
Using the NFC Chip of the Passport to Do Proof-of-Work - herendin2
https://medium.com/@janmoritz_48488/using-the-nfc-chip-of-the-passport-to-do-proof-of-work-b77e1a5343a1
======
kwantam
There may be some unstated assumptions here that I'm missing, but as presented
this does not appear to be a useful idea.

The meat of the idea, as I understand it, is: passports can be easily
validated (because they contain a secret key signed by a government's Document
Signing Certificate), but they cannot be cloned (because that secret key is in
tamper-resistant hardware). So let's prove work by generating preimages of
signatures under these keys.

Trusting this purported PoW system requires that you trust the government not
to issue fake certificates. Otherwise, they can just use their signing key to
generate lots of new certificates and massively parallelize the "proof of
work". Moreover, at the point that you trust the government to behave
honestly, there's no need for proof of work! Since you're trusting that a
passport key is uniquely tied to an individual, you can (for example) just
vote---the required assumption already implies that there cannot be any
Sybils. (Or use any other mechanism that requires Sybil-free PKI, since that's
what the assumption implies.)

(As another practical matter, there does not appear to be any reason to
believe that each individual only has one physical passport. Some countries
allow people to have multiple passports.)

~~~
janmo
One solution that I have thought of is to have a mining difficulty by country
and another one by passport. If the passports of a certain country mine a lot
of blocks the difficulty for this country would increase. In this scenario it
would take 51% of the countries to go rogue in order to perform a 51% attack.

Another thing to implement as well is to increase the difficulty for a
passport to find a new block once it has already found a block. This way even
if someone extracts the private key of a passport he will only be able to take
a very limited advantage out of it because the difficulty for him would
skyrocket, as a consequence the reward of doing this should be lower than the
costs of doing the hardware hacking.

~~~
gruez
>One solution that I have thought of is to have a mining difficulty by country
and another one by passport. If the passports of a certain country mine a lot
of blocks the difficulty for this country would increase.

But countries are a completely arbitrary distinction. Should Liechtenstein
mining 100 blocks raise its difficulty as China mining 100 blocks? If not, how
should we weigh each country? By population? By GDP? What's stopping countries
from gaming their statistics to get more votes?

~~~
sudosysgen
It doesn't matter, mining difficulty is automatically determined by how much
mining is being done.

------
viralpoetry
A Hammer in Search of a Nail

Proof of Work require no secret information as an input and have to be easy to
verify. But most importantly, why would anyone do this?

Passport issuer can act like certification authority, this is not a trustless
system where PoW can be used for something. Public key infrastructure is a
solved thing with it's own problems, but verification is not one of them if
authority is working as it should.

EDIT: Let's not even mention that smartcards have effective lifetime and
efficiency.

~~~
tinus_hn
Hacking is not always about useful solutions. It’s about experiments that may
work out or not work out.

------
HMMLSTMHIDDEN
I think the author of this piece has not fully understood the concept of
proof-of-work. Hashing algorithms are used precisely because they do not rely
on a private key - and thus everyone can verify work that has been claimed to
be done.

Passports signing some data would provide a different output for every
passport. You could verify that the person doing the hashing indeed is the
person who owns the passport if you distributed the public key. But what is
the point of this?

Additionally there are other issues on so many different levels with this
idea: lack of anonymity, an artificially constrained hash rate (if there's an
incentive to increase the hash rate, someone _will_ extract the private key
from their passport and mine on dedicated hardware), wearing out the NFC chip
through massive use, creative an incentive to steal passports...

~~~
lxgr
As I read it, the point is not to authenticate individuals but rather to use
the relative scarcity of passports as the bounding factor for executing a
sybil attack.

------
centimeter
This offers literally none of the security properties that are required for a
secure decentralized currency and betrays a very fundamental misunderstanding
of what proof of work is for or its (economic) security properties.

The most obvious problem with this proposal is that it’s clearly not secure -
if someone manages to make fake passports (either because the cryptosystem
isn’t secure, they steal the signing key, or they control the passport
issuance authority) they fully control the system.

~~~
janmo
I answered a solution to this in another comment, above. If the mining
difficulty is set by country, it would take 51% of the countries to go rogue
in order to perform a 51% attack.

~~~
centimeter
So what you're actually proposing is a blockchain where the mining process is
based on e.g. UN member countries voting. Cool, but that's not proof of work,
it's not a cryptocurrency, and it's not very useful. They already have
something a lot like this - it's called "Banks in the EEA".

------
wyldfire
> I am surprised that so little has been done to combine the NFC capabilities
> of passports with the blockchain and hope that this field will be explored
> in the future.

If you are surprised about why a technology is missing, sometimes it means
that you have come up with something novel. Other times it means that you have
come up with another idea that was ruled out by others.

In this case, it's the latter. The utility of cryptocoins is due to trustless,
decentralized storage/transfer of value. If it's not decentralized, it's
useless. If it's not trustless, it's useless.

