Interview with Privasea Founder: Post-Quantum Privacy Technology FHE and its ImHuman Application
Guest and Project Introduction
David: I am David Jiao, the founder and CEO of Privasea. I started my entrepreneurial journey in 2016, with my initial venture focused on AI, particularly in the area of autonomous driving, which is a mainstream innovative application of AI. From 2016 to 2020, I founded a company that made autonomous golf carts. We designed them in Sweden, manufactured in China, and gradually promoted them in the domestic market. That project managed to secure about $20 million in funding.
However, with the challenges posed by the 2020 pandemic, I stumbled into the cryptocurrency field by chance. At that time, some friends invited me to join a privacy computing project called NuLink, where I was hired as the CEO. I wasn’t the founder but joined as a salaried professional manager responsible for financing, product design, and growth strategies. NuLink’s main project was to create a network for proxy re-encryption (PRE), similar to what NuCypher does on Ethereum. We productized PRE’s functionality and deployed it across multiple blockchains, including Polkadot and BSC. Through this project, I gained extensive experience in cryptocurrency entrepreneurship.
By 2022, drawn by the allure of starting anew, I decided to leave that project and began exploring a venture combining AI and blockchain. During that period, I also delved into privacy computing technologies, specifically confidential computing. I assembled a team, which included university professors and PhDs, focusing on technologies like FHE (Fully Homomorphic Encryption) and MPC (Multi-Party Computation). We eventually leaned towards FHE due to its greater potential for growth, which led to the inception of the Privasea project.
In the early stages of Privasea, we integrated our initial FHE ideas into intellectual property through patents and secured early investment. However, in 2023, we decided to pivot as we observed the market starting to recognize the demand for FHE. Particularly, Privasea’s early application efforts led to us being recognized in the industry, included in Messari’s FHE sector report alongside companies like Inco, Fhenix, and Zama.
FHE technology requires significant computational power, so we designed a distributed computing network integrated with smart contracts to meet this need. This is one of the reasons we developed our privacy computing infrastructure. We created a protocol layer primarily to address the needs of privacy computing. Users can host their machine learning models on our distributed nodes and perform inferences with encrypted data. This differs from other computing power projects like IO Net and Akash, which focus more on large models or machine learning, while we concentrate on privacy computing.
After establishing the privacy computing infrastructure, we realized we needed to identify clear use cases. During this time, we observed the popularity of the Worldcoin project and also noted the privacy concerns it presented. Therefore, we developed an application called “ImHuman,” focused on verifying human identity. This application is part of decentralized identity verification (DID), particularly in the identity verification process before KYC. Our system does not store user facial data; it only performs Proof of Humanity (POH) comparisons through encryption during two verification instances.
Currently, the ImHuman application is live. Initially, we supported Solana, and now we also support multiple chains, such as Arbitrum. We have over 300k mintings and plan to expand further, building the Proof of Human ecosystem, with more applications set to join in the future. We have connected our PoH to Telegram, Gate Wallet, Easeflow, along with several other platforms, and there are 20 more projects in the pipeline for integration.
Overall, the Privasea project has two core development directions: one is our privacy computing infrastructure, and the other is our application, “ImHuman.” As user demand increases, we will continue to expand in both directions, promoting the broad application of privacy computing technology in the decentralized field.
The Role of Privasea in Project Airdrops
David: The initial purpose of our application was to achieve human verification. Human verification can be used not only to counter Sybil attacks but also to prevent bot attacks in various scenarios. For example, many decentralized applications, especially Web3 projects, increasingly need to ensure the authenticity of their users. My personal motivation stemmed from observations in Europe, where many friends using dating apps encountered numerous scams. Nowadays, these scams have become industrialized; initially, you might be chatting with a bot powered by something like GPT, and only when you reveal key information does a human take over. This scenario is very common.
Therefore, when developing the ImHuman application, we aimed to combat these bot operations through human verification. Our application will soon support a Telegram bot, which can perform anti-bot and anti-scam verification. For instance, when joining group chats or when someone asks you to unlock your phone, you can use this bot for facial verification to ensure the safety of the operation.
