Unique ID generation for every harmony one wallet address created

Name of Project

Harmony chrome extension anti-fraud anti-spamming wallet

Proposal overview

Introduction

Imagine a country with the following immigration policy

• Everyone can get in and out as they please -everyone in web3 can get in and out as they please.
• Everyone can create multiple identities -everyone in blockchain can create multiple wallets and have multiple anonymous identities.
• There are rules but it’s very difficult to persecute those who break them – bad actors in the blockchain ecosystem get away with fraud and there is no way of purging them.

This has been the current state of web3 in the past few years and sadly this has motivated a lot of bad actors to start using blockchain for committing fraudulent transactions or at least preventing good actors from carrying out normal transactions (e.g., The latest spam attacks on the harmony network)

NB
please replace confirm wallet with confirming wallet address ( we need to verify addresses not wallets)

THE PROBLEM

In 2021 alone over $14 billion has been lost in crypto scams, people do this is by creating multiple anonymous addresses. the ability to create new addresses has made people very careless because they can easily escape any consequences of their actions(Mackanzie Sigalos, 2022).

Bad actors can also easily spam networks is by creating multiple wallets and sending thousands of multiple small transactions hence clogging the network. This has happened to multiple L2 blockchains and Solana because of low transaction costs in these networks.

Other methods of scamming include people creating multiple virtual accounts and voting for each other, also giving themselves work in projects e.g., the Freeyala scandal where the leader has had two identities one as a man and the other as a woman, by using multiple identities she was able to move resources and funds to her personal projects. (Freeyala, 2022)

Harmony will be a cross-chain platform soon, this means that harmony wallets can easily be used by scammers to move money across networks. Vitalink thinks its why the future is multi-chain and not cross-chain, the inherent security issues with moving tokens cross-chain (Vitalik Buterin, 2022)

SOLUTIONS IMPLEMENTED TO SOLVE THESE PROBLEMS

Both Solana and Harmony have increased the transaction costs to make It expensive for people to scam the network, it’s a temporary solution since for blockchain to get mass adoption the cost of the transaction has to be small.

Short term solutions implemented by harmony

• p2p peers blacklist and whitelist feature – this might work if someone cannot create another wallet easily but, currently everyone can create an unlimited number of wallets.
• Signing rate dropping – it’s making using of the network almost unbearable considering how smooth the site has always been.

Solana Case study

In September 2021, Solana network faced a DDOS attack for over 17 hours which reduced the token price from $220 to $140.

What if someone wants to hack harmony again?

It now costs 0.00075 0ne to send one transaction that is (0.00075* $0.3417) = $0.000256 dollars for every transaction. Imagine a big whale wants to stall the network for a full day sending 1500 transactions every second, it would only cost him ($0.000256 * 86400 *1500) = that is $33, 313.23. after stalling the network users get pissed off and decide to sell their tokens like what happened in Solana and ONE token reduces by 50% to $0.179. This reduction in price makes the whale purchase one million tokens for $170 000, but, since harmony is a great network offering great services the price of tokens will get back to their original value of 0.34(Coinmarketcap.com, 2022) after some time. That’s over 70% return on investment if he decided to sell his whole portfolio.

How harmony works

Below is a simplified description of how the harmony network works

harmony906×515 24.4 KB

After a user signs in using his wallet address, every transaction he/she sends goes to the leader node, the leader node sends the transactions to the validator nodes. After the validator nodes and leader reach consensus the block is confirmed and added to the blockchain (Harmony.one, 2022).

The design of the blockchain makes it easy to scale the blockchain, it also assumes that everyone with One wallet is a good actor and will send valid and valuable transactions to the leader for an announcement. Of course, this has not been the case, both good and bad actors can create wallets. The problem is bad actors have multiple wallets and they consciously decide to stall the network by sending spam transactions.

OUR PROPOSED SOLUTION

Prevention is better than cure, it’s very difficult for a country to control crime once criminals are in the country than when they are outside. Criminals inside the country (harmony network) can also cause more damage (the recent 10-hour outage). We are proposing creating passports for harmony users to access the network. The passports will be wallets with different types of authorizations and access, this will prevent spamming and fraudulent users from accessing the network.

