Open 0xturboblitz opened 7 months ago
How can we identify a passport holder exectly own this passport? Can we authenticate the public key of the passport holder in chip by using active authentication?
Hi, There is no biometric check or password so we have to assume the person that physically owns the passport is the holder. With active authentication, the passport's public key is hashed in the DG15 with is then signed by the issuing authority, so we can authenticate the validity of the public key.
OK, thank you
Just found another problem about the active authentication. The length of the challenge to be signed is just 8 bytes which is not enough for most use cases. Do you have any idea about this problem?
Hi If there is no way of signing more data at once, my guess is doing multiple signatures to cover a whole hash.
I think the problem is that an attacker may be able to combine four signatures for 8 bytes. And then pass all the signatures verification step.
Very interesting question. My guess is the following:
I am applying to this issue via OnlyDust platform.
I have developed lots of systems that had to handle safety, authorization and authentication taking into account the structure and dynamics of the system and how it's used.
The approach would depend on what works with the original user experience but solves the problem, which as of yet I have not determined
I am applying to this issue via OnlyDust platform.
Electrical engineer with 3 years using c++
Circom and using active verification
Right now, we only use passive authentication by checking the passive attestation placed by country signing authorities in the SOD file. This has a drawback: it's possible for an attacker to copy the data and generate a proof of passport without physically owning the passport anymore.
We want to support active auth and/or chip auth. See country coverage here. The active auth pubkey is in the DG15 of the SOD file which can be easily checked like the DG1 is currently.
The FreedomTool team has worked on this in circom.
It's apparently also been done in Noir by Michael here.
See here too.