World Foundation's proof of personhood system defended against an iris spoofing attack where users verified multiple times by pairing their left eye with someone else's right eye—exploiting uniqueness checks that operated on eye pairs rather than individuals. DC Builder, Research Engineer at World Foundation, explains the multimodal defense they deployed: continuous 3D heat mapping, time-of-flight sensors, anomaly detection models trained on contact lens datasets across manufacturers, and checks for glasses that alter iris patterns.
This represents one attack surface in a system protecting 38 million verified humans. World became Nvidia's largest security partner for Jetson NX embedded chips, filing more CVSS reports than any other customer after discovering edge cases from production deployment that Nvidia's internal teams hadn't encountered. DC's current focus: building Proofkit, a Noir backend optimized for client-side ZK proving on constrained mobile devices, because the 99th percentile of World's users operate phones with minimal memory and CPU headroom.
The technical architecture spans layers most Web3 teams never touch. Trusted execution environments and secure enclaves depend on vendor supply chains. Private keys etched into Orbs during manufacturing get destroyed after provisioning. Groth16 proofs require trusted setups from both PSE and World's own ceremony. Multiparty computation encrypts iris codes, but compromise would expose biometric-derived data. Open-source firmware on ejectable SD cards enables independent verification against GitHub repos—an auditability model DC walks through in detail.
Topics discussed:
Iris spoofing via eye permutation attacks: left-eye/right-eye combinations bypassing uniqueness checks
Multimodal biometric defense: 3D heat mapping, time-of-flight sensors, contact lens detection across manufacturers
Filing majority of Nvidia Jetson NX CVSS reports through production edge cases undiscovered internally
Building Proofkit: Noir backend optimized for ZK proving on memory-constrained Android devices at 99th percentile
Formal verification pipeline: automatic GNARC-to-Lean circuit extraction developed with RayLabs
Groth16 trusted setup dependencies: PSE ceremony plus World's own setup and associated compromise risks
MPC protocol security: encrypted iris codes and what exposure means for biometric-derived sensitive data
Hardware auditability: ejectable SD cards enabling firmware verification against open-source repositories
Supply chain trust model: secure enclave vendors, TEE implementations, manufacturing key provisioning
Attack surface inventory: hardware TEEs, Linux-based custom OS, biometric ML pipelines, MPC protocols, ZK circuits
