Idena is the original Proof-of-Person blockchain (live since 2019). Personhood is established by passing a globally-synchronous validation ceremony: every epoch, all participants simultaneously solve AI-resistant 'flip' puzzles within a two-minute window, which is impractical for one human (or bot) to do across multiple identities. Verified identities receive a `Newbie → Verified → Human` status that other apps can read via the Idena RPC or the OAuth-style 'Sign in with Idena' flow.
- 01non-biometric proof of personhood
- 021-human-1-vote DAOs
- 03anonymous Sybil-resistant communities
- 04airdrops that want PoP without phone / KYC
- 05validation-based UBI experiments
- pnpm add axios
| Variable | Scope | Description |
|---|---|---|
| IDENA_RPC_URL | Server | URL of an Idena node RPC (self-hosted or public, e.g. https://restapi.idena.io). |
| IDENA_RPC_KEY | Server | API key for the Idena node RPC if it requires auth. |
Use Idena for non-biometric proof-of-personhood. For login, implement the 'Sign in with Idena' flow: redirect the user to `https://app.idena.io/dna/signin?token=<nonce>&callback_url=<your-callback>&favicon_url=<icon>&nonce_endpoint=<your-nonce-api>&authentication_endpoint=<your-auth-api>`. Your nonce endpoint returns `{ nonce: 'signin-<random>' }`; the authentication endpoint receives `{ token, signature }` and verifies the signature against the address using ECRecover (Idena uses standard secp256k1). Then call the Idena RPC `dna_identity` with that address: `await rpc('dna_identity', [address])` returns `{ state: 'Human' | 'Verified' | 'Newbie' | 'Suspended' | 'Zombie' | 'Undefined', stake, age, online }`. Gate access on `state === 'Human' || state === 'Verified'`; weaker tiers are not full proof of personhood.
- ⚑Validation only happens once per epoch (~every 21 days) — a user who misses the ceremony loses status until the next one; design grace periods rather than hard locks, or you'll churn legitimate humans.
- ⚑Status can degrade (`Verified` → `Suspended` → `Zombie` → undefined) if the user skips ceremonies; cache identity state with a short TTL and re-query the RPC per session.
- ⚑The synchronous-ceremony model is the entire Sybil defense — Sybil bypass means farming multiple identities across separate physical humans during the same 2-minute window, which is hard but not impossible (cartels, mechanical-turk style). Treat 'Human' tier as strong but not unbreakable.
- ⚑Identities are pseudonymous Idena addresses, not Ethereum addresses — bridging to EVM apps requires the user to sign a binding message proving control of both keys, or you must rely on the Idena RPC alone.
- ⚑PII handling: Idena collects no PII, but the flip puzzles users author can themselves leak personal context (handwriting, language, locale) — keep this in mind for privacy claims.
- ⚑Public RPCs are rate-limited and occasionally lag; for production gating run your own node or pin a paid provider, and never trust client-supplied identity state.