Worldcoin
Download PDFWorld FAQs

Advancing Decentralization

How to decentralize the World network and minimize central points of failure.

Introduction

World is a protocol, not a company. This makes decentralization an axiomatic end goal.

If World is to become critical, global-scale infrastructure, it must not—and cannot —be controlled by a single organization or small number of contributors. In that case, the political and economic pressures placed on any single entity would likely be too high: the network would either be corrupted or collapse entirely.

By contrast, decentralization of the World protocol so that it is sustained by a community with dozens, hundreds, or even more independent organizations that use and support the protocol, will enable the network to scale to billions of people while increasing utility and preventing fraud.

In the blockchain community, decentralization often refers to core infrastructure properties like transparency, verifiability, and permissionless access—conferring the network the ability to recover from local participant failures. Additionally, decentralization requires many independent participants to have a sustainable economic interest (e.g. a stake) in maintaining the infrastructure. Those properties are all important for World to function as a true public good. They are also important for adoption and continuous improvement of the protocol by application developers building on the protocol. Without them, the network cannot scale and it cannot be sustainable—that means failing its promise of becoming a trusted, global utility.

Because World is a complex system with multiple technologies that operate together, World Foundation has defined a series of critical use cases and tests to evaluate the stage of decentralization that has been achieved for those use cases.

This whitepaper explores avenues for decentralization of various components of World protocol, including software, hardware and governance.

Basic World Protocol Glossary

The Orb: The Orb is a verification device which takes pictures of a person, uses on-device analysis to determine that the person is a real, live human, and generates a privacy-preserving enrollment code that can be used to determine if they’ve previously enrolled—and therefore, whether they are unique. This enables the creation of a “Proof of Human,” perhaps the most important new property enabled by the World Protocol.

Relying Party: At its core, the World protocol allows applications to request a user-generated proof (such as Proof of Human, to confirm that they are a verified, unique human). The application requesting a proof is known as the “Relying Party.” The Relying Party is often an application on the user’s phone, a web application, or a smart contract.

World ID : World ID is a privacy-preserving digital ID. Discrete, unlinkable statements about the user can be generated with a secret value held only by the user—these are known as “Proofs”. Proof of Human, as an example, ensures that each human can only have a single “Verified World ID”. The World ID can also be used with other credentials to produce other proofs, such as Proof of Age, or Proof of Citizenship. An important property of the World ID is that proofs provided to two different Relying Parties cannot be linked together unless the user wants to do so.

Credential and Credential Issuer: World ID Proofs are generated using information from a credential. Every credential is produced and cryptographically signed by an issuer. For example, the World Foundation authorizes Orbs to produce the credential that is central to generating the Proof of Human, so the Orb credentials and Proof of Human are issued by the World Foundation.

Authenticator: The “World ID Authenticator” is software authorized by the user to generate World ID proofs. The authenticator may be a single purpose application, but it is more often provided as part of a larger application with other functionality. For example, the World App includes a World ID Authenticator while also bundling financial products and a mini-app ecosystem that extends functionality. Users may have multiple authenticators.

User Agent: Where the authenticator is bundled with other application functionality, it may be referred to as a User Agent. These User Agents may support a wide set of capabilities, as with the previously mentioned World App, or they may be an application with a specific purpose (for example, an application accessing a specific social media service, a gaming client, or an application to purchase concert tickets). User Agents may not necessarily run on a device that is controlled by the user – for example, “AI User Agents” are likely to run on infrastructure provided by an AI provider. As AI capabilities advance, we expect that humans may want to delegate the use of their World ID for certain purposes by providing the AI Agent with an Authenticator.

WLD / Worldcoin: A token governed by the World Foundation that will be used to pay for fees in the World Network such as the World ID Fees.

Tests to Evaluate Technical Decentralization

Progress in decentralizing the protocol can be measured with three major test cases:

  1. Test 1 – Permissionless Market Launch: Any operator can introduce the protocol to users in a new market without any dependency on any one (other) party.
  2. Test 2 – Protocol Use by Relying Party: Any relying party can use the protocol without dependency on any one (other) party.
  3. Test 3 – Enhancing the Protocol by Issuer: Any issuer can enhance the protocol with new credentials and proofs (including uniqueness modalities) without dependency on any one (other) party.

To further quantify progress, we defined decentralization stages for each of these test cases.

Test 1: Permissionless Market Launch

Much of the global population lives in areas that World Foundation and its existing contributors, such as Tools for Humanity (TFH), cannot directly service due to isolation, regulatory complexity, or mistrust. To allow these people to use the protocol, other parties must be able to provide access without needing World Foundation’s support or permission.

The use case: An individual within a new market should be able to go through the verification process (install a World Network-enabled wallet application, verify at an Orb) and then provide proof of human (PoH) without receiving World Foundation’s permission or using any technology controlled by World Foundation.

