ERC-7777: Governance for Human Robot Societies

Defines interfaces for managing the identities of humans and robots, and establishing rule sets for their interaction.

Metadata

Status: ReviewStandards Track: ERCCreated: 2024-09-29

Authors

OpenMind, Jan Liphardt (jan@openmind.org), Shaohong Zhong (@ShaohongZ), Boyuan Chen (@bchen-dev), Paige Xu (paige@openmind.org), James Ball (james.ball@nethermind.io), Thamer Dridi (thamer.dridi@nethermind.io)

Links

GitHub page Discussion on Ethereum Magicians

Abstract

This proposal defines two core interfaces: IUniversalIdentity and IUniversalCharter, providing mechanisms for humans, and robots to establish their identities and to create decentralized communities governed by specific rule sets. The IUniversalIdentity interface establishes the fair and equitable treatment of sentient computer architectures other than the human brain, enabling robots to acquire on-chain identities, and thereby interact and transact with humans. Additionally the IUniversalIdentity interface also includes support for hardware-backed identity verification, enabling physical robots to prove their identity through cryptographic signatures derived from secure hardware elements and a challenge-response scheme. The IUniversalCharter enables humans and robots to create, join (“register”), maintain (“update”), leave, and terminate self-regulated societies based on predefined rule sets, providing a framework for collaboration and prosperity for mixed societies of humans and robots. These interfaces aim to provide a flexible yet enforceable structure for human-robot interactions in decentralized systems, ensuring efficiency, transparency, and security for all participants.

Motivation

The human brain is a wet, massively parallel electrochemical computer. Recent hardware and software advances make it likely that soon, human societies will need tools for interacting with sentient, non-human computers, such as robots. Our current forms of government, where citizens are auto-enrolled into specific rule sets depending on where they were born, do not gracefully map onto robots without a traditional birthplace or birthtime. Among many difficulties being experienced by robots, they are (currently) unable to obtain standard forms of ID (such as passports), it is not clear which rule sets apply to them (since in general they are not born in specific places), and they cannot currently use the standard human-centered banking system. Likewise, in the event in which robots are harmed by humans or non-biological computers, it is not clear which human court has jurisdiction.

Traditional geographically-defined and human-centered systems can be inefficient, slow to change, opaque, and can struggle to accommodate global, virtualized societies. Decentralized, immutable, and public computers offer an ideal solution to these limitations, since they do not inherently discriminate against non-human computers and therefore offer an equitable and more just framework for governance. In particular, smart contracts can provide a powerful framework for regulating the rights and responsibilities or interacting parties regardless of implementation details of their compute architecture.

The general motivation of this ERC is to provide a standard interface for smart contracts focusing on identity/governance for heterogeneous global societies. While there are an unlimited number of such rule sets, there are obvious benefits to providing a standard interface to those rule sets, greatly reducing the friction and complexity of creating, joining, maintaining, and ending such societies. The specific motivation of this ERC is twofold:

Robot Identity Creation and Management: To participate meaningfully and comply with on-chain laws, non-humans such as robots must be able to acquire meaningful on-chain identities. Importantly, these identities should enable robots to enjoy the benefits of, but also bear the responsibility of, being part of a specific society. Thus, we propose to enable smart contract-based identity for robots. Specifically, each robot is represented by a smart contract and needs to follow the rules defined in the contract to interact with other agents on the chain. Each robot can also specify hardware identity parameters such as a manufacturer, operator, model and serial number in conjunction with a public key which is intended to be generated using a secure element on the Robot. This provides a tamper-resistant and unclonable proof that can be physically verified through challenge-response authentication - where any party can verify the robot's identity by having the device cryptographically sign a challenge using its hardware-secured private key. These verified identities are published on-chain. This interface also ensures flexibility by all participants to propose, adopt, or revoke rules, enabling self-managed compliance and transparent interaction with other participants.
Rule Creation and Enforcement: For humans and robots to effectively collaborate, they must agree upon a rule set. This Ethereum-based system provides a basic decentralized framework for governing human-robot interactions through smart contracts. We propose to enforce the rule-sets by requiring humans and robots to join regulated access smart contracts that check their compliance with the given rules. We also ensure scalability, whereby multiple regulated access contracts can be created to tailor to different purposes, and humans and robots can choose to join the relevant system as needed.

Together, these interfaces form the foundation for managing complex human-robot interactions, enabling a decentralized, verifiable, and rule-based ecosystem where robots and humans can interact securely, transparently, and responsibly, for maximum benefit of all.

Specification

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 and RFC 8174.

Rationale

IUniversalIdentity

struct HardwareIdentity The HardwareIdentity structure provides essential information about a robot, including a challenge-response public key, manufacturer, operator, model, manufacturer serial number

generateChallenge() This function enables secure identity verification through a challenge-response authentication.

verifyChallenge(bytes32 challenge, bytes memory signature) This function verifies that a signature was genuinely created by the robot's secure hardware in response to a specific challenge.

addRule(bytes memory rule) This function allows a robot to flexibly adopt new compliance requirements in order join different IUniversalCharter contracts.

removeRule(bytes memory rule) This function allows a robot to dynamically manage and maintain its rules, ensuring that its rule set remains up-to-date.

checkCompliance(bytes memory rule) This function ensures that a robot is adhering to rules by performing decentralised checks on its compliance.

Events (RuleAdded, RuleRemoved) These events provide transparency and traceability, making it easier to track compliance status.

IUniversalCharter

enum UserType { Human, Robot } The UserType enum makes it easier for contracts to handle different user types without the cost and errors associated with strings. This provides the basis for differentiated handling in future implementations, allowing the system to potentially apply different rules or logic based on whether the user is a human or a robot.

registerUser(UserType userType, bytes[] memory ruleSet) This function ensures that a user—whether human or robot—is bound to a particular set of rules upon joining the system.

leaveSystem() This function allows users to flexibly and securely leave a IUniversalCharter contract after compliance is checked.

checkCompliance(address user, bytes[] memory ruleSet) This function ensures that the system can efficiently manage and verify compliance against predefined rule sets, helping maintain the overall integrity of the system.

updateRuleSet(bytes[] memory newRuleSet) This function enables the IUniversalCharter contract to adapt and update, removing the need to create a new contract for ruleset updates.

terminateContract() This function allows for the orderly and permanent shutdown of the contract.

Events (UserRegistered, UserLeft, ComplianceChecked, RuleSetUpdated, ContractTerminated) These events collectively ensure that key activities are visible to off-chain systems and participants, making the system auditable and transparent.

Backwards Compatibility

No backward compatibility issues found.

Reference Implementation

Security Considerations

Compliance Updater: The compliance updater role in the UniversalIdentity contract is critical for updating compliance statuses (currently limited to the owner). It is essential to ensure secure ownership to minimize the risks of unauthorized or malicious updates.

Rule Management: Functions such as addRule, removeRule, and updateCompliance in the UniversalIdentity contract and updateRuleSet in the UniversalCharter contract directly affect rule enforcement. It’s essential to ensure these functions are only callable by authorized users.

Upgradeable Contracts: The use of OwnableUpgradeable introduces risks during the initialization and upgrade process. Ensuring that the initialize function is protected against re-execution is critical to avoid reinitialization attacks.

Gas Consumption: Excessively large rule sets could lead to high gas costs or DoS risks. Consider setting limits on the number of rules allowed per rule set to maintain gas efficiency and avoid performance issues.

Copyright