In 30 seconds of scanning, the Orb performs four complex operations: it captures the iris in the infrared spectrum, converts it into a numerical code, verifies uniqueness against millions of records—and it does all of this while ensuring that no one, including the company itself, can determine your identity.
In short: This article is an engineering breakdown of what happens inside the Orb and beyond.
⚡ In Short
- ✅ The Orb uses infrared and multispectral cameras—eye color and lighting do not affect scan quality.
- ✅ The IrisCode is generated locally on the device's chip—raw images are not transmitted to the network.
- ✅ Zero-knowledge proofs allow for the verification of uniqueness without revealing underlying data.
- ✅ Since May 2024, the IrisCode has been stored in SMPC format—distributed among several independent parties.
- ⚠️ The IrisCode generation algorithm is partially proprietary—what this means in practice.
📚 Table of Contents
🎯 How the Orb Camera Captures the Iris: Multispectral and Infrared Capture
The Orb utilizes infrared cameras in conjunction with visible light and multispectral sensors. This enables clear captures regardless of eye color or ambient lighting, while simultaneously detecting forgery attempts at the material physics level.
The human eye appears different in the visible spectrum depending on iris color, lighting, and pupil state. For reliable recognition, this is a challenge: the algorithm must obtain comparable data every time.
The Orb solves this via the Near-Infrared (NIR) spectrum (700–900 nm). In this spectrum, melanin—the pigment defining eye color—barely absorbs light. Therefore, dark brown and blue eyes look identical in the NIR range: the texture itself—the structure of crypts, furrows, and iris fibers—becomes visible. Makeup, colored contact lenses, and external lighting conditions do not influence the result.
Technical stack of the Orb Gen2 camera system (October 2024):
| Component |
Function |
| Infrared Cameras (NIR, 700–900 nm) |
Primary iris texture scanning independent of pigmentation. |
| Visible Light Cameras |
Liveness verification, protection against 2D spoofing. |
| Multispectral Sensors |
Detection of forgeries: printouts, screens, silicone lenses, prosthetic eyes. |
| NVIDIA Jetson (5x AI performance vs Gen1) |
Local image processing and IrisCode generation on-device. |
| Removable SD Card |
Public auditing of source code. |
How NIR Detects Forgeries
A living eye and a forgery reflect and absorb infrared light differently. The Orb analyzes several physical signatures simultaneously:
- Corneal Reflex — A living cornea produces a specific specular highlight in NIR. Printouts or screens produce a flat or distorted reflection.
- Depth of Field — Stereo cameras or structured light determine the object's 3D nature. Flat surfaces (photos, screens) are detected as anomalies.
- Vascular Pattern — In the NIR range, blood vessels around the eye are visible. Silicone lenses or prosthetic eyes lack blood flow.
- Micro-movements — A living eye constantly performs microsaccades. Static images lack these.
None of these checks are fully documented publicly—this is a deliberate engineering decision: the less an attacker knows about specific detection methods, the harder they are to bypass.
Comparison with Other Systems
| System |
Capture Method |
Liveness Detection |
Processing Location |
| World Orb Gen2 |
NIR + Multispectral |
Hardware-based (material physics) |
Local (NVIDIA Jetson) |
| Face ID (Apple) |
Structured light (30k dots) |
3D face map + IR photo |
Local (Secure Enclave) |
| Touch ID (Apple) |
Capacitive scanner (RF) |
Skin conductivity |
Local (Secure Enclave) |
| Classic IRIS scanners (Airports) |
NIR (fixed installation) |
Minimal or absent |
Centralized (cloud/server) |
The key difference between the Orb and classic IRIS scanners is hardware-based liveness detection and fully local processing. Airport systems generally transmit images to a central server for comparison.
Sources: World Blog: New Orb announcement · World Engineering: Iris Recognition
🎯 How IrisCode is Generated from an Image
IrisCode is a numerical representation of iris texture. The process consists of four steps: segmentation, normalization, feature extraction, and conversion into a binary vector. It is mathematically proven to be impossible to reconstruct an image from this code.
World has open-sourced its iris recognition system—IRIS (Iris Recognition Inference System). This allows for independent verification of the pipeline logic. Here is how it works:
- Segmentation — A neural network classifies every pixel of the image: iris, pupil, sclera, lashes, or reflection. It determines eye geometry and pupil dilation. If the visible texture is insufficient (closed eyelids, movement), the frame is rejected and a new scan is taken.
- Normalization (Daugman's Rubber Sheet Model) — The iris image is transformed from Cartesian coordinates to polar coordinates. This "unrolls" the ring-like shape of the iris into a rectangular patch of standard size (e.g., 64x512 pixels). Because of this, the code remains stable regardless of pupil size—if the pupil dilates or constricts, the texture remains in the same relative position in normalized space.
- Feature Extraction (Gabor Filters) — Gabor filters are applied to the normalized patch: mathematical functions that detect local textural patterns at various frequencies and orientations. Analogy: if you look at fabric through different magnifying lenses at different angles, each lens reveals a specific structure "signature." The result is a set of numerical values describing the unique iris structure at multiple scales simultaneously.
- Binarization — Numerical values are thresholded: if the value is above the threshold, it is 1; if below, 0. The result is a fixed-length binary vector. This is the IrisCode. The classic size per Daugman's algorithm is 2048 bits (256 bytes). The exact size in the World system is not disclosed.
What Gabor Filters Are (Simplified)
Imagine you are analyzing a pattern on fabric. You view it through a series of lenses: one detects horizontal lines, another vertical, a third diagonal, and so on, at various scales. Each lens provides an answer: "This pattern exists here" or "It does not." By aggregating answers from all lenses across all positions, you obtain a unique "fingerprint" of the fabric. This is precisely what Gabor filters do with iris texture.
Comparison with Classic IrisScan (Daugman Algorithm)
| Parameter |
Classic IrisScan (Daugman, 1993) |
IRIS (World, 2023) |
| Feature extraction method |
Gabor filters (classic) |
Neural network (proprietary details) |
| IrisCode size |
2048 bits |
Not disclosed |
| Algorithm openness |
Academically published |
Pipeline open, model weights closed |
| Comparison metric |
Hamming distance |
Hamming distance |
| Accuracy (FAR) |
~1 in 10⁶ |
Not published |
⚠️ Transparency Note: The IRIS pipeline is open and available on GitHub—segmentation, normalization, and comparison logic are independently verifiable. However, the feature extraction model (Step 3) remains proprietary: outside researchers can see the architecture but not the exact weights of the neural network. This means it is currently impossible to independently confirm whether the model extracts hidden information about the individual (age, gender, health status). This is not a proven risk, but an open question regarding system transparency.
Comparison of two IrisCodes occurs via Hamming distance. Two scans of the same eye result in a distance of ~0.1 (10% of bits differ). Two codes from different people result in ~0.45 (45%). The wide gap between these values ensures reliable classification even with variations in scan quality.
Sources: World Engineering: Open Sourcing IRIS · World Engineering: Iris Recognition Inference System
🎯 Why processing happens locally on the device
The entire pipeline—from image capture to IrisCode generation—is executed on the Orb’s chip without connecting to the cloud. Images are never transmitted externally. Only a signed verification result is sent to the user's phone.
Local processing is not just a marketing term; it is an architectural decision with specific implications for the threat model:
| If processing were in the cloud |
Local processing on the Orb |
| Images are transmitted over the network — risk of interception |
Images never leave the device |
| The company sees the original images |
The company receives only the IrisCode |
| Requires a constant internet connection |
Verification is possible offline |
| A single server = a single point of failure and attack |
Network compromise does not grant access to images |
How exactly the Jetson processes data
The NVIDIA Jetson is a system-on-chip (SoC) optimized for running neural networks on edge devices. In the Orb Gen2, it executes the entire IRIS pipeline: segmentation, normalization, and feature extraction—without transmitting data externally.
The device's memory uses a session-based model: data exists only during active verification. Once the session ends—regardless of the result—all images and intermediate data are overwritten and deleted. Only the signed cryptographic result is stored for transmission to the World App.
[Image of secure edge computing architecture]
What exactly is deleted and when
| Data Type |
When it is deleted |
Exception |
| NIR iris image |
Immediately after IrisCode generation |
If the user explicitly consented to storage for model improvement |
| Intermediate segmentation data |
Immediately after normalization |
None |
| Normalized patch |
Immediately after IrisCode generation |
None |
| IrisCode |
Transmitted encrypted to World App, then deleted from Orb |
None |
SD card audit — how it works in practice
The Orb Gen2 has a removable SD card containing the device's software code. Any technical auditor can:
- Remove the SD card from the Orb.
- Calculate the hash (SHA-256) of the card's contents.
- Compare it with the hash of the code published on GitHub.
- If the hashes match, the code on the device is identical to the one shown publicly.
This is so-called reproducible build verification. It does not guarantee that the code is flawless, but it guarantees that the company has not installed anything other than what it shows publicly.
Comparison with competitors' cloud systems
| System |
Where biometrics are processed |
Does the company see the images? |
| World Orb |
Locally on the device |
No (by default) |
| Clearview AI |
Cloud |
Yes |
| Aadhaar (India) |
Centralized UIDAI servers |
Yes |
| Face ID (Apple) |
Locally (Secure Enclave) |
No |
| Most airport e-gates |
Cloud or local server |
Depends on the operator |
Source: World Blog: New Orb announcement · World: Privacy & Transparency Update
🎯 What is a zero-knowledge proof and how is it applied here
Zero-knowledge proof (ZKP) is a cryptographic method that allows you to prove a fact without revealing the data. In World ID, it allows you to confirm that "this IrisCode is in the list of verified ones" without reporting whose code it is and who is behind the account.
To understand ZKP, you don't need math. An analogy is enough:
You want to prove to a cashier that you are 18 years old. The usual way is to show a passport with a date of birth, address, and photo. The ZKP way is to show only a mathematical proof of the fact that "the date of birth is earlier than 18 years before today," without revealing the date itself or any other data. The cashier receives a "yes/no" answer — and nothing more.
In World ID, ZKP works like this:
- The platform sends a verification request with context: App ID and session parameters.
- The World App generates a ZK-proof: it mathematically proves that the user's IrisCode is included in the global set of verified codes — without revealing which code it is.
- The platform verifies the proof. Verification takes milliseconds and does not require access to the IrisCode database.
- Result: the platform knows only "this is a real, unique person." Nothing more.
What exactly ZKP hides — and from whom
| Who is requesting verification |
What they get |
What they DO NOT get |
| Platform (Reddit, Discord, etc.) |
"This is a unique verified person" |
IrisCode, name, email, accounts on other platforms |
| Tools for Humanity |
Fact of verification (public key on the blockchain) |
Which platform and when World ID was used |
| Other users |
Nothing |
Any data |
Protection against correlation between platforms
A classic problem of digital identity: if two services use the same user identifier, they can combine their data and build a profile. This is exactly how Google Login works, for example — both sites know that the same account is behind them.
World ID solves this through a nullifier — a unique one-time identifier generated separately for each platform. The nullifier for Reddit and the nullifier for Discord are mathematically unrelated. Even if both platforms combine their logs, they will not be able to determine that the same person is behind two different nullifiers.
What is the Semaphore protocol
World uses an open ZKP protocol called Semaphore, developed by the Ethereum community. It implements anonymous signaling: a group member can prove their membership in a group and sign a message — without revealing who that member is.
In the context of World ID, a "group" is the set of all verified IrisCodes. A "signal" is a confirmation of uniqueness for a specific platform. Semaphore has undergone several independent cryptographic audits; its code is completely open.
