Biometrics as private key?

[o_e_l_e_o]

Yeah, this is basically a very sophisticated method to create a brain wallet.

Pretty much. Even if you assume they have a 100% reliable method of accurately generating the exact same string from your fingerprint every time (which they don't), that doesn't change the fact that fingerprints are not secure at all, which they recognize by the fact they also require the fingerprint string to be XORed with the hash of a password. So, a brain wallet with extra steps.

What happens if you lose the finger you used to 'log in' to your Bitcoin wallet?  There are so many ways you could lose a finger.

You don't need anything so extreme. A simple burn or a cut across your finger tip, and there is no guarantee that when you heal your fingerprint will still be identical to what it was before, which is what it needs to be in order to recover your wallet. Good enough for a fingerprint reader maybe, but not good enough to output the exact same string as before.

If you are arrested, they could forcefully use your fingertip to gain access to your funds.  This is as bad as using fingerprint login for a phone containing sensitive information.

In the US at least, there have been plenty of court cases where authorities were legally allowed to force you to unlock devices with biometrics, while the same is not true of passwords.

[1714558591]

1714558591

[1714558591]

1714558591

[1714558591]

1714558591

[1714558591]

1714558591

[1714558591]

1714558591

[o_e_l_e_o]

From different perspective, you could prove that you were taken hostage at specific range of time. If your Bitcoin was moved during that time (remember block timestamp), it could be served as proof.

Counter perspective: The attackers use your fingerprints to access to your wallets and make a note of the private keys. Then they cut/burn your fingertips off, permanently removing your access to the wallets. They can then move the coins at any time they like since you cannot recover them.

Also, your suggestion can apply to any wallet. If I can prove I was taken hostage on a specific day, and all my regular non-fingerprinted wallets are drained on that day, I can equally serve that as proof.

[Fivestar4everMVP]

So, what do you think about this idea?

You pointed out one of the reasons why this idea of yours is a bad one, and that is ~

And the main problem is that we can lose the finger and in that scenario our cryptos will be gone.

To be sincere,  aside the above, there are several other reasons why I don't buy the idea of using biometric as private keys,  and I practically think they are unsafe.
I will name two real life scenarios that have actually happened to me.
1.  I bought two set of android phones,  one for myself and the other for my wife,  I used two of my fingers to set up the unlock by biometrics, after successfully done,  I discovered that even fingered I did not add were able to unlock my phone,  I also discovered after few weeks,  that my finger could unlock my wife's phone even when I wasn't the one that set up her fingerprint unlock.

2. Secondly,  there was a day I was asleep,  my wife wanted to use my phone but didnt know my password,  she didn't want to wake me up either,  all she did was take my finger,  place it on the biometric scanner on the phone and my phone unlocked.
When I woke up and found out,  I though within myself,  "what if it was someone else I don't know that took my phone that afternoon and did what my wife did for the purpose of gaining access to my private information.? My banking details,  my crypto wallets etc.

Now, imagine biometrics becoming private keys,  it simply means anybody who gains access to your device through your fingerprints already has access to all your crypto wallet,  you could sit down to have a bottle or 2 with friends and they could drug you,  use your fingerprints to unlock your device as well as your wallets and steal all your money.

[PawGo]

2. Secondly,  there was a day I was asleep,  my wife wanted to use my phone but didnt know my password,  she didn't want to wake me up either,  all she did was take my finger,  place it on the biometric scanner on the phone and my phone unlocked.
When I woke up and found out,  I though within myself,  "what if it was someone else I don't know that took my phone that afternoon and did what my wife did for the purpose of gaining access to my private information.? My banking details,  my crypto wallets etc.

Or even worst ;-)
https://news.sky.com/story/flight-diverted-after-woman-unlocks-husbands-phone-and-discovers-affair-11117184

We all know that 2FA is based on 2 thing from different groups: something you know and something you have. Apparently we cannot base generation (let's do not talk now about access to device where crypto wallet is already created) of crypto-keys on anything what we cannot control. Otherwise we are like people who holds their credit cards with PIN written on the card.

[PrivacyG]

All this apply to the phone, and that doesn't stop people to hold their bitcoins in the phