People will soon be able to use their iriscodes to reclaim credentials that they sold, and once people start doing that, the market for re-sold credentials will drop to approximately zero.

> People will soon be able to use their iriscodes to reclaim credentials that they sold, and once people start doing that, the market for re-sold credentials will drop to approximately zero.

Is the obvious related problem this solution brings forth supposed to go unsaid? (Criminals don't buy something they can steal.)

Okay, so what's the attack scenario here?

Imagine we live in a future where Worldcoin is ubiquitous, all the hardware/software is open source. Several orb operators exist in every city in the world, and operators have a non-trivial amount of WLD tokens staked to ensure good behavior. Misbehaving orbs have their keys and subkeys revoked at the first sign of illicit usage.

Maybe a criminal kidnaps 10 people, then steals an orb, and uses those 10 iriscodes to register 10 new credentials on the network. How much profit would you expect to come to the criminal before their credentials are revoked?

Is there another attack you're thinking of?

> a criminal kidnaps 10 people, then steals an orb, and uses those 10 iriscodes to register 10 new credentials on the network

This is a lot of work. Just steal the iriscodes. If they're used for re-issuance, they're being stored and transferred. If they are not directly used, there is a hash-like reduction that can be exploited.

For sake of argument, though, let's assume perfect security. Infallible security. All the way through. Congratulations, you've turned every pair of eyeballs into an oil spigot. When the Taliban or ISIS carves through a town, instead of beheading the leaders and taking their treasures, they take everyones' irises. Every authoritarian state would require scans of its citizens so payment could be routed through (read: stolen by) it, a requirement they would back up with violence.

So if we start with your premise, the attack I can see being a concern is being able to deny people access to Worldcoin and burning their accounts/tokens by maliciously attacking an orb. If keys can be revoked because of illicit usage, someone could generate a key at the orb they wish to attack and act maliciously. Sybil attack, or attempt fraudulent transactions, or whatever behavior triggers burning all the keys tied to an orb. Do this before an election (if worldcoin is used for voting) or before the UBI is dispersed for the month and you could disrupt a lot.

How does Worldcoin provably know that an attacker is not using a dead person’s keys?