Table of Contents
Fetching ...

Human Challenge Oracle: Designing AI-Resistant, Identity-Bound, Time-Limited Tasks for Sybil-Resistant Consensus

Homayoun Maleki, Nekane Sainz, Jon Legarda

TL;DR

This work introduces the Human Challenge Oracle (HCO), a new security primitive for continuous, rate-limited human verification that issues short, time-bound challenges that are cryptographically bound to individual identities and must be solved in real time.

Abstract

Sybil attacks remain a fundamental obstacle in open online systems, where adversaries can cheaply create and sustain large numbers of fake identities. Existing defenses, including CAPTCHAs and one-time proof-of-personhood mechanisms, primarily address identity creation and provide limited protection against long-term, large-scale Sybil participation, especially as automated solvers and AI systems continue to improve. We introduce the Human Challenge Oracle (HCO), a new security primitive for continuous, rate-limited human verification. HCO issues short, time-bound challenges that are cryptographically bound to individual identities and must be solved in real time. The core insight underlying HCO is that real-time human cognitive effort, such as perception, attention, and interactive reasoning, constitutes a scarce resource that is inherently difficult to parallelize or amortize across identities. We formalize the design goals and security properties of HCO and show that, under explicit and mild assumptions, sustaining s active identities incurs a cost that grows linearly with s in every time window. We further describe abstract classes of admissible challenges and concrete browser-based instantiations, and present an initial empirical study illustrating that these challenges are easily solvable by humans within seconds while remaining difficult for contemporary automated systems under strict time constraints.

Human Challenge Oracle: Designing AI-Resistant, Identity-Bound, Time-Limited Tasks for Sybil-Resistant Consensus

TL;DR

This work introduces the Human Challenge Oracle (HCO), a new security primitive for continuous, rate-limited human verification that issues short, time-bound challenges that are cryptographically bound to individual identities and must be solved in real time.

Abstract

Sybil attacks remain a fundamental obstacle in open online systems, where adversaries can cheaply create and sustain large numbers of fake identities. Existing defenses, including CAPTCHAs and one-time proof-of-personhood mechanisms, primarily address identity creation and provide limited protection against long-term, large-scale Sybil participation, especially as automated solvers and AI systems continue to improve. We introduce the Human Challenge Oracle (HCO), a new security primitive for continuous, rate-limited human verification. HCO issues short, time-bound challenges that are cryptographically bound to individual identities and must be solved in real time. The core insight underlying HCO is that real-time human cognitive effort, such as perception, attention, and interactive reasoning, constitutes a scarce resource that is inherently difficult to parallelize or amortize across identities. We formalize the design goals and security properties of HCO and show that, under explicit and mild assumptions, sustaining s active identities incurs a cost that grows linearly with s in every time window. We further describe abstract classes of admissible challenges and concrete browser-based instantiations, and present an initial empirical study illustrating that these challenges are easily solvable by humans within seconds while remaining difficult for contemporary automated systems under strict time constraints.
Paper Structure (90 sections, 5 theorems, 13 equations, 4 tables)

This paper contains 90 sections, 5 theorems, 13 equations, 4 tables.

Key Result

Lemma 1

In any time window, an adversary with access to $m$ humans can produce valid HCO solutions for at most $m \cdot \tau_h$ identities.

Theorems & Definitions (10)

  • Lemma 1: Per-Window Identity Bound
  • proof : Proof sketch
  • Theorem 1: Linear Sybil Cost
  • proof : Proof sketch
  • Corollary 1
  • proof : Proof sketch
  • Lemma 2: Window Persistence Bound
  • proof : Proof sketch
  • Theorem 2: Steady-State Sybil Bound
  • proof : Proof sketch