  1. Current: World Foundation governs the development and operation of PoH verification devices (Orbs) and wallets. These wallets use World Foundation authorized or managed backend systems.
  2. Stage 1: World Foundation-managed operation of verification devices will transition to Independent, arms-length operations using TFH/World Foundation front/backend systems.
  3. Stage 2: Stage 1 is achieved, and independent operations can be conducted without direct reliance on World Foundation managed or operated backend systems.
  4. Stage 3: Stage 2 is achieved, and there are multiple World-enabled wallets that can request WLD airdrops from World Foundation.
  5. Stage 4: Both Orb and wallet are provided by multiple parties. Airdrops are managed via smart contracts that are immutable or under decentralized governance.

Achieving Stage 4 will require technical changes to the World protocol, operations and governance. Some of these changes are already underway.

Test 2: Protocol Use by a Relying Party

Many enterprises and large applications hesitate to adopt a protocol that requires third-party permission, especially when long-term business interests may not align.

The use case: Any application or service provider that would like to leverage World Network and proof of human as a relying party should be able to deploy all parts of the technology stack for user enrollment, credential issuance and management, and proof verification without permission from or support of World Foundation (or any other third party). People who have a verified proof of human—originally issued for one relying party—should also be able to use the credential with other relying parties, such as the WLD airdrop highlighted in Test 1.

  1. Current: To prevent phishing and namespace collisions, applications and Mini Apps require a developer account overseen by Tools for Humanity. Users must have World App installed and use a World Foundation-authorized Orb to verify and generate their Proof of Human.
  2. Stage 1: Using a decentralized mechanism, developers can release apps that can request proofs from World App without needing a developer account or reduced trust.
  3. Stage 2: Stage 1 is achieved, multiple User Agents with World ID capable authenticators are connected to the World Network, including ones that are not developed by TFH or World Foundation. So a relying party can request and/or generate proofs without use of any User Agent managed by World Foundation or TFH.
  4. Stage 3: Stage 2 is achieved, and a relying party can deploy their full use case from user enrollment to credential issuance, proof generation and verification by the relying party without any dependency on World Foundation-managed technology or infrastructure.
  5. Stage 4: Stage 3 is achieved, and World Foundation authorization or support are not required for interoperability. Relying parties can independently assess third-party World-enabled applications and verification devices to determine whether they are trustworthy.

Achieving Stage 4 will require technical changes to the World Network protocol, operations and governance. Some of these changes are already underway.

Test 3: Credential integration with the protocol

Today’s digital identity infrastructure is fragmented and inefficient. Many discussions with potential relying parties (e.g., governments, identity companies, hardware manufacturers, etc.) are about enhancing the protocol to connect World Network to existing identity infrastructure and systems. World Network can provide a global, privacy-preserving way for users to manage and present credentials when using digital services online. Currently, only World Foundation and Tools for Humanity (via World App) can create a new credential that integrates with World ID.

The use case: Any credential provider can offer a new credential that can be integrated with World ID to be presented by the World ID user directly to relying parties or through privacy-preserving zero-knowledge proof (ZKP) attestations. This requires no permission from World Foundation (or any other party), and relying parties are able to use these credentials to enhance their services.

This enables the existence of a rich ecosystem of potential third-party credentials and proofs that can enhance the protocol.

  1. Current: Multiple credentials (Orb, NFC-enabled identity document, and device uniqueness) exist within World App.
  2. Stage 1: Credential formats are publicly documented. New credentials and ZKP attestations can be added by third parties with permission of World Foundation.
  3. Stage 2: User-controlled API for managing 3rd party credentials/attestations in World App (and other authenticators).
  4. Stage 3: Third-party unique credentials can be permissionlessly introduced using AMPC-based uniqueness services.
  5. Stage 4: World ID fees are deployed: relying parties pay credential issuers and the protocol to create a sustainable economic model for the protocol.

Achieving Stage 4 will require technical changes to the World Network protocol, operations and governance. Some of these changes are already underway.

Technical Roadmap for Decentralization

The following sections outline several different areas of World—User Agents (e.g., World App), verification hardware (e.g., Orbs), hardware operations, protocol, and governance—and how they can be improved through decentralization. The optimal mechanisms to increase decentralization may evolve over time, and suggestions for improvements are welcome.

User Agent

World App was the first application designed to work with the World Network, and it consists of three primary components:

  1. An authenticator that manages the user’s identity on the network and provides proofs to relying parties.
  2. A self-custody wallet that provides access to the financial functionality within World App.
  3. A miniapp platform that allows Third-Party applications to be deployed within the World App.

World App was launched as the first user agent to support World Network, enabling people to verify their World ID at an Orb and interact with relying parties. World ID is already available through the IDkit and Minikit (see developer portal), so any developer who wants to use Sybil protection in their application can connect to World Network via World App.

While currently users must first download World App to interact with the World Network, World Foundation is encouraging the development of other applications that connect to World Network. These applications are called User Agents, and, like World App, they connect to the network as an authenticator. World Network is designed so that any developer will be able to build their own user agent without requiring permission from World Foundation or any other contributor to the World project.

