inference and accuracy schemes on decision trees.Decision trees are simple and quite different from neural network architecture.3. vCNN: verifiable inference scheme for neural networks with zero knowledge.It only optimizes convolution.The vCNN scheme uses mixing of QAP (Quadratic arithmetic program), QPP (quadratic polynomial program), and CP-SNARK for making a connection between QAP and QPP.QAP works at the arithmetic circuit level and is costly in terms of computation.4. ZEN: R1CS-friendly optimized ZK neural network inference scheme.Proposes an R1CS-friendly quantization technique.Uses an arithmetic-level circuit and Groth zero-knowledge-proof scheme.5. zkCNN: Interactive zero-knowledge-proof scheme for a CNN.Proposes a new sum-check protocol.Uses the GKR protocol.The vCNN, ZEN, and zkCNN procedures are most closely related to the cases we've discussed but all of them reduce the computation program to arithmetic circuit level and then use a Groth ZKP protocol for verification.
Any verifiable computation scheme utilizes the homomorphic property of the underlying primitive for verification.Therefore, it can support computation that involves either addition or multiplication.Since neural network computations are often complex and non-linear, researchers often convert the program to the arithmetic circuit level, which involves only addition and multiplication at the bit level, and then use a zkSNARK-type proof.This is a more generalized technique for any circuit.Yet if the circuit involves only addition and multiplication at integer level then there is no need to convert it to the arithmetic circuit level.
Humanode's novelty is to break down the neural network model of feature extraction into different layers, and then prove the computation of individual layers separately.There are four main layers: the convolution layer, Batch-normalization layer, ReLU layer, and the average pooling layer.Out of these, only the ReLU layer is not in the form of addition and multiplication. () = max(, 0) In order to make it compatible with our approach, we replaced the ReLU function with the bit-decomposition of ReLU, which involves bit-level addition and multiplication.After this, we use Verifiable Private Polynomial Evaluation (PIPE) where an untrusted cloud server proves that the polynomial computation,  =  (), is correct without revealing the coefficients of the polynomial  .We are aware of other similar schemes like Pinocchio [26] and PolyCommit by Kate et al. [27], and other Garbled circuit-based schemes, but PIPE is best suitable for our decentralized untrusted P2P network mechanism.
Our case is similar but slightly different.We assume that the neural network parameters are available with each node.That means that the coefficients of the kernel in the convolution layer are available with each node.For input ( 1 , . . .,   ) and kernel ( 1 , . . .,   ), the output of convolution can be represented as: In the PIPE scheme,   is kept secret from the verifier and in our casse,   (which represents the input image) is kept secret from the verifier.Moreover, in the PIPE scheme, both input and output are available in plain form for the verifier.We cannot however reveal the input and outputs of the neural network as well as the intermediate layers due to privacy concerns.That means we had to modify the PIPE scheme in such a way that the verifier can still verify the correctness of computation using encrypted inputs and outputs.
Figure 8. presents a ZKP system for the feature vector extraction process.

Humanode approach to ZKP. The Generalized problem:
Input: ( 1 , . . .,   ) Computation:  =      Prover picks an input and performs the computation.Since the verifier does not trust the prover, the prover needs to prove that the output  is computed correctly.
Requirement: The coefficients of the computation, {  }, are public and known to verifiers.The prover can't disclose {  } and  to the verifier due to privacy concerns.
To overcome this problem, we combined Feldman's Verifiable Secret Sharing (VSS) [28], ElGamal Crypto system [29], and noninteractive ZK proof.Feldman's Verifiable Secret Sharing scheme: Feldman's VSS is a secret sharing scheme where each share is a point (, ) on a secret polynomial  .In Feldman's VSS, given a share (, ), anybody can verify the validity of the share using some public value corresponding to the secret polynomial  .This means anyone can check whether  =  () without knowing the coefficients of the polynomial  .
Let  () =  =0     be a -degree polynomial with   ∈ Z *  .Let G be a multiplicative group of a prime order p and g be a generator of G.For each   , set ℎ  =    .Now make g and {ℎ  } public.Given a share (, ), one can check the validity of the share by verifying the following equation:

