Topic: Mike Hearn, London 2014 [video presentation] - page 2. (Read 6910 times)

I do agree that it makes sense that AA is not seen as a priority, because the intended use case is to compare the person with the passport - in that scenario cloning is not quite so big a threat.

But without AA you have no meaningful protection against cloning, so I can't see what defence there is against Sybil if you also want anonymity. (Assuming I was correct about my interpretation of why ZKP+AA doesn't work, was I?)

BTW the slides are here:

https://docs.google.com/file/d/0B4t9VJLm_PWhRkFKa1pQTm54WU0/edit?hl=en&forcehl=1

Well, AA is best seen as a feature intended to stop you copying the data from one passport to another. The private key used in AA can't be exported from the chip. I guess it's not popular because the physical anti-cloning features might be good enough to keep passport fraud at acceptable levels, and anyway, duplicating an existing passport must be much less useful than creating an entirely fake one - the digital signatures are enough to tackle that.

With ZKP you don't need AA at all, it just has no role to play.

Thanks for the answer. I watched the video again and understand a bit better what you're aiming at. I think I get the interaction between elements now: AA prevents cloning, but we don't have that in practice. Also, ZKP wouldn't work with AA because AA checks a signature, but to do that you have to have a pubkey (something like that?)


But on the other hand ZKP + Skype seems to make no sense; I mean, yeah, *some* data might still be hidden but really it does destroy anonymity, in a very visceral way..

Looking at this combination of elements I can't see how it's going to work - assuming (a) AA destroys the possibility of anonymity and/or (b) AA isn't available, as is the case today for most countries(?)

Yes. Passports don't have PIN numbers attached because they're meant to be used with biometrics instead. The zero-knowledge proof of passport is really a proof of passport possession.

For a corrupt hotel clerk to create ZKPOPs they'd just have to do the same process as ordinary users - scan the photo page or type the BAC details in by hand, then NFC scan the passport chip and process the output. If a customer can see their passport at all times this shouldn't be possible without arousing suspicion. If they take it away then they could do it.

Is this a problem? Well, it's not ideal, but any security system has to make a tradeoff between usability and robustness. In this case the usability would be pretty good if you have an Android NFC phone and a laptop (the SNARKS are too intensive to create on a phone so you'd need a computer to help it), I think it'd not make setting up a node much harder. Certainly it's more complicated and lower throughput than building a botnet.

If you wanted to solve this anyway, you would have to pair it with some third party that verified your face against the passport data. For instance, pick one of N third parties who do a Skype video chat with you, where you hold up a word they give you on a piece of paper, and then it's matched against the passport. Obviously this is more complicated, expensive and involves introducing more ID verification authorities who do the face matching. It may still be easier/cheaper than what Bitcoin exchanges make people do though.


Biometrics data is unreadable because it's encrypted under a key only governments have (edit: to be more precise, the passport challenges the reader which must sign with a country-specific key). The rest of the data is encrypted under a key derived from the photo page because it's just a copy of what you can already see.

AA is irrelevant for this scheme. I mentioned it in the talk only to introduce the "real" solution. AA lets you prove ownership of the passport over the internet by challenging it with a nonce that's signed, but it doesn't provide any way to hide data so it can be anonymous.

We are talking about new relative node trust options on this thread.   

Our setup is we don't want any external dependency, third parties, or general human trust.  Obviously, you can't completely evade the concept of "trust" in this problem, but you can make your solution depend on the trustless network instead of externally or on people-based attestation.  You can develop relative trust based on context using facts derived from the Bitcoin network itself. 

I'd create a new thread, but we're still waiting for Mike to say he's throwing out the ePassport idea.  Until then, we're determined to help the OP on that thread. 

Several posts on reddit indicate lists of passport numbers exist. If this is true, it would be trivial to obtain a large number of proof of passports.

And I am really struggling with the problem that this is supposed to solve. Mike gives an example where someone enters a public place, and connects to the internet using a random wifi hotspot. This hotspot is then not a real hotspot but a fake one set up for this man-in-the-middle attack. It creates a simulation of the bitcoin network with fake nodes to trick the connected clients that they are connected to the real network. A transaction by the client would seem to have gone through fine, however it would never be sent to and confirmed by the real nodes.