Of course, our application isn’t just for fighting bots and scams. It can also be used in Web3 for anti-Sybil attacks, but I believe that in the entire Web3 ecosystem, behaviors like “airdrop farming” have become an integral part of the industry, even making up a significant portion of project user bases. Many projects’ user numbers are largely composed of these “airdrop farmers,” which is why we can’t simply exclude these users. They are users too, just with different behaviors.
Thus, our application does not completely ban users with multiple accounts. Our design allows a user to register multiple accounts with one face. We don’t focus on the uniqueness of the face but ensure account authenticity through social account linkage and other methods. Our focus is on ensuring consistency of the face for an account, not its uniqueness. Through credit scoring formed by social connections, we can ensure that users’ multiple account behaviors remain within reasonable limits. This mechanism allows project owners to maintain a large user base without losing users due to stringent identity checks.
Regarding “airdrop farming,” our solution is flexible. We can set some restrictions, like requiring users to complete human verification within a certain timeframe. This means even if one person has multiple accounts, they must verify each one individually. These manual operations prevent users from registering large numbers of accounts instantly via scripts, limiting the scale of malicious behaviors.
Looking to the future, many projects are integrating our application. For instance, we are about to launch an ecosystem page based on Proof of Humanity, with many projects joining in.
Additionally, we collaborate with the Move ecosystem, writing the POH results back to the Move blockchain, so projects within the Move ecosystem can use our verification results. In Korea, we’ve been in contact with some healthcare applications that integrate our POH into users’ secure login processes. Similarly, node service platforms can use POH to verify user identity when selling nodes or distributing rewards.
In the future, DeFi and gaming projects will gradually integrate our API. Our business model is B2B2C, first partnering with B-end projects and then bringing C-end users into our ecosystem to complete the corresponding identity verification. This will help the entire Web3 ecosystem develop further, ensuring the authenticity of user identities and providing security for activities like airdrops.
For example, we have reached a strategic cooperation with Easeflow. Besides allowing our own Workheart node users to host stably on their platform, we will also integrate POH into their node hosting service, helping users to easily manage node hosting and claim rewards after completing human verification.
Difference between Privasea and Worldcoin, the Representative of POH, Amid Privacy Concerns
David: First, I’d like to clarify that our project doesn’t entirely fall within the traditional Proof of Humanity scope. It’s more akin to an identity-based system, which can be thought of as issuing a digital passport to users. Its foundational logic is to generate a unique digital identity for each user. Unlike some other projects, like Worldcoin’s approach, which collects user iris data through hardware devices and stores this data in their centralized database. This method has its risks because all data is stored in plain text. Each time a new user registers, they perform a comparison to see if the new data matches existing data, meaning they’re doing one-to-many comparisons.
After two years of accumulation, Worldcoin’s database has data from about 6 million users, which is a vast database and presents significant security risks. If this database were to be compromised, all these users’ iris data could be at risk of leakage.
In contrast to Worldcoin’s approach, we employ a different method. We do not store user facial data; all such sensitive information is kept by the users themselves. It’s like using a Web3 wallet; your assets are in your control. The wallet provider does not store your private key; assets are completely managed by the user. Our application, ImHuman, follows a similar principle.
In our system, the user’s private key is saved in a distributed manner. Specifically, we split the key into three parts: one part is stored on the user’s phone, another on a backup drive, and the third on our servers. Only when all three parts are present can the user decrypt their identity data. This means the user’s identity information, as their digital asset, is entirely protected by themselves. As long as users remember their username and password, their identity information can remain safely stored in a decentralized environment, virtually immune to attacks.
I should also mention that we use FHE technology, which is a post-quantum technology; even future quantum computers cannot break this encryption. This makes our system highly secure and very different from other systems. We solely focus on comparing identity information, not issuing actual digital passports. For example, with Worldcoin’s passport, if you lose it or switch devices, you need to scan your iris again to retrieve the passport, which can be quite cumbersome.
Our solution is entirely online, focusing solely on verifying human identity, without issuing a digital passport. We have a clear distinction from traditional DID projects. Worldcoin focuses more on issuing an ID to every person globally, with its business logic aiming to distribute income globally through Universal Basic Income (UBI), whereas our project is more focused on nuanced application scenarios within the Web3 ecosystem, differing significantly both technically and commercially.