There are people with multiple wallets who don’t get to use all of them, there are also people with multiple harmony wallets who use them for good purposes e.g., gaming, staking, etc. there are others with multiple wallets who use them to send spam and defraud other harmony users. We need to find ways of separating these types of users.

Blockchain networks need to know which users have multiple wallets; wallets were used to flood the network with spam traffic (Post-mortem, 2022). Eclipse and Sybil attacks are hard to defend against because of the ability of individuals to create unlimited wallets, there are two ways to solve this; one is by implementing proof of work in ID generation with real-world costs (technically impossible for harmony), the second one is accepting signing in IDs from a central trusted authority (what we are trying to build) (Libp2p.io, 2022)

To prevent people from creating multiple wallets which can be used to commit fraudulent transactions and send spam transactions., we will add a confirm wallet button, which after they click, they will be redirected to face ID, using face App, a key is created from there selfie a stored in the blockchain when trying to open another One wallet, the user will be asked to verify it and if the key created has a similarity index of more than 99%, he/she won’t be allowed to have full harmony features unless he contacts admin.

fac ID943×475 4.22 KB

Technical part

T1880×481 7.61 KB

Users will be allowed to install and create wallets, to send transactions to the leader node they have to confirm their wallets. After pressing the confirm wallet button, their webcam/phone camera opens up and detects the face, we perform a liveness check then pass the image to the Facenet model which creates a 128vector ID based on the facial features. We hash the 128 vector ID and store the hash ID and the wallet address in the blockchain.
Liveness check
We have tested this open-source model for liveness checking and it’s working well, (Prabhat, 2021), it protects against;
a) Print photo attacks – printing someone else photos to bypass facial recognition
b) Mobile photo attacks – using someone else photos to create wallets.
c) Replay attacks – using someone else videos to create wallet addresses
d) Photo mask attack – using a 3D face mask using other peoples to create wallets.
e) 3D mask attacks – wearing 3D facemasks to bypass the facial recognition software
Face analysis
We are going to implement Facenet, it’s an open-source model that converts facial features into 128 vector ID, Facenet models are usually 99.2-99.63% accurate (Geeksforgeeks.org, 2021)
Hashing
Using the 128 vector ID generated, we will hash the results and create a unique key for that wallet address, that unique ID will be stored inside the desktop (like a private key). We will write a function every time a user wants to perform a transaction, both his private and this unique key are called, if the unique key does not exist the transaction is invalidated. and thus, won’t be pushed to the leader node.
Blockchain storage
This unique identifier will be copied in the blockchain network, and by searching the unique identifiers in the blockchain you can easily see people who have multiple wallets. In the whole eco-systems.
Real case study
Imagine someone wants to transfer tokens from one wallet to another this is what normally happens

T2863×427 2.37 KB

To process the transfer, the private key function has to be called and confirmed for the transaction to go through to the leader node.
The unique Key created using the face ID will change the way all transactions are handled, this is how it will happen

T3867×464 2.77 KB

When someone wants to transfer tokens, after the private key is confirmed, we call the function to check the unique key after it has been confirmed transactions are pushed to the leader node.

Benefits to Harmonauts

• Reduced cases of fraud – everyone with one wallet will have to be validated as a real person. Users with multiple wallets will be recorded to prevent them from conducting fraudulent transactions using one wallet and shifting to other wallets
• Help in getting the right people in the community- for fraudsters to successfully bypass the system, they will have to register using multiple faces, since everyone has one face it’s going to be difficult to get someone else to sell their face ID online.
• Reduced cases of spam attacks, we can reduce the number of transactions unconfirmed wallets can perform.
• Encourage people to behave ethically since they can be banned from the network if they participate in fraudulent transactions.
• Add another extra functionality where confirmed users can easily access admin support (to prevent them from asking in telegram which puts them at more risk of being scammed)

Benefit to the blockchain community

Security has been a major concern in the blockchain community, this has hindered its adoption in mainstream society. Improving cross-chain security will be a step in protecting users from fraudsters and bad actors, our long-term goal is to create an API that blockchain networks will be using to verify users and check how many accounts a wallet has in cases of fraud in order to combat crime across chains

Short term effects on the network

1. Reduced numbers of wallet addresses created – wallet addresses will be useless unless verified.
2. Reduced numbers of transactions in the network – only verified addresses will be able to send transactions to leader nodes.