So, for this attack to work, someone must be tricked to connect to the internet through a malicious provider, and chose not to verify adequatly whether his transaction has been accepted by the network.
I think this attack vector is difficult to execute because it relies on a naive and careless user connecting through a malicious link. Tricking a node into connecting through a malicious link is already an aspect of this attack that is difficult to carry out on a large scale anyway. And it seems that the proposed solution does not resolve the issue at all.

Indeed, there must be a better way of making it impossible to impersonate previously seen peers, up to a point where this attack becomes unfeasible. For instance, by implementing a challenge-response between nodes, such that nodes can verify that a node they connected to a month ago is still the same node now and not part of some instant simulation. Do this for a couple of nodes, and in this way it can be verified that at least some nodes (ones that had been seen before) are the same one as during the first time a connection was set up with them. This would require a man-in-the-middle attack using a simulation to convince a node to send its transaction while only connected to nodes it sees for the first time. A node that usually sees a number of known nodes would be alerted by this and can refuse to send the transaction, especially when connected through a previously unseen (wifi) internet link.

Sorry for blatantly reposting my reddit comment on this issue, but I care about it.

TruckStyling, thank you for bringing this up.

Centrally issued external tokens are inherently corruptible. This is why bitcoin exists in the first place - to transfer value in a decentralised, trustless manner.

If Mike Hearn cannot think of a means of trusting nodes that does not require a zero-trust, decentralised solution then I suggest he waits until someone else develops one.

Isn't necessary.

There were already three announcements (just on this forum) that big database dumps of x00.000 real passport data records with signing keys (if holder applied for passport with keys) will be released if this stuff doesn't stop.
It's known from most countries that only 5% till 25% of the passports are signed. Reasons: people don't want that and passports with keys are more expensive in applying fees. People who dont applied for keys get passports contain that an empty or dead chip, depends on country.

Question for Mike or anyone else who knows about this stuff:

What about a scenario brought up by a reddit user: a hotel clerk in a tourist destination handles a hundred international passports in a day. Is there some way they can surreptitiously grab a signature from each of them and use them for an attack?
So I tried an app out with my phone and it read the biometric,photo and ID details fine. The security info says the signatures are OK but it seems there is no "Active Authentication", meaning the passport could be cloned. Apparently that's the common situation according to this.

Without active authentication the system won't be defended against the hotel clerk attack, is that correct (because there is no nonce provided from the reader)?

This is a very specific proposed use of the bitcoin ID protocol, government passports are not required if you don't want to use them. Mike's just advocating a state dependent usage in the way you'd expect him to, but the base technology for this is equally good for stateless ID's too. In fact, it gives you the ability to create a form of ID that's less corruptible than any state run scheme. And you can choose how you structure it for yourself, and others can accept that as valid as they choose (but hopefully on some basis of how well it identifies you in an objective way  )

This seems to be a basic assumption that everyone from the most fresh newbie to Gavin takes as gospel.

I say, 'not so fast'.  The basic structure of the original implementation (which we are still in) has proven pretty useful, and I don't think it can be written off as being valuable due simply to future expectations.  I think it is useful and trusted because it is still difficult to assault, and this because the stand-alone core infrastructure is operable in a very widely distributed manner.

A series of 'off chain' solutions (like BitPay, Coinbase, Mt. Gox, vendors like TigerDirect, etc) riding on the back of what we have currently has the potential to scale.  It would be 'SWIFT, paypal, and visa/mastercard' but for one very unique difference:  The core value store would not be under centralized control.  And people could still keep their lifes' savings in a paper wallet if the so choose.


There is room for a lot of 'centralization' at the second tier level where individual failures do not threaten the entire system.  BTCChina is a wonderful example of this principle.

Yeah, I agree.  At a minimum, it's discriminatory against those who don't have a passport, which is dividing the bitcoin community up.  Bitcoin needs to remain a trustless network.

In addition to Mike clearly incorrectly assuming that everyone outside Iowa has a passport, his proposal is based on other assumptions that are just false:

Ass. 1> Only the government has access to the database.  

He's ignoring how easy it is to collect this data with an RFID reader by just hanging out at an airport.

Ass. 2> People only have 2 or 3 passports, limiting their ability to fake many nodes.