~~~
ubiubi18
Hmm, those big projects like btc or eth are NOT at all decentralised, that is
just a meme. It is more like proof-of-materialism. That alone is a good reason
to keep on searching for other decentralised solutions. Btc is allready ruled
out by the majority of people on this planet.

------
aazaa
The article never clearly states it, but the goal of proof-of-work, and by
extension this protocol, is to throttle access to write privileges on a
ledger.

Bitcoin does this by forcing miners grind on a nonce to try to get a block
hash below a certain value.

In this protocol, it appears that miners would do the same thing.

The difference is that the supply of passports is considered limited. A given
person only gets one. That suggests that it might be possible to avoid the
ever-increasing difficulty that Bitcoin has faced.

Bitcoin was intended as a one CPU, one vote system. This new one appears to be
intended as a one passport, one vote system.

There are two main concerns with such a system:

1\. security - how easy is it to forge passport identities?

2\. privacy - how easy is it to link a signature to the original passport?

I suspect the actual utility of this protocol revolves around these two
points.

~~~
cesarb
> A given person only gets one.

Not really. Consider: old passports, multiple citizenship, emergency
passports, identity cards which can be used as passports, etc.

~~~
vinay427
I generally agree with a minor quibble: There isn't an identity card that can
be used as a passport. There are identity cards that are sufficient for
limited travel and are unrecognized elsewhere. In the relatively widespread
EU++ ID card system, at least in the country I live in, ID cards can't even be
used in biometric immigration gates which require passports.

~~~
disabled
Americans can actually get "passport card" which functions like the EU
national identity cards, within the United States. It is intended for use
within the United States, as ID laws are changing. However, the RFID chip in
the US passport card only has the identifying number encoded in it, for lookup
in government databases. US biometric passports of course contain all of the
traveler's information. Likewise EU national identity cards are biometric, as
this is the standard.

With respect to the EU, as you know, there is to be a transition to biometric
EU national ID cards, if countries have not already switched to them. The vast
majority of countries already have. Some EU national ID cards are more useful
than others, giving people online identities, for example.

Although I am culturally an American, I am also Croatian. I hold two
citizenships. Croatia participates in the eID scheme [1]. Next time I go to
Croatia, I am getting my eID, so I have an official identity on the internet.
I am excited, as silly as it sounds.

[1]
[https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eID](https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eID)

~~~
arcticbull
A US passport card is sufficient for entry via land or sea ports only to:
Canada, Mexico, The Caribbean and Bermuda.

------
adrianmonk
> _assume that passport chips are similar enough so that they would provide a
> similar signing rate per second. Making it probably the most egalitarian POW
> mechanism that could exist._

If you're going to base a system on this, you'd need to be prepared for the
possibility of the government passport-issuing service switching to a
different chip (different vendor, next gen design, etc.).

It might be equal now, but what happens if everyone who renews their passport
suddenly starts getting different hardware? People could even realize what's
going on and there might be a mad rush to renew passports.

Basically, when you piggyback on someone else's system, you add a variable you
don't control.

~~~
janmo
Reminds me of when a new ASIC chip is released. But yes, this could be an
issue.

~~~
adrianmonk
Yes, I guess if your goal is proof of computational work, it is hard to really
control the ecosystem no matter where you turn.

------
X6S1x6Okd1st
Not sure if proof-of-work is a great use-case here, but leveraging NFC chips
in passports could be a great proof-of-personhood in a field where it is
extremely hard to do so. If you have proof-of-personhood you can do things
like airdrops much more effectively without giving a huge amount of coins to
someone with a ton of compute-power.

~~~
janmo
This is what UBIC is doing by basically distributing a continuous airdrop
every block to all registered e-passport holders. Q was trying to do the same,
both projects are mentioned on the bottom of the article.

~~~
X6S1x6Okd1st
Oh that's great! I obviously didn't read the links at the bottom. Too bad UBIC
isn't on any exchanges yet.

------
gruez
This seems like a variant of
[https://news.ycombinator.com/item?id=15382911](https://news.ycombinator.com/item?id=15382911),
but instead of trusting a couple of entities (Intel/AMD), you're trusting 200+
entities, with some being very corrupt?

------
scottlocklin
That's not proof of work; it's proof of authority. You can jigger it any which
way with randomization and challenge-response: it's still proof of authority.
Not that there is anything wrong with PoA; most mined networks end up
effectively PoA anyway (because dominated by 1-2 mining consortiums).

And it doesn't matter if you use a passport NFC chip or some other kind of
secure element (say, a ledger nano) with strong KYC; same thing.