Research is currently underway to develop Authenticator SDKs that will make it easy for any application to connect directly to World Network while still serving the high level of privacy and security required by relying parties. This gives the user more choice of which user agent to use.

Enabling Decentralized Trust

There should be multiple user agents for people to choose from at the time of verification at an Orb, or when using World ID to provide a proof to a relying party. To enable a diverse range of trustworthy user agents, Tools for Humanity is currently working to improve the following components:

Integrity Services

Relying parties must be able to evaluate the authenticator environment that provides World ID proofs to determine whether they can trust the integrity of the provided proof. The World ID zero-knowledge proof itself is independent of the authenticator, however, additional security features (e.g., World ID Face Auth) require verifying the integrity of the User Agent and its authenticator. This is the result of privacy requirements which encourage local computation on the user’s phone. While local computation could potentially be secured through zero-knowledge proofs and the Orb’s image is signed, additional credential sources (including objects like a second input image taken through the user phone’s camera) may not maintain a similar level of data integrity. Until manufacturers begin attaching hardware attestations to those images, comparison to an image from the phone’s camera fully relies on trusting the integrity of the phone’s hardware and software. Thankfully, OS-level attestations already exist on an app level (e.g., Apple App Attest or Google Play Integrity) and can be used as a lower level integrity assurance signal. The verification of those can be handled by services that sign off on individual requests and enhance trust.

World ID Authenticator Kit (previously referred to as Wallet Kit)

World App already contains all the logic for handling an Orb verification and using World ID to generate and submit proofs (such as when receiving WLD grants). This process can be made simpler and quicker for new teams building their own applications. Authenticator Kit will handle the connection with the Orb and establish the privileged execution environment on the phone through the integrity services. Importantly, it should also contain a mobile-optimized proof-generation library.

Verification Devices

In the context of World, specialized verification devices (Orbs) enable the verification of humanness and the issuance of World IDs. There are several ways to make Orbs more transparent, verifiable and accessible. Increasing transparency and verifiability of the Orb’s functionality can help align the incentives of manufacturers not to be malicious. Furthermore, letting anyone develop alternative Orbs democratizes the solution space and accelerates decentralization.

The following sections walk through different milestones that can contribute to the robustness of Orb infrastructure.

Core Orb Engineering open source

To allow Orb functionality to be verifiable by the public and enable anyone to build their own Orb, the firmware and hardware have been made open source.

Hardware Source-Available

Today, hardware components that aren’t security critical (e.g., tamper detection and security board) have been made publicly available. Eventually, as much as possible should be made publicly available, but it is unclear whether publishing all Orb components is desirable given the security considerations described in the next section. There should be a continuous evaluation of which sensitive components can be made open source.

Core Firmware Components Are Open Source

Publishing core firmware components makes the functionality of the Orb more transparent and is a requirement to achieve verifiable Orb provenance and firmware. Therefore, a large part of the firmware of the Orb has been open-sourced.

Making these core components open source enables others to understand the functionality of the Orb in more detail and build alternative Orb firmware implementations. Potential vulnerabilities can be submitted through a public bounty program.

Given no hardware device can be perfectly secured, other sensitive components (like spoof-prevention algorithms and fraud models) that may pose a direct integrity or security risk to the ecosystem if exposed will likely not be made open source. Importantly, World doesn’t need to rely on perfect hardware security when complemented with mechanisms like auditing of Orb operations. To reduce trust requirements on non-open-source parts of the code, the open-source code defines software “sandboxes” for some closed-source components. For example, consider a closed-source fraud-detection module that ingests biometric data. The open-source code that interfaces with this module can provide strong evidence that the closed-source code cannot save/upload any biometric data.

Enabling Decentralized Trust

In a decentralized World Network, relying parties have access to the information they need in order to assess the trustworthiness of any credentials or proofs they verify. Orbs are one of the most important roots of trust for credentials in the network and must meet exceptional standards for trustworthiness. To ensure the integrity of the network and reduce trust in provisioning, Orbs should fulfill certain requirements (see Secure Provisioning Standard). However, no provably secure hardware exists, and certain points of trust remain as described in Orb Provenance Verification. Importantly, World Network doesn’t rely on perfectly secure hardware, and audit logging and in-person auditing of Orb locations can help decrease incentives for malicious actors.

The following technologies are currently being improved to help reduce trust assumptions; they provide relying parties and the broader community with the ability to evaluate the trustworthiness of any verification device.

On-chain Orb Registry

The “Orb Registry” refers to the set of active Orbs currently endorsed by World Foundation. If an entity’s process can be sufficiently trusted (e.g., by implementing a secure provisioning standard and conducting regular audits), the insertion of public keys from that entity in the Orb registry could be delegated to that entity. To limit the harm caused by a malicious Orb, World IDs registered with different Orb manufacturers (and ideally with different Orbs) should be distinguishable from each other. This makes it possible for the ecosystem to respond to (inevitable) attacks by removing individual Orb manufacturers, and perhaps even individual Orbs, from the whitelist on demand. Optionally, World IDs associated with fraudulent Orbs could be revoked. This information can be private and only stored on the World ID holder's device as long as it is provable on demand. If anyone were mistakenly affected by such action, they could re-verify through an active Orb. As a last resort, disagreement in the set of trusted provisioning entities could be resolved by forking the protocol and adding or removing provisioning entities.

Secure Provisioning Standard

“Secure provisioning” refers to the process of setting up the cryptographic keys of an Orb. One part of such a standard could, for example, specify that only certain approved secure element models can be used and require proofs of authenticity from each secure element (via die-unique certificates signed by the secure element vendor) to be reported alongside the public keys. Orbs generated by this process can then be considered securely provisioned.

Today, a secure provisioning process is in place that involves generating private keys on a secure element as well as burning secrets generated on an air-gapped machine connected to a hardware security module into private fuses (only accessible by TrustZone applets). These secrets are derived using a NIST-SP-800-108 KDF algorithm into two keys transmitted to the backend used for future device attestation, and then are immediately destroyed. The original key material only exists in the restricted fuse banks on the NVIDIA Jetson and within the secure element. Continual auditing of the process can help maintain a high security bar.

Auditing of Orb Operations

Auditing operations can help detect malicious operators and malicious Orbs, thereby disincentivizing malicious behavior. No entity in World Network should have to be trusted. Therefore, all operations need to be audited in a distributed manner.

One primary concern is someone being able to inject fake iris codes. In this case, “fraudulent” means the entity has a way to spoof requests to the uniqueness service to make them seem as if they came from a legitimate Orb. Security measures on the Orb should make such an attack very difficult. However, the risks associated with malicious individuals involved in provisioning and/or flaws in digital security can’t be entirely eliminated.

The auditing of Orb operations by incentivized users and dedicated auditing organizations, when combined with software- and hardware-security measures, can make generating fake IDs very hard. Today, operations are already audited by third-party organizations. To increase the robustness of this process, a list of all Orbs, their locations and operational information about the Orbs could be made public.

Incentivized Re-Verification

Similar to auditing of Orb operations, verified users can be incentivized to re-verify at a different Orb. For any attacker who compromised an Orb or spoofed verifications, such a second verification at a different Orb would be very difficult to also spoof. Therefore, statistically, the fraction of incentivized users that end up verifying a second time with a different Orb would be lower for a compromised Orb, allowing anomalies to be detected.

Orb Security Transparency

Below are steps toward making the security of the Orb more transparent:

Publish Audits

World Foundation regularly conducts and publishes hardware and firmware audits like this one to help ensure that the systems being built are as secure as possible, and to increase transparency into those systems. Such audits entail both security and privacy considerations.

Public Bug Bounty Program

A bounty program can raise the security bar by finding vulnerabilities early. In collaboration with Tools For Humanity and HackerOne, World launched a public bug bounty program in February, 2024. The program is being continuously extended with additional endpoints, source code and new categories of attacks.

Verifiable Orb Provenance and Firmware

While there is significant research involved, ideally, the public would be allowed to verify properties of an active Orb, including that it is:

  1. not counterfeit and is from an Orb vendor that meets manufacturing and security standards
  2. configured to only boot signed firmware
  3. running a specific version of the firmware

These verifications can help mitigate important privacy concerns related to biometrics. The public should not need to blindly trust an Orb vendor to faithfully/correctly implement privacy-preserving firmware.

Eventually, there may be a path to allow for firmware that hasn’t been approved by World Foundation governance, though it is unclear whether this would be desirable given the potential downsides. This would require appropriate incentive and audit mechanisms to disincentivize malicious behavior, which could turn out to be unviable in practice.

Orb Provenance Verification via User Agent

A first step towards verifying an Orb as non-counterfeit could be implemented through provenance verification via the user agent. Such a mechanism could help verify that an Orb is from a vendor that has been approved by World governance and therefore is running approved firmware. Such a feature can be integrated into other protocol-compatible apps.

One possible path for such a verification could be to ask the Orb to sign a challenge that has been generated by the App. Orbs contain two mechanisms for cryptographically attesting they are in the Orb registry: private keys in the secure element and private keys derived from fuses on the NVIDIA Jetson. Verifying signatures from both sources provides strong evidence that an Orb was manufactured by a vendor that has been approved and was not subsequently tampered with. Verification of the NVIDIA Jetson fuse state can provide strong evidence that Orbs can only boot firmware that has been signed. The user agent could also request an Orb’s firmware version from the Trusted Execution Environment’s (TEE) secure storage. As part of a normal boot, the root hash for dm-verity can be delivered to the bootloader by the TEE, ensuring that only code authorized by the TEE is able to boot. Inside of secure storage, these hashes would be associated with version numbers, allowing an entity (e.g., the World App) to request attestation of the current hashes and version numbers existing in the secure storage.