Honest people with iPhones will be limited to 2 or 3 passports.  Referring to #1, people with RFID readers or NFC equipped Android phones can have thousands -- and they are likely to be in the dishonest category, the same people who would simulate a network.  

Ass. 3> Governments can be trusted.  

Is anyone outside the US reading about how the NSA deliberately weakening encryption at the RSA? And how one man walked out with nearly all the US Government's best kept secrets from the most protected division of the world's strongest military?  

  

And what happens when we decide that people with Zimbabwean passports, or Venezuelan ones, or Gambian ones, or Tibetan ones, are just not allowed to run nodes anymore?

ANY centralisation or requirement for a centrally-issued external token is risk that we're beginning down a slippery slope towards blacklisting or worse.

Again, I think you misunderstood the whole concept. Having a passport is not a requirement, but if I am using an spv wallet, I'd like to connect to someone that is authenticated using a passport so I know I'm not being a victim of a sybil attack. For this system to work only a minority actually needs to run such a node.

I, for one, am grateful someone is thinking outside the box. Nobody said this is the best possible solution but it's a step forward in solving a problem.

Too bad he said nothing about reducing/trimming the blockchain size.

But I like the idea of Proof of Sacrifice.

This idea should be dead in the water because it is based on Mike's assumption that everyone has a passport.  In America, only 30% of people have a passport.  I imagine it is lower in many other countries, and higher in some, such as where Mike is from.  

What baffles me is that he's been studying the passport idea for 6 months, but it only takes 5 minutes to Google up the low percent of people using passports.  Unfortunately, Google, Yahoo and Bing will only give me American statistics -- whether bias on their part or lack of info elsewhere IDK.  But, still.  

Shall all nodes be concentrated in the UK or wherever passport use is high, and be limited in countries where passport ownership is very low?  

I'm against this for many reasons.  But, I'd think that the low rate of passport owners would be enough to kill it without 6 months of analysis and code being written.  What concerns me is that this logic hasn't killed this idea, yet.  

I guess that Mike thinks that 2/3 of Americans live in Iowa.  

CNN
Forbes

For those outside the US who wonder why only 30% of Americans have passports, besides the high cost of travelling across the ocean, most Americans are lucky if they can see half the wonders of America before they die.  Also, before 9/11, US citizens didn't need a passport to travel to Canada or Mexico. 
 

MarketNeutral - thank you for putting that into words.

Mike, if you believe 'billions of people have passports', you're very misinformed. Fewer than 50% of the Japanese and US populations hold passports - two of the largest economies in the world.

You push this need for an external token, which goes against the core values of bitcoin. If you can't come up with a solution that is in keeping with the ideals of bitcoin then I'd rather you didn't propose one at all.

Your answer had better not be along the lines of 'you don't understand' or 'it's only optional' or 'well why don't you code it then'.

Don't put words in our mouths. I object to the heedless abandon with which you propose solutions to what you perceive to be bitcoin's problems with blatant disregard for the opinions of the wider bitcoin user base and the spirit of freedom upon which bitcoin was founded. You seem to want to turn bitcoin into a draconian, quasi-paypal system. Your vision of bitcoin's future seems antithetical to the whole purpose of bitcoin.

I understand that bitcoin needs to evolve from Satoshi's original client. Yet to myself and many of us, your "solutions" follow the same trajectory of hubris, folly, and greed from which many of us are attempting to distance ourselves by using bitcoin in the first place. Might as well go back to SWIFT, paypal, and visa/mastercard.

Mike, you have some serious explaining to do.

When we talk of centralization, we're not necessarily talking about 3G or Tor. Yeah, such aspects need to be addressed, but don't miss our point. We're talking about your proposed blacklisting and passport ideas. i.e., Censorship or the means to enact it, and letting other people have more and unnecessary control over our money. Why should anyone but me get to decide whom I can transact with?Bitcoin is a powerful tool that greatly promotes self-reliance and people "being their own bank." People see this, they love it, and they feel you're attempting to take this newfound freedom away from them.

Moreover and to the point, centralization creates weakness by having a more centralized point of failure.

Centralisation is diametrically opposed to the central ideology of the zero-trust, distributed nature of bitcoin. Trusting any third party now is a slippery slope to further centralisation and control later.