------
mschuster91
To the best of my knowledge, the electronic signature function in German
Personalausweis/eAT/passport documents is unusable due to legal reasons since
2017 (!!) [1], and even before that it was not universally available, you had
to purchase commercial one-year certificates. I'd _really_ be interested how
the author made the passport digitally sign something!

[1]:
[https://de.wikipedia.org/wiki/Personalausweis_(Deutschland)#...](https://de.wikipedia.org/wiki/Personalausweis_\(Deutschland\)#Qualifizierte_elektronische_Signatur_\(QES\))

~~~
netsharc
It seems he's just talking about technical signature, and not a legal one.

It's a chip, with a hard to extract private key. You give it some input, and
you get an output which is the signature of that input signed by that private
key. The article isn't talking about whether this signature is legally
admissable.

~~~
mschuster91
> You give it some input, and you get an output which is the signature of that
> input signed by that private key.

My point is, this is _technically impossible_ at the moment with German ID
documents because using this function requires a commercial certificate which
have not been issued since 2017.

~~~
lxgr
The german national ID card protocol is something completely different from
the ICAO standard for biometric passports.

------
paypalcust83
I accidentally left my passport in the microwave for 1 second while heating up
a pain au chocolat. Now it can't be remotely sidebanded and is no longer
Turing complete apparently too. Silly me!

~~~
tialaramex
This just means you can't use electronic passport gates, so you spend more
time at border control and may be targeted for harassment for non-compliance.
There's a small chance you could be fined, since the passport isn't actually
yours it belongs to the government.

The passport deliberately requires the MRV as input for the NFC data stream,
so to get the data out of it a hypothetical attacker has to read your passport
(because that's where the MRV is). That's why the electronic gates require you
to show them the passport open at the right page with your data on it. They
literally need that data to get the exact same data from NFC.

For a machine this is brilliant news, it can now let you through the gate
after deciding that you're allowed in. For a human adversary it's not an
improvement at all because looking at a photograph versus downloading a JPEG
of the exact same photograph is not different.

------
hedora
I love this idea! Offering $M’s for a method to clone passports? Illegal.

Creating a crypto currency that produces $MM’s of incentive to clone
passports? Totally legit.

------
tialaramex
The feature this talks about isn't free, it requires a bunch more compute
capability in the NFC chip, which drives up prices and you most likely
wouldn't know if you have it. What's the result?

Passports are expensive documents, but what you'd expect is that even though
the document is expensive anyway there's an incentive to cut corner on
expensive features that aren't noticed.

Sure enough my actual British passport (issued after it became apparent that
idiot Leavers would get their way but before they wasted money having the
passports arbitrarily changed colour and removing the words "European Union")
does not have the "Active Authentication" feature.

It has the obligatory embarrassing photo encoded, and it carries proof this
document was issued by the UKPA, for whatever that is worth, but it isn't
capable of "active authentication" and so it would be useless for this PoW
trick.

Now maybe the United Kingdom is an outlier. Maybe every other passport
authority in the world has been issuing these for a decade. But I'd guess
exactly the opposite. One or two security enthusiastic countries have it, or
worse, it's available as a demo from the handful of companies that _make_
passports, but the vast majority of people who have a passport don't have one
of these.

If you own an NFC reader you can get software that checks for Active
Authentication. I'd be a tiny bit interested in the results if you see
anything interesting for yours.

~~~
tialaramex
Aha! I read further, Active Authentication is also disliked because the exact
feature this blog post relies on prevents deniability - and that's a Privacy
no-no, so some countries like Germany explicitly do not want it.

With Active Authentication you can basically show the passport a nonce, and
get the passport to give you signed proof that it saw this nonce. As a result
you can show other people that nonce, and the signature, and they know it was
a real passport.

But alternative schemes avoid this, you and the passport perform a dance in
which either the passport is genuine and you get the answer you expected, or
it isn't and you don't, but you don't get a durable proof you can show to
anybody else as output.

This latter scheme works more like a physical document while also defeating
cheap "clone" attempts and so privacy-friendly countries have no reason to use
Active Authentication.

------
cesarb
I wonder if this wouldn't cause extra wear on the passport chip. I don't know
if it has a counter which increments on every signature (like credit cards
have); if it has, then every signature would be another write to the non-
volatile memory of the chip.

~~~
espoir666
There is no such thing as that. He has no limit on the number of times

------
Animats
This could be useful for email authentication as an anti-spam measure. Yes, on
rare occasions there are fake passports signed by governments, but not in the
quantities spammers need.

~~~
espoir666
Yes, it solves the basic authentication problem

------
chews
This is an amazing insight, very very well done!

------
espoir666
Using passport verification of the project, can be a real person verification
interface.