This mechanism assumes that an Orb’s private key only exists in its secure element (i.e., there are no other copies), a constraint which should be specified by the secure provisioning standard. Private keys are generated on the secure element directly and never leave, and a series of transparent certificate attestations during generation and export can prove that a particular key originated from a legitimate secure element. Therefore, physically attesting an Orb has a private key provides strong evidence that the same private key is not in the control of an attacker. Extracting private keys from the Orb’s secure element is assumed to be extremely difficult.

It is important to note that it is impossible to fully eliminate attack vectors of Orb hardware vendors/manufacturers or upstream vendors. The following attack vectors remain:

  1. The Orb vendor could bypass parts of the secure provisioning process (due to malice or incompetence), invalidating the guarantees of the proposed verifications. Therefore, Orb manufacturers should be audited to ensure the secure provisioning standard is maintained, and World Foundation is sponsoring research on other ways to harden the software supply chain..
  2. NVIDIA firmware could have security vulnerabilities or backdoors, which could threaten the Jetson fuse attestation.
  3. The secure element vendor could be compromised/incompetent/malicious, which would threaten the integrity of the corresponding attestation.
  4. The World Foundation could sign malicious firmware. Hardware support for firmware verification helps enable procedures to verify the actual firmware running on an Orb.

Therefore, there should be mechanisms to mitigate the risk of fraudulent manufacturers or compromised Orbs. In-person auditing of Orb locations and incentivized re-verification can make exploiting backdoors significantly harder and help detect malicious verification of World IDs in retrospect.

Reproducible Builds

Without reproducible builds, the public is required to trust that compiled firmware wasn’t maliciously modified during/after the build. Reproducible builds provide a mechanism to verify that Orb firmware was compiled from a specific state of the public repositories. To verify the integrity of the firmware, third parties should be able to build it from source on their own infrastructure. Full reproducibility means the resulting artifacts should be identical to those deployed to Orbs, and the signature from the signed firmware should be valid for the self-built firmware. The initial priority should be to make privacy-sensitive components of the firmware open source and reproducibly built.

However, there are some limitations. The firmware should (at least initially) include closed-source components, which are opaque parts of the system. Some of these are from Tools for Humanity (e.g., spoof-detection models) and some are from vendors (e.g., NVIDIA firmware components). Additionally, some components may be hard to make reproducible. These can be built separately and pulled in as compiled components to the main build.

Hardware Support for Firmware Verification

The most transparent way to verify firmware is by having read access to the storage of the main computing unit. The new generation Orb has a removable SD card that is easily accessible from the outside, and no persistent storage. Public auditors can use this mechanism to verify the integrity of a particular Orb’s firmware. The integrity verification of the dumped memory could optionally reuse the Orb’s internal integrity verification mechanism (dm-verity). This can provide stronger guarantees than Orb provenance verification via user agent, as there are fewer attack surfaces for spoofing direct physical access relative to remote attestation schemes.

While this mechanism provides strong guarantees for the firmware state, it is still possible to spoof the auditor at the hardware level. For example, there could be a second hidden flash chip that the Orb is actually booting from. This risk could be mitigated by additional audits that inspect the hardware directly on a random subset of devices. Further, in-person audits of Orb locations can make attacks significantly easier to detect and can create disincentives for malicious behavior.

Operations

Operations, in the context of World, refers to procedures in the “analog world” that allow people to get their World ID verified. The primary participants are Orb operators (i.e., independent entrepreneurs and their organizations around the world) who provide Orbs in physical locations for people to verify. Currently, all Orb operators have a commercial relationship with World Foundation. In the future, we expect that Orb operators will be able to acquire, deploy and manage operations without permission from World Foundation or any other entity. Certain infrastructure primitives can help reduce trust assumptions and align the incentives of all participants.

Community Operators

In 2025, Tools for Humanity (TFH) expects to provide the general public with the ability to become an Orb operator. They should be able to acquire an Orb and use it as part of a standalone operation to extend the protocol (as described in Test 1) or to develop a new use case (as described in Test 2). These new operators will complement the existing World Spaces and flagship operations that are overseen by TFH and other partners of World Foundation.

Protocol

The protocol contains off- and on-chain components that are responsible for handling, for example, verification or authentication requests from users. Since privacy is central to World ID, it is especially important to not sacrifice it in favor of accelerated increases in transparency, verifiability and resilience. One example of this is the uniqueness service, which still requires more research before it can be made more permissionless.

The following sections describe possible improvements to further increase transparency, verifiability and robustness of the protocol:

Protocol Open-Source

All of the components of the protocol are already open source (see the open source tree).

