Human Challenge Oracle: Designing AI-Resistant, Identity-Bound, Time-Limited Tasks for Sybil-Resistant Consensus

TL;DR

The paper introduces the Human Challenge Oracle (HCO), a cryptographically bound, real-time human verification system designed to resist Sybil attacks by leveraging the difficulty of parallelizing human cognitive effort, with empirical evidence of its effectiveness.

Contribution

It proposes a novel security primitive, HCO, that enforces continuous, rate-limited human verification tied to identities, enhancing resistance against automated Sybil attacks.

Findings

HCO challenges are solvable by humans within seconds.

Automated systems find HCO challenges difficult under time constraints.

Cost of maintaining multiple identities grows linearly with the number of identities.

Abstract

Sybil attacks remain a fundamental obstacle in open online systems, where adversaries can cheaply create and sustain large numbers of fake identities. Existing defenses, including CAPTCHAs and one-time proof-of-personhood mechanisms, primarily address identity creation and provide limited protection against long-term, large-scale Sybil participation, especially as automated solvers and AI systems continue to improve. We introduce the Human Challenge Oracle (HCO), a new security primitive for continuous, rate-limited human verification. HCO issues short, time-bound challenges that are cryptographically bound to individual identities and must be solved in real time. The core insight underlying HCO is that real-time human cognitive effort, such as perception, attention, and interactive reasoning, constitutes a scarce resource that is inherently difficult to parallelize or amortize across identities. We formalize the design goals and security properties of HCO and show that, under explicit and mild assumptions, sustaining s active identities incurs a cost that grows linearly with s in every time window. We further describe abstract classes of admissible challenges and concrete browser-based instantiations, and present an initial empirical study illustrating that these challenges are easily solvable by humans within seconds while remaining difficult for contemporary automated systems under strict time constraints.