> For the complete documentation index, see [llms.txt](https://worlddao.gitbook.io/worlddao-white-paper/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://worlddao.gitbook.io/worlddao-white-paper/advancing-decentralization/protocol.md).

# Protocol

The protocol contains off- and onchain components that are responsible for handling e.g. verification or authentication requests from users. Since privacy is central to World ID, it is especially important to not sacrifice it in favor of accelerated increases in transparency, verifiability and resilience. One example of this is the uniqueness service, which still requires more research before it can be made more permissionless.

<figure><img src="/files/lHeYJFRlPwXF6DDzjeiy" alt=""><figcaption><p>The graph represents possible ways to increase the protocols transparency, verifiability and ability to recover from localized failures of participants.</p></figcaption></figure>

The following sections describe possible improvements to further increase transparency, verifiability and robustness of the protocol.

#### [Protocol Open-Source](https://whitepaper.worldcoin.org/#protocol-open-source) <a href="#protocol-open-source" id="protocol-open-source"></a>

Most of the components of the protocol components are already open source (see [the open source tree](https://worldcoin.org/open-source))—except for the uniqueness service.

#### [Protocol Security Transparent](https://whitepaper.worldcoin.org/#protocol-security-transparent) <a href="#protocol-security-transparent" id="protocol-security-transparent"></a>

Over the course of several months beginning in April 2023, audit firms [Nethermind](https://nethermind.io/) and [Least Authority](https://leastauthority.com/) conducted [two separate security assessments](https://worldcoin.org/blog/worldcoin/worldcoin-protocol-security-audit-reports) on the off-chain and onchain components of the Worldcoin protocol, including the following parts of the protocol:

1. Correctness of the implementation, including cryptographic constructions and primitives and appropriate use of smart contract constructs
2. Common and case-specific implementation errors
3. Adversarial actions and other attacks on the code
4. Secure key storage and proper management of encryption and signing keys
5. Exposure of any critical information during user interactions
6. Resistance to DDoS (distributed denial of service) and similar attacks
7. Vulnerabilities in the code leading to adversarial actions and other attacks
8. Protection against malicious attacks and other methods of exploitation
9. Performance problems or other potential impacts on performance
10. Data privacy, data leaking and information integrity
11. Inappropriate permissions, privilege escalation and excess authority

Of the issues detected by Nethermind, which performed a comprehensive audit of Worldcoin’s smart contracts, 92.6% were identified as fixed after the re-audit stage, while 3.7% were mitigated and 3.7% were acknowledged.

Details of both audits can be found in the [Nethermind](https://github.com/NethermindEth/PublicAuditReports/blob/main/NM0122-FINAL_WORLDCOIN.pdf) and [Least Authority](https://leastauthority.com/blog/audits/the-audit-of-worldcoin-protocol-cryptography/) reports.

#### [Publicly Available Merkle Tree](https://whitepaper.worldcoin.org/#publicly-available-merkle-tree) <a href="#publicly-available-merkle-tree" id="publicly-available-merkle-tree"></a>

The set of World ID public keys is already publicly available and committed to by the sequencer on Ethereum. The public keys are available as calldata and the current state of the Merkle tree is committed as a Merkle root. Its validity is enforced through a ZK validity proof of batch insertions of public keys. While this ensures that the committed root actually corresponds to a Merkle tree, it’s not yet ensured in the validity proof that the public keys actually originate from an Orb. Even though the leaves are publicly available, it’s practically infeasible for the client to download all of this data and reconstruct the tree in order to be able to compute a Merkle inclusion proof. The tree availability service serves those Merkle inclusion proofs to clients. Clients can check the correctness of the Merkle proof against the onchain root. However, this request can leak additional metadata about the client (e.g. IP address). This can be addressed by routing those requests through mixnets or Private Information Retrieval (PIR).

#### [Permissionless Merkle Tree](https://whitepaper.worldcoin.org/#permissionless-merkle-tree) <a href="#permissionless-merkle-tree" id="permissionless-merkle-tree"></a>

As mentioned above, the validity proof of the Merkle tree needs to be enriched by a signature check of the public key. Once this check is added, trust in the identity sequencer is no longer required. Similar to the uniqueness service, this sequencer also needs to actually implement coordination to rotate between multiple sequencers, so there is no possibility of censorship.

#### [User-Centric Flow](https://whitepaper.worldcoin.org/#user-centric-flow) <a href="#user-centric-flow" id="user-centric-flow"></a>

Currently the verification flow (and similarly the reset flow) are intertwined with different services, with some being permissionless and others not. Going from an intertwined architecture to one in which components are separated allows to increase transparency, verifiability and robustness of individual components. This architecture is described in more detail in the Advancing Decentralization blog post. This also allows the user to own their data and selectively share certain parts with the required services. A first step and prerequisite for this is to allow the user to retrieve all the data generated by the Orb. This requires an end-to-end encrypted, direct peer-to-peer connection between the user and the Orb, which is referred to as “Orb Connect.” However, the primitives used to build this communication layer could also be reused for all other communication between the client and nodes or services.

#### [No Single Point of Failure for Orb Verification](https://whitepaper.worldcoin.org/#no-single-point-of-failure-for-orb-verification) <a href="#no-single-point-of-failure-for-orb-verification" id="no-single-point-of-failure-for-orb-verification"></a>

Increasing the resilience of the uniqueness service is challenging, because a permissionless operation of the service would require iriscodes to be public. A permissioned set of nodes that run the computation and agree on the result through consensus, or run the comparison on a reduced version of the iris codes so that no node has the full code improves the verifiability of the system. Successful research on iris hashes could enable making them publicly available and allow for permissionless operation. A draft with more details can be found [here](https://hackmd.io/@worldcoin-research/r1H5wVjcn).

#### [Public and Permissionless Uniqueness Service](https://whitepaper.worldcoin.org/#public-and-permissionless-uniqueness-service) <a href="#public-and-permissionless-uniqueness-service" id="public-and-permissionless-uniqueness-service"></a>

The most difficult dependency is the research on beyond state-of-the-art template protection of iris codes. This is a prerequisite to make the operation of the uniqueness service permissionless. This can be achieved either by publishing anonymized iris hashes (the database needs to be available and readable for the service to run the deduplication) or by multiple parties running the service where each party performs the computation on one shard of the data. Besides that, research similar to that currently being conducted with respect to other sequencer models (e.g. for rollup sequencers) is needed. The problems and solutions should be very applicable to this model as well.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://worlddao.gitbook.io/worlddao-white-paper/advancing-decentralization/protocol.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.