Why Privacy and POH Will Become Increasingly Important in the Gen AI Era
David: From my perspective, user identity information is extremely sensitive; it should not be casually collected or traded. This is my belief because once you collect this information, you are responsible for its security and must consider how to store it permanently. This is actually a very challenging task. Many projects might start off well, but if they go bankrupt or their funding chain breaks, they face problems. If a project cannot survive in the long term, what happens to the user’s identity information? This information remains valuable even after a user’s demise and should not be stored long-term on some third party’s server.
We believe that the core principle of Web3 is to let users control and manage their own assets. This includes not just digital currencies but also identity information and biometric data. I hope users can manage this data themselves, just as they manage their digital assets. This is why the concept of “self-sovereignty” resonates deeply within the Web3 community. As long as users remember their private keys, no matter what third-party projects do, it won’t affect the users’ control over their own data.
Our FHE technology is also aimed at achieving this goal. Compared to technologies like TEE (Trusted Execution Environment) or MPC, FHE is the most suitable for long-term data storage encryption. It ensures that data remains encrypted throughout its entire lifecycle without the need for decryption. Technologies like TEE require decryption before computation and then re-encryption, introducing potential risks because you cannot fully trust third-party computing entities to not leak your data.
The advantage of FHE is that all computations are done in an encrypted environment, and only the user can decrypt the original data and computation results. This resolves security concerns throughout the entire chain, achieving true end-to-end encryption. Throughout the process, we do not need any decryption operations; data remains in an encrypted state, making our system very secure and reliable.
Privasea’s Ecosystem Plan and Use Cases, Recently Launched a 10% Airdrop Plan, How to Participate
David: Regarding our 10% airdrop plan, I’d like to explain it in detail. This plan covers all Solana users from the first season, where Solana users enjoyed a more favorable ratio. Starting from the second season, we aim to attract more users. The focus this season is to closely integrate our system with the EVM ecosystem because EVM is a vast ecosystem with numerous on-chain and off-chain users.
Participating in the airdrop is very straightforward. Users just need to register and generate an NFT, after which they can engage in various interactions within our entire Proof of Humanity ecosystem. Moving forward, we will collaborate with OKX Wallet, Gate.io, as well as various other wallets and blockchains. These applications will host activities where users can complete certain services through POH to verify their identity.
The participation process is very intuitive and cost-free. You only need to verify your identity during the initial registration. Subsequent interactions won’t incur additional costs. For example, some users operating nodes must verify their identity through POH before claiming rewards to ensure their addresses are correct, allowing them to receive mining rewards. For these users, identity verification is a necessary step.
We will return the verification results to both the users and the project parties, which is akin to educating users on how to use POH within the ecosystem. At each stage, through POH verification, we ensure the protection of users’ rights. Simultaneously, we airdrop 10% of the tokens to users who complete the verification as a reward. In the future, we will continue to drive growth, continually allowing users to benefit from verification.
Particularly with the upcoming integration of our Telegram bot, users can complete POH verification through it. We will also expand to other social networks like Discord, Reddit, Line, etc. These platforms will integrate our verification process, allowing users to verify the authenticity of others more effectively across various social networks.
Ultimately, we hope that users can reduce the risk of being scammed in every interaction through our verification tools, protecting their assets and personal information. This is the initial intention behind developing the ImHuman application, ensuring users can achieve real protection in practical scenarios.
Open Discussion
David: I’d like to add that Privasea is not just an application company; we also have our own network. We are about to launch the second version (V2) of our testnet soon. In fact, this January we already launched the first version of our testnet (V1), which could run four to five basic models, like models for breast cancer prediction and scam email filtering. These models are data analysis models integrated with FHE. We provide an open dataset for users to test these models themselves.
In the upcoming V2 testnet, we will do a lot more work, especially in terms of graphical presentation and data analysis features. We will introduce some more tangible functionalities, allowing users to apply data more conveniently in a privacy-preserving environment. In the future, we will further expand these application scenarios.
Additionally, the mainnet version of our testnet will also be launched this year, at which point we will deploy the entire protocol, allowing users to truly perform privacy computing through our network. Especially those early buyers of nodes will be able to start mining. Our first batch of nodes has sold out, and there will be more platforms continuing to offer node sales.
Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish
