Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for active authentication #62

Open
0xturboblitz opened this issue Feb 21, 2024 · 9 comments
Open

Add support for active authentication #62

0xturboblitz opened this issue Feb 21, 2024 · 9 comments
Labels
help wanted Extra attention is needed medium

Comments

@0xturboblitz
Copy link
Member

0xturboblitz commented Feb 21, 2024

Right now, we only use passive authentication by checking the passive attestation placed by country signing authorities in the SOD file. This has a drawback: it's possible for an attacker to copy the data and generate a proof of passport without physically owning the passport anymore.

We want to support active auth and/or chip auth. See country coverage here.
The active auth pubkey is in the DG15 of the SOD file which can be easily checked like the DG1 is currently.

The FreedomTool team has worked on this in circom.

It's apparently also been done in Noir by Michael here.

See here too.

@hero5512
Copy link

How can we identify a passport holder exectly own this passport? Can we authenticate the public key of the passport holder in chip by using active authentication?

@0xturboblitz
Copy link
Member Author

Hi,
There is no biometric check or password so we have to assume the person that physically owns the passport is the holder.
With active authentication, the passport's public key is hashed in the DG15 with is then signed by the issuing authority, so we can authenticate the validity of the public key.

@hero5512
Copy link

hero5512 commented May 1, 2024

OK, thank you

@hero5512
Copy link

hero5512 commented May 9, 2024

Just found another problem about the active authentication. The length of the challenge to be signed is just 8 bytes which is not enough for most use cases. Do you have any idea about this problem?

@0xturboblitz
Copy link
Member Author

Hi
If there is no way of signing more data at once, my guess is doing multiple signatures to cover a whole hash.

@hero5512
Copy link

I think the problem is that an attacker may be able to combine four signatures for 8 bytes. And then pass all the signatures verification step.

@0xturboblitz
Copy link
Member Author

Very interesting question. My guess is the following:

  • if implemented in a circuit, the signatures can be passed as private inputs so this is not a problem. You would reconstruct the 32 bytes sha-256 transaction hash in the circuit from 4 signatures of 8 bytes
  • if implemented in solidity, as long as the hash function is preimage-resistant this should not be a problem either. The number of possible rearrangements grows as (4n)^4 but finding a meaningful preimage still looks infeasible.

@HaringIbon
Copy link

Hi, There is no biometric check or password so we have to assume the person that physically owns the passport is the holder. With active authentication, the passport's public key is hashed in the DG15 with is then signed by the issuing authority, so we can authenticate the validity of the public key.

I am new to this project, so I apologize for lack of knowledge on the implementation of the authentication scheme. Without government cooperation, I understand one of the only plausible alternate means of identity verification for initial setup would be comparing the picture in the passport to the picture of the current physical owner--a verification which could likely be bypassed on many mobile devices by simply uploading images readily available on the internet, rather than taking a live picture.

This issue could be mitigated if there was a means to enforce the policy that a single passport can only be registered with open passport once. Thus, the initial holder, before the passport is stolen or used by an alternate individual, could register their passport via some means that verifies it has never previously been registered. What measures are in place to ensure the physical passport can not be used by multiple individuals? Passports are most susceptible to theft or access when they are actually being used--which is the purpose of having them in the first place--so this also presents the most risk of malicious cloning.

@0xturboblitz
Copy link
Member Author

Correct.
One approach would be to do a liveliness check with a video like many KYC providers do today. As this would be impractical with zk today, it could be done in a TEE.
We prevent reuse of a passport by storing a nullifier derived from hashing the signature of the passport. It's possible to build a recovery scheme that allows someone to regain control of an identity by doing a new passport proof.

@zk-passport zk-passport deleted a comment from Dedigraz Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed medium
Projects
None yet
Development

No branches or pull requests

3 participants