𝑖
Note: There are two concerns here.First, the share (, ) is in plain form and hence, if we use this as is, then we have to reveal the input and the output to the verifier.The second concern is that ℎ  hides   under the assumption that it is difficult to solve for   from ℎ  under the discrete logarithm assumption.However, if   is a small value, then it will be very easy to find   from ℎ  .In neural network computation, the values (input and weight parameters) are always small and therefore cannot hide it properly.Feldman's VSS with encrypted input and output: Input: ( 1 , . . .,   ) To hide input and output, we need to encrypt both in such a way that we can perform some operation over encrypted value.That means we have to use some homomorphic encryption scheme.
We use ElGamal encryption mainly because it is homomorphic with respect to plaintext multiplication as well as scalar multiplication, which suits our system perfectly.
We achieve the ZKP system for an individual layer of our NN model by combining Feldman's VSS, ElGamal cryptosystem, and NIZKP LogEq properly.
• Our ZKP system is unconditionally ZK-secure and UNFsecure under Random Oracle Model.• Our ZKP system is also privacy-preserving under the DDH assumption in the Random Oracle Model.
•   ((, ) -returns  =    .In our scheme, we use a 1024-bit prime p to achieve the recommended security.Note that ElGamal encryption uses randomized encryption and is not deterministic.That means that if the same message is encrypted twice then both ciphertexts will be different.Thus each transaction will be indistinguishable and preserve the privacy of the user.Moreover, ElGamal encryption is homomorphic with respect to plaintext multiplication and scalar multiplication.
()  =  () 3.7.3Zero-knowledge-proof system for liveness detection.The result of liveness detection is proved by sending the output of the detection algorithm.This output comes in the form of a yes or no, a Boolean result.In a centralized system, the algorithm runs in a controlled environment where the central authority manages the input and output.When the user is given the ability to run the liveness detection algorithm on their own there is the risk of a malicious user tampering with the result of the algorithm.Errors can also occur in the transmission of data or local failures in executing the algorithm and obtaining the results.
The system's decentralization includes the need to prove that the result is obtained through a correct execution of the algorithm.That is why in Humanode, we have an algorithm to generate proof of the correctness of each function of the liveness detection process.In addition, there exists a verification algorithm for the said proof, thus having a zero-knowledge-proof system suitable for decentralized testing of the correct execution of liveness detection.

Collective Authority.
One of the most critical problems to solve when defining encryption schemes in decentralized environments is the handling of cryptographic keys, where in addition, the calculations are performed and verified by peers through multiparty computation.
In this sense, we will consider a subgroup of the Humanode network, which we will call the Collective Authority, whose objective is to generate the collective keys for homomorphic encryption and also verify the calculations performed by each peer.
In simple terms, the Collective Authority works as a trusted third party for key generation and verification but is also composed of several peers within the network.
During the Setup process, the Collective Authority is the one who defines generic parameters for the establishment of the cryptographic protocols [31].The security that this Collective Authority provides us is that each peer takes these generic parameters and locally generates its public and private keys, as we saw above.
Each user keeps her private key secured locally but sends the public key to the Collective Authority.After collecting the public keys from each user, the Collective Authority constructs a collective public key and distributes it back to all users [31].This collective public key is the one used to encrypt the feature vectors.
If a malicious user intercepts the public key in a traditional cryptosystem, obtaining the private key is computationally challenging.In our case, if the collective public key is intercepted, the perpetrator can't get the private keys, as she must know which partial element belongs to which peer.Thus we have an additional layer of security to the public-key cryptosystem, which we can call a lattice-based decentralized public-key cryptosystem.

IMPLEMENTATION
On November 2022, the Humanode live mainnet was publicly launched and materialized all the features described in this paper, making it the first crypto-biometric Sybil resistant fully operational blockchain network.
Humanode has successfully implemented a fully one human = one node = one vote that brings Sybil resistance and innovative governance models to the crypto industry using biometric technology.Humanode's Sybil defense is, as designed, fully cryptobiometricbased, meaning that there is no PoW or PoS consensus mechanisms involved.Humanode is the first network ever to deploy a consensus safeguarded purely by Proof-of-Uniqueness and Proof-of-Existence of human beings and by design all human nodes will be equal in terms of validation power.As of July 2023, there are 350 unique Humanodes from dozens of different countries securing the network and validating blocks.
On April 2023, the first Sybil Resistance biometric app, 'Bot-Basher', has been implemented on the Humanode network and the Discord messaging app.BotBasher for Discord is an application that has been created utilizing the Humanode private biometric verification technology, allowing Discord users to verify that their account is owned by a unique living human being, and allows Discord server operators to create Sybil-resistant channels, by limiting specified channels to verified human beings only.As the BotBasher for Discord works alongside other popular Discord applications, the servers will be able to provide their users with Sybil-resistant voting (1 user, 1 vote), Sybil-resistant whitelisting, Sybil-resistant airdrops, NFT mints etc.As of July 2023, BotBasher has onboarded 220,000 active real human Discord users, helping server managers to fight spam bots and airdrop farming machines, while enabling communities to distinguish between automated bot users to truly Sybil resistant unique live humans.

Figure 1 :
Figure 1: Representation of image as a grid of pixels ([17])

Figure 5 :Figure 6 :
Figure 5: Two vectors with 96% similarity based on the cosine of the angle between the vectors

Figure 7 :
Figure 7: Analysis types in liveness detection