Absolutely. I've spent some time wondering how you gamify key-signing in a way that ordinary people will want to participate but at the same time not fall for social engineering. I don't think I have a good solution yet. But scanning each other's QR codes in order to get a blue-check is a start.
Discussion
You can do that over the Internet, tho. I just scan my laptop monitor.
Yeah. That is why it isn't a great solution. One of the problems of key-signing is that it is all or nothing. You assert that you are 100% sure of an identity. Real life isn't like that and normal people verifying each other won't be like that. Forcing in person is also massively inconvenient.
I would have many methods of verification, email, text, manual entry, nearfield, QR codes, etc. each method would carry a probability of tampering so the actual signature would be something like 97% sure this is the Sibyl I expect. You then do a preponderance of evidence algorithm as they are verified in different ways. You'd add that checkmark for high 9's only.
Speaking Sibyl as a name. Usernames should only count as an initial suggestion or at best a nickname displayed as a tagline. Pet names only. It makes no sense to verify you as Sibyl only to have you change your name to Leaserin.
My name is npubbunchofnumbers.
Tag each other in an image like on IG or FB. Selfie of the two signed by both, a cooperative event. Not good for anons, but they're not the target for the feature. People can still spoof it by tagging images not containing the person, but a self-regulating feature would also encourage "playing by the rules" but penalizing those who break them use WoT by purging spoofers from the WoT list to Balkanize it will make the WoT list stronger and more pure.
My initial solution was to use a asymmetric key exchange to generate a unique key. That key would be used by both clients to generate a series of random faces using the key as a seed. The two paries would have a limited time to select say three matching faces.
They would both have to be able to see both screens and any tampering would be immediately obvious to humans ridiculously good face recognition.
So, you're saying a small PoW? Using the human brain for image recognition?
Yes
Make PoW fun and you have a game 🤙
I was going to call it "the three witnesses" because you have to verify that they are the same on both devices as witness to your friendship. If they were cartoon and funny with odd expressions, people would have some fun checking what weirdos stood witness to their relationship. If the key derivation function is deterministic it would always remain the same three witnesses.
I like that idea. Deterministic seeding to facial image 🤔 encoding a face shouldn't be too difficult.
I've had trouble thinking up 32 bytes of determinism. But I am sure there is research on facial parameters.
I don't think we need a 256-bit face generator. Too many variables with too much resolution may make false-positive matches. Three faces that add up to greater than 128-bits should be sufficient.
Generating an image could be done by creating a standard svg with all individual elements as `
Sex (1)
Face shape (3) and color (3)
Eye shape (2) and color (3)
Hair shape (4) and color (3 or 2x3 for base/highlight)
Accessory type (3) and colors (2x3) // Like a hat, scarf, etc.
Shirt shape (3, vee/collar/sleeve) and colors (2x3)
Facial hair or earrings (depends on sex bit?) shape (3) and color (3) // Some more thinking needed to balance counts, etc.
Background pattern (3) and colors (2x3)
This adds up to 55 bits. I'm sure we could squeeze out some more bits by adding another bit of option here or there, probably in color. Probably able to get to 64-bit per face.
Limiting the colors and shapes will result in more discrete images, and spotting a match should prove easier. Too many possible colors will result in some colors looking too similar, like "is this chartreuse or lime?" It also allows for more art in the creation of the faces, IMHO.
There is also background, expression, and pose. You don't need to determine if it is the same person only if it is the same picture. I imagined something like mii avatars only much more realistic. Start with a standard mesh and change things like forehead width/height, width at eyes, cheeks, chin, then features like eyes (size, shape, color, placement) and all the things you mentioned. Then because it is a mesh, pose it and render with a patterned background to add a few more bits.
One could map the bits to the parameters of a FOSS parametric human 3D model, but to render in a lightweight way would be the real trick, I think.
An SVG cartoon might be a lot easier, especially because rendering would be handled by the client device.