Protocol Security Transparent

Over the course of several months beginning in April 2023 prior to World’s public launch, audit firms Nethermind and Least Authority conducted two separate security assessments on the off-chain and on-chain components of World Network, including the following parts of the protocol:

  1. Correctness of the implementation, including cryptographic constructions and primitives and appropriate use of smart contract constructs
  2. Common and case-specific implementation errors
  3. Adversarial actions and other attacks on the code
  4. Secure key storage and proper management of encryption and signing keys
  5. Exposure of any critical information during user interactions
  6. Resistance to DDoS (distributed denial of service) and similar attacks
  7. Vulnerabilities in the code leading to adversarial actions and other attacks
  8. Protection against malicious attacks and other methods of exploitation
  9. Performance problems or other potential impacts on performance
  10. Data privacy, data leaking and information integrity
  11. Inappropriate permissions, privilege escalation and excess authority

Of the issues detected by Nethermind, which performed a comprehensive audit of World’s smart contracts, 92.6% were identified as fixed after the re-audit stage, while 3.7% were mitigated and 3.7% were acknowledged.

Details of these audits can be found in the Nethermind and Least Authority reports.

Since its launch, the World Protocol has continually evolved, with audits performed whenever sensitive or complex updates are introduced. For example, the uniqueness service, now based on an SMPC protocol, has undergone multiple audits from Least Authority which can be found here, here, and here.

Publicly Available Merkle Tree

The set of World ID public keys is already publicly available and committed to by the sequencer on Ethereum. The public keys are available as calldata, and the current state of the Merkle tree is committed as a Merkle root. Its validity is enforced through a ZK validity proof of batch insertions of public keys. While this ensures that the committed root actually corresponds to a Merkle tree, it’s not yet ensured in the validity proof that the public keys actually originate from an Orb. Even though the leaves are publicly available, it’s practically infeasible for the client to download all of this data and reconstruct the tree to be able to compute a Merkle inclusion proof. The tree availability service serves those Merkle inclusion proofs to clients. Clients can check the correctness of the Merkle proof against the on-chain root. However, this request can leak additional metadata about the client (e.g., IP address). This can be addressed by routing those requests through mixnets or through private information retrieval.

Permissionless Merkle Tree

As mentioned above, the validity proof of the Merkle tree needs to be enriched by a signature check of the public key. Once this check is added, trust in the identity sequencer is no longer required. Similar to the uniqueness service, this sequencer also needs to actually implement coordination to rotate between multiple sequencers so there is no possibility of censorship.

World ID Fees

The World Foundation is extending the World ID protocol to introduce World ID fees, payable in WLD. Usage will remain free for end users while applications will be charged for using World ID services. Each credential issuer will be able to set and retain their own credential fee, while a separate protocol fee will flow back to the protocol itself. More details were provided in a blog post on April 30, 2025 and technical specifications are expected to be released in 2025.

Decentralized Trust: Attestation and Auditability

Tools for Humanity and World Foundation are currently working to provide an update to the protocol that incorporates hardware and software security attributes (e.g., “attestations”) that allow for a decentralized trust model for authenticators, verification devices (Orbs), uniqueness services and relying parties. This will be released as open source and as a public standard that can be used by any third party to build or deploy infrastructure on the network.

Decentralization of Uniqueness Service

Increasing the resilience of the uniqueness service is challenging because a permissionless operation of the service would require iris codes to be public. A permissioned set of nodes that run the computation and agree on the result through consensus—or run the comparison on a reduced version of the iris codes so that no node has the full code—improves the verifiability of the system. As of 2024, such a system (known as AMPC) has been introduced.

AMPC

AMPC, or anonymized multi-party computation, is a quantum secure multi-party computation (SMPC) setup that anonymizes and securely protects the iris codes of Orb-verified World ID holders. It leverages NVIDIA H100 GPUs as the main compute platform to enable up to 50 million pairwise uniqueness comparisons per second.

AMPC incorporates the latest advances in cryptographic multiparty protocols and further improves on state-of-the-art techniques. This ensures that no iris codes ever leave the user's device. Instead, iris data is cryptographically processed directly on the Orb and rendered anonymous. Only anonymous data, which are secret shared and end-to-end encrypted, are transmitted separately to each compute node of the AMPC setup.

AMPC improves the way similarity comparisons are handled. In the previous version, pairwise Hamming distances were used in plaintext to determine the outcome of the enrollment process. In AMPC, only a binary result is revealed: whether the user is a match or not. This approach improves privacy even further.

In addition, iris masks, which are used to filter out noise and highlight relevant features of the iris for the uniqueness check, are now also secret shared, ensuring that they never exist in plaintext at any stage. This eliminates another piece of information and further enhances privacy protections for users. The architecture allows users' biometrics to remain secure, private and anonymous throughout the entire process.

Leveraging high-end hardware for superior performance

To achieve the high throughput required for global-scale biometric verification, AMPC leverages GPUs as the main compute platform. The AMPC protocol has been fully implemented using NVIDIA CUDA, enabling approximately 50 million pairwise comparisons per second overall.