Long term effects on the network

1. Getting quality builders into the network – people who are really interested in creating and not scamming other people
2. One wallet address becoming the Gold standard in the blockchain community because of its safety
3. Businesses who want to implement blockchain solutions come to harmony because it’s safer compared to all the other blockchain networks full of scammers.
4. Increased rates of transactions- businesses usually generate lots of transactions every second, getting them to adopt harmony as the first priority because of security will be great.
5. Increased wealth in the community -the One token will rise because we are providing value to existing businesses, validators and community members will earn more money by staking.

Proposal ask

[5OK launch grant according to the rules]

Metrics for success

Activities
 add the facial recognition system into the harmony extension wallet (completed from the test net launch).
 Test the system with 1000 users.
 Improve the wallet to make it simpler for beginners (there is a lot of negative reviews in the harmony chrome extension wallet)
Add a chat functionality for confirmed users
Limit the functionality of unconfirmed users.
Metrics
A fully functional user-friendly improved harmony wallet with added security and privacy. Within four months.
Improving the security of the harmony network by reducing instances of spamming attacks.
FAQ
what about users’ privacy?
we are going to implement ZKrollups in partnership with ZKU so that no one gets to have a copy of your image( its why we are reluctant to use Webauth0)
What are your long-term goals?
getting all wallets to adopt this so we can have a decentralized place where people who perform fraudulent transactions can be tracked. For example, a recent rug pull in Solana, these people must have multiple wallets in which they deposited their stolen money, if they are in different networks it is going to be difficult to recover unless we can associate wallets with its owners (Jason Nelson, 2022)

NB
 We tried running the harmony wallet so that we integrate the additional feature, we got some errors and had to build our own extension. the video shows an implementation using our own extension. We are working on using the real harmony chrome extension wallet
 Participated in the University Hackathon.

External links

Project overview, The solutions to multiple wallets. - YouTube

Fasika Zelaleam, (2022), Solana suffers another reported DDOS, Solana suffers yet another reported DDoS attack

Coinmarketcap.com, (2022), harmony, Harmony price today, ONE to USD live, marketcap and chart | CoinMarketCap

Freeyala, (2022), on Sarah, freya, and Zlyah, On Sarah, Freya and Zylar - Google Docs

Vitalik Buterin, (2022), why the future is multi-chain and not cross-chain, vbuterin comments on [AMA] We are the EF's Research Team (Pt. 7: 07 January, 2022)

Mackenzie Sigalos, (2022), crypto scammers took a record of $14 billion, https://www.cnbc.com/2022/01/06/crypto-scammers-took-a-record-14-billion-in-2021-chainalysis.html#:~:text=Losses%20from%20crypto-related%20crime,were%20taken%20from%20DeFi%20protocols.
Jason Nelson, (2022), Solana NFT Project Rug Pulls Investors for $1.3M—Despite Civic 'Verification' - Decrypt

Postmortem, (2022), January network outage, Postmortem: January Network Outage

Libp2p.io, (2022), security considerations, Security Considerations :: libp2p Documentation

Harmony.one, (2022), whitepaper, https://harmony.one/whitepaper.pdf

Prabhat, (2021), face liveness detection via OpenCV and TensorFlow, Face Liveness Detection via OpenCV and Tensorflow - KickerTech

Geeksforgeeks.org, (2021), face net -using facial recognition technology, FaceNet - Using Facial Recognition System - GeeksforGeeksPreformatted text``Preformatted text``Preformatted text``Preformatted text``Preformatted text``Preformatted text``Preformatted text

Johnashu, (2022) https://github.com/harmony-one/harmony/issues/3979

Wow! Its huge initiative Bro!
The proposal so details and comprehensive, give a great solution in the same time.
Good Luck Bro!

thank you, the only way blockchain is going to get massive adoption is by improving on the security of networks, By implementing AI, it will be a major step forward