⚠️ Important limitation: ZKP protects data transmission between the user and the platform. But it does not protect against a scenario where the platform itself stores the user's behavioral data after verification. World ID confirms "who you are" — but does not control what the platform does with "what you do" after logging in.
Sources: World Whitepaper · World: Privacy Update 2024 · Semaphore Protocol
🎯 How global deduplication works without storing biometrics
Deduplication is a check that a new IrisCode does not match any of the already registered ones. It happens through SMPC: each party calculates its own fragment of the comparison without seeing the full code. The result is "there is a match" or "there is no match" — without access to the data itself.
This is the most complex engineering task in the entire system. Let's formulate it precisely: we need to check whether the Hamming distance between a new IrisCode and each of the 26+ million registered codes exceeds a threshold value — and do it in such a way that no party has access to the full codes in their open form.
Why you can't just compare hashes
A typical approach to password protection is hashing: storing not the password itself, but its hash. Upon login, you hash the entered password and compare the hashes. This does not work for IrisCode: two scans of the same eye give different IrisCodes due to variations in lighting, position, and pupil dilation. The hashes will be different — even if the same person is behind them.
Therefore, the system compares not exact matches, but Hamming distance — the fraction of bits that differ. This requires access to the content of the codes, not just their hashes. Hence the problem arises: how to calculate the Hamming distance between encrypted data without decrypting it?
SMPC deduplication scheme
- A new IrisCode arrives from the Orb after local generation.
- Fragmentation — the code is broken into mathematical parts (shares) and distributed among independent SMPC nodes.
- Parallel calculation — each node calculates its part of the Hamming distance between the new code and the fragments of registered codes on its node.
- Aggregation of results — the nodes exchange intermediate results (not data) and together obtain the final distance.
- Decision — if the distance is below the threshold (~0.38) — it's a match, registration is rejected. If it is higher — World ID is activated.
⚠️ Scale of the task: Comparing one code against 26 million records in encrypted form is a computationally very expensive operation. World's SMPC architecture requires 1152 cores, 3.6 TB of RAM, and 5 Gbit/s of bandwidth. This is not a cloud microservice — it is specialized computational infrastructure.
What happens in case of a false match (false positive)
Theoretically, a situation is possible where two different eyes give an IrisCode with a Hamming distance below the threshold — a false trigger. World does not publish the FAR (False Accept Rate) of its system. For the classic Daugman algorithm, the FAR is ~1 in 10⁶. If we assume a similar indicator for World with 26 million users — statistically, a few dozen false rejections are possible. The company has not commented on this scenario publicly.
Sources: World: SMPC announcement · World Engineering: Iris Recognition
🎯 What is SMPC and the new storage architecture (2024)
SMPC (Secure Multi-Party Computation) is a cryptographic method where a secret is split into fragments among independent parties. None of them possess the full code. Calculations are performed on the fragments, and the result is obtained without ever reconstructing the original secret.
Until May 2024, IrisCodes were stored centrally on AWS servers in an encrypted form. This created a classic single point of failure risk: a breach of a single repository or the compromise of encryption keys would grant access to all codes.
How SMPC works — from principle to practice
An analogy for understanding:
Imagine a secret number, 42, that needs to be stored so that no single person knows it. You split it into three fragments: Alice gets +17, Bob gets +38, and Carol gets -13. Each fragment by itself is a random, meaningless number. However, if you combine all three: 17 + 38 + (-13) = 42. To perform a calculation on the number 42 (e.g., to check if it is less than 50), Alice, Bob, and Carol exchange intermediate results of their own calculations and together arrive at the answer without ever revealing their individual fragments.
This is exactly how World stores IrisCodes using SMPC:
- Secret Sharing: The IrisCode is mathematically split into n fragments using Shamir's scheme or XOR distribution. Any single fragment is a cryptographically random number with no connection to the original.
- Distribution among independent nodes: Each fragment is stored on a separate SMPC node managed by different organizations. World does not disclose how many nodes there are or who manages them.
- Threshold scheme: To reconstruct the secret, a minimum number of nodes (e.g., 3 out of 5) is required. If fewer than the threshold are compromised, the secret is mathematically impossible to reconstruct.
- Computation without disclosure: Deduplication occurs via the MPC protocol: nodes exchange encrypted intermediate results and collectively calculate the Hamming distance without reconstructing the full codes.
| Parameter |
Before May 2024 (AWS) |
After May 2024 (SMPC) |
After January 2025 |
| Where is IrisCode stored? |
Centralized servers (encrypted) |
Fragments on independent nodes |
Full code — only on user device |
| Risk of single-node breach |
Compromise of all data |
Valueless fragment |
Valueless fragment |
| Can the company reconstruct the code? |
Yes (holds the keys) |
Only through collusion of all nodes |
No |
| Resistance to quantum attacks |
Depends on encryption algorithm |
Theoretically absolute (information-theoretic security) |
Theoretically absolute |
| Open source and audit |
❌ |
✅ GitHub + Least Authority audit |
✅ |
What "information-theoretic security" means
Standard encryption (AES, RSA) is computationally secure: it is theoretically breakable, but it would take billions of years even on the most powerful computer. Quantum computers specifically threaten this class of protection.
SMPC with proper secret sharing provides information-theoretic security: an individual fragment mathematically contains zero information about the secret, regardless of the attacker's computational power. Even an infinitely powerful computer cannot reconstruct the secret from a single fragment. This is a fundamentally different level of guarantee.
⚠️ Open Question: World does not disclose which organizations manage the SMPC nodes, how many there are, or what the minimum threshold for reconstruction is. This means it is impossible to independently assess the real level of decentralization. The architecture is sound, but the level of trust in it partially depends on how truly independent the nodes are from one another.
Sources: World: SMPC announcement, May 2024 · Biometric Update: SMPC open source
❓ Frequently Asked Questions (FAQ)
Is the source code of the iris recognition system open?
Partially. The IRIS pipeline (segmentation, normalization, comparison) is published on GitHub. The feature extraction model is proprietary. This means the general logic is verified independently, but the exact mathematics of converting an image into a code remains closed.
What changed after the transition to SMPC in May 2024?
All IrisCodes collected prior to this were deleted. New codes are no longer stored centrally — they are split into fragments among independent parties. In January 2025, even those fragments were removed from centralized systems: full codes are now held only on user devices.
Is it possible to reconstruct an eye image from an IrisCode?
No. An IrisCode is the result of a one-way mathematical transformation. Even with the full code, it is impossible to recreate the original image — this is a cryptographically proven fact.
What is Hamming distance and why is it here?
Hamming distance is the fraction of bits that differ between two binary vectors. Two scans of the same eye give a distance of ~0.1 (similar codes). Codes from different people result in ~0.45 (significantly different). This gap allows for reliably distinguishing between "the same IrisCode" and "a similar but different one."
What is the Semaphore protocol?
Semaphore is an open ZKP protocol developed by the Ethereum community. It allows for proving membership in a group (e.g., "my IrisCode is on the verified list") without revealing the identifier. World uses Semaphore as the basis for anonymous World ID verification.
✅ Conclusions
The technical architecture of the World Orb solves a non-trivial problem: proving the uniqueness of a human among tens of millions of records without storing biometrics in a readable form and without revealing identity.
Key engineering solutions that ensure this:
- Local processing — images do not leave the Orb
- IrisCode — irreversible numerical representation of texture; reconstructing the image from it is impossible
- ZKP (Semaphore) — uniqueness verification without transmitting IrisCode to platforms
- SMPC — deduplication on encrypted fragments without a central storage point
The remaining open question is that the feature extraction model is proprietary. As long as it is closed, a full independent verification of the system is impossible. This does not mean the system is unreliable — but it does mean that trust in it is partially based on the company's reputation rather than mathematics alone.