Each compute node consists of an AWS p5.48xlarge instance with eight NVIDIA H100 GPUs. These instances provide around 3200 Gbps of bandwidth through Remote Direct Memory Access (RDMA) and 20 exaflops of compute performance.

Not only the uniqueness check itself, but also the transition from SMPC to AMPC was designed with the highest security and privacy in mind. This migration process, which involves changes in how the underlying cryptographic secret sharing works, is fully SMPC-based itself, meaning that no biometric data is ever processed or exposed during the upgrade. This ensures that user privacy is maintained throughout the entire transition process.

A decentralized and transparent approach

AMPC marks an important step toward decentralization and transparency.

World Foundation has partnered with Friedrich-Alexander-Universität Erlangen-Nürnberg in Germany, UC Berkeley Center for Responsible Decentralized Intelligence (RDI) in the U.S, and Nethermind, a trusted and reputable blockchain and research engineering company to operate a Multiparty Computation Setup, in which the anonymized data will be stored.

AMPC universities

Additionally, the Blockchain Center of the University of Zurich in Switzerland and the Korea Advanced Institute of Science & Technology (KAIST) have committed to assisting in advancing the secure storage of the anonymized data. This shift will help create a global and decentralized system, ensuring that no entity has access to biometric data.

To further enhance community oversight, a governance board has been established, which will include independent external domain experts. This board will coordinate and supervise updates, ensure accountability, and govern the onboarding of third parties to operate compute nodes in the AMPC setup.

Scaling for the future

The future roadmap for AMPC includes numerous improvements aimed at scaling the system for future growth. These also ultimately serve to reduce the compute requirements, making it easier for new third parties to join the network. Additionally, trusted execution environments are in development to minimize potential room for manipulation of those trusted AMPC parties.

Like its predecessor, AMPC is open source. Transparency is essential for building trust in privacy-preserving technologies. Anyone is invited to review, contribute and build upon the codebase.

Unprecedented privacy in biometric systems

AMPC is not only one of the largest SMPC-based systems in production but also breaks new ground by leveraging high-end GPUs to significantly increase performance. These technologies set a new standard for privacy, security and scalability—all while advancing the state of biometric verification.

For a detailed description of the techniques used in AMPC, please refer to the paper, Large-Scale MPC: Scaling Private Iris Code Uniqueness Checks to Millions of Users.

Governance

A global community of developers, individuals, economists and technologists conceived and made early contributions to World Network. The original idea started with co-founders Sam Altman, Alex Blania and Max Novendstern, who founded Tools for Humanity and assembled a team to begin developing the technology to support World.

Tools for Humanity is a technology company building for humans in the age of AI. . It is a Delaware (U.S.) corporation headquartered in San Francisco, California, with a wholly-owned subsidiary, Tools for Humanity GmbH, based in Germany. Tools for Humanity supported World’s multi-year beta testing phase, during which it developed the Orb and the World App.

Tools for Humanity and other early contributors are committed to providing every person on the planet access to the global economy, regardless of country or background.

Today, the governance of World is overseen by World Foundation, an independent entity that is committed to transitioning World governance to all of humanity. It is important that this happens in a deliberate way. Therefore, governance (e.g., voting) must be well-studied and tested before this transition.

The following sections describe different improvements that are either already occurring or can contribute to this objective:

World Foundation Setup

On October 31st, 2022, World Foundation was established as the non-profit steward of World, supporting and growing the ecosystem as it becomes self-sufficient. The Foundation’s main objective is to scale an inclusive identity and financial network as a public utility and to expand the governance thereof. This infrastructure has the potential to empower everyone to participate in the global economy in the age of AI.

The Foundation is an exempted limited guarantee foundation company, which is a type of non-profit incorporated in the Cayman Islands. It has a wholly owned business company subsidiary in the British Virgin Islands called World Assets Limited. This is “one of the most often used, and internationally recognized structures” for decentralized blockchain projects.1 World Foundation is “memberless”; it has no owners or shareholders.

This entity setup was a good fit for World due to the Foundation’s separate personhood, limited liability, tax efficiency, support for compliance with virtual asset regulations and suitability for long-term community governance. That last point is especially important. Cayman foundation companies can be structured to be “memberless” (that is, have no owners or shareholders) and instead to take instructions from token holders and/or World ID holders. They can therefore gradually steer matters such as running a grant program, open sourcing intellectual property (IP), entering into service agreements and managing a treasury. In the case of World, the shared governance model is all the more critical so that, in the long term, decisions can reside with the community.

At the same time, the Foundation can aid the community’s governance by safeguarding protocol IP. In most legal systems today, a traditional legal entity is needed to protect IP such as trademarks, open-source copyrights and domains. Tools for Humanity has already transferred core protocol IP to the Foundation, including smart contracts, the World ID SDK, patents for the Orb design and iris recognition technology, brand assets, domains and social media accounts. And the Foundation has open-sourced several core tech repositories and made the Orb’s hardware available under its Responsible Use License.

Transfer of Control and Ownership to the Foundation

In order to facilitate future governance models, several assets and key components have been transitioned to World Foundation:

  1. Treasury: World Foundation (and/or its affiliate entities) manages the treasury of tokens once they are unlocked. This includes World grants, operator rewards, and other contributor grants.
  2. Orb IP: Tools for Humanity has transferred the Orb IP to World Foundation. The Orb hardware and software will be made publicly available under a restricted use license, prohibiting the misuse of the technology. This allows the Foundation to onboard other organizations building Orbs or similar devices.
  3. Ability to Whitelist Orb Provisioning Entities: The Foundation manages the permissions for adding Orbs to the network, balancing hardware distribution, security and growth.

In order to grow the network and ultimately enable all of humanity to participate in the governance of World, the issuance of World ID and allocation of the WLD token (in certain countries) is ongoing.

Support Future Development

To encourage individuals and organizations to contribute to World Network through research, the development and production of Orbs or auditing of the system, World Foundation is setting up a grants program. Further, the World Improvement Proposals process is currently being created and will be open for proposals soon.

Separately, the Foundation intends to work on common standards and ecosystem-wide proposals. For example, today, Orbs are developed and produced by Tools for Humanity. Orb operations are managed by several organizations around the world. With support from Tools for Humanity, the Foundation will work on standards and incentives for organizations to develop, produce and operate Orbs such that production of Orbs and their operation can be further distributed. More details can be found in the Orb whitepaper.

Initial Community

World maintains a dynamic and evolving blueprint that is subject to change and refinement through input and decisions from the World community.

To enhance transparency and facilitate community involvement, regular community calls should be established with the aim of providing a platform for open dialogue and updates on World’s progress. Additionally, a dedicated forum similar to ethresearch should be set up to further foster meaningful discourse and engagement around World. This forum can serve as a hub for ideas, suggestions and discussions among community members and the project team. Lastly, the Foundation has already hosted several developer meetups and strives to create more opportunities for developers to collaborate, innovate and contribute to World.

Decisions by Community

Increasing the resilience of the governance of World Network is both imperative and unprecedented, given the foundational nature of proof-of-personhood infrastructure and the ambition to scale it to billions of people. Building a community-based governance system for World represents perhaps the most formidable challenge of the entire project, and this process is still in its earliest stages.

The Foundation should ultimately have a limited role in the protocol’s governance. To this end, the Foundation’s founding documents have provisions for community-driven governance. These provisions make it possible, through a prescribed process, for the community to make recommendations to the Foundation’s board of directors. For further details, see the Foundation’s Memorandum of Association and Articles of Association.

World ID provides unique infrastructure for distributed governance and presents the opportunity to harness input from a large and diverse set of individuals for community-driven governance. The reach of World ID is unprecedented. As a proof-of-personhood protocol, World ID naturally supports “one-person-one-vote” voting, in contrast to token-based voting commonly used by other blockchain projects. Notably, this adds more democratic options to the design space of voting mechanisms for World. However, the exact structure of delegating decisions to the community needs careful iteration and consultation with experts. Further, many governance decisions notoriously lack engagement from participants. Therefore, it will be important to encourage a large set of people to participate and explore the decisions. In the future, the user agent should serve as an entry point for using World as well as the governance of it. Additionally, multi-stakeholder governance models akin to ICANN should be explored.

Full Handover to Community

World Foundation is committed to continuously transitioning governance toward a model that sustainably enables World to benefit all humanity. This is an unprecedented endeavor in scale and complexity for a decentralized system, which will require a methodical and gradual approach. Key aspects like voting mechanisms should be thoroughly researched, validated with experts and tested before meaningful control is transferred. Transparency, inclusivity and neutrality are essential. However, these attributes contribute to intricate governance structures like today’s democracies, which can lead to often slow and expensive decision-making. While this deliberateness is beneficial for making long-term strategic decisions, such as amending a constitution, it can hinder the ability to quickly adapt to new challenges during the initial growth phases. Hence, prematurely adopting a governance model that fully transitions governance to the community without a well-vetted plan is itself a failure mode to be avoided.

The Foundation seeks input from contributors, the community and experts in the field as it increases the robustness of the governance of World Network

Other Resources

The World roadmap is a dynamic and evolving blueprint that is subject to change and refinement through input and decisions from the World community. Whether you are a developer, a user, an enthusiast or simply someone interested in the future of decentralized systems, please reach out through the appropriate channel:

  1. Join the community discussion on X or Discord.
  2. Contribute to open-source repositories on GitHub.
  3. Visit the World ID Developer Docs and Portal.
  4. View live on-chain data on the Dune Dashboard.
  5. View the Decentralization and Open Source Roadmap.

Footnotes

  1. To learn more about this arrangement, check out this Guide to the Cayman Islands Foundation Company from the Foundation’s outside counsel at the law firm Ogier.