Great Idea, good luck

thank you, we need to test out other possible solutions, By increasing TPS bad actors can still hack if they find it profitable. By increasing gas fees it will push users away

Good initiative and a detailed proposal to solve a real world problem. All the best and I hope it gets funded

Assuming you find some way to deterministically hash a face into an ID. How do you expect users to literally scan their faces and store it on chain just to create a wallet?

thank you, Paul, online fraud and network spamming are only going to get worse if we don’t do something about it.

hello, there is a way to hash a face ID its what actually happens in smartphones. When someone signs up using face auth, the facial recognition model creates a mathematical model based on facial features then stores it in the phone, whenever someone wants to log in the Face recognition model will create a similar model which will prove its the owner thus opening the phone.
on the second question, people will do it for their own benefit and the whole community at large, remember the 17-hour outage, it must have cost the Harmony community millions of dollars in net value generated. if you ask me its a small price to pay compared to another spam attack

The reason the network went down was not because of transaction spamming, it was spamming of the P2P on the protocol layer which is free.The network never went down due to transaction spamming, it just slowed block times and overloaded the official Harmony RPC’s which is the reason for the gasPrice increase.

The proposal as is not seem feasible and also against free autonomy in which crypto is based, I don’t believe that anyone should have to provide any sort of information about themselves to use the network nor would you be able to force anyone to use this without coercion from a protocol level as there are dozens of wallet options, along with web3 implementations to interact with the chain without verification.

hello, thanks for your comment, we will correct it if it seems that we attribute the spam traffic to the reason the network went down. that’s why we did what if someone hacks harmony again. It outlines that someone needs to slow down the network by sending 1500TPS which will make the whole network lag.

On your second point, harmony is building a blockchain for 10billion people(which means mainstream society). I think this is going to be a major selling point for harmony in mainstream society because it will show harmony cares about its users.
We will be collecting a mathematical model of the facial features which cant be reconfigured to faces so the privacy of the users is guarranted

please fix the spelling error …Vitalik Buterin respect the name …thanks
I think your ideas are very far reaching and wish you success

in place of a mathematical model, any chance you plan to use zk proof to prove face features? i.e. a circuit to somehow validate face features, then turn into zero-knowledge proof before uploading to validate? I’m just really thinking out loud here… as a user the pure face that facial features cannot be reconfigured to faces but I’m still uploading the actual face features to your app could be concerning

haha okay, done! what did you think about the idea?

yes, we are actively researching Machine learning ZKP, il reach out to you @socathie (i was part of ZKU university, I watch the lectures ). il reach out to ZKU for this, ensuring user’s privacy is guaranteed is very important (its why we have refrained from using webauth0).

I second Mlotis. Far from the free spirit and iteration of what most users desire or demand. And enforcement/coercion? Impractical at best.

users will be guaranteed privacy which we will implement using ZK rollup. security and privacy are basic needs. if we can promise that to businesses then scaling to 10 billion users will be easy, we also have very few alternatives tbh

I really like the idea, at last security is really important factor for technology. Nowdays kyc service provider also introduced face Id so why not blockchain .

thank you, and the better thing is that unlike KYCs we won’t store your images since we will implement ZK rollup

I am quite afraid of the use of AI for KYC. Face models usually rely on CNNs to extract features and some kind of siamese networks or something like that in order to ID the user.

There are hundreds of works on how changing some specific pixel combination confuses the hell out of the model. (e.g. Adversarial Machine Learning Applied to Intrusion and Malware Scenarios: A Systematic Review | IEEE Journals & Magazine | IEEE Xplore)

Using it on an iPhone is ok. The phone can do a liveness check before allowing the image to go through the recognition model. Another thing that makes it sort of secure for smartphones is the fact that you need physical access to the device.

On a blockchain that would not be the case. The incentives to make a good adversarial attack on the AI would be immense, as it would allow for attackers to bypass completely the KYC, putting the burden only on the real users.

and I also don’t like the idea of forcing Hamony’s users to have a camera. I don’t have a camera on my pc, my cellphone camera is broke. I’d need to buy a camera just to make sure I can use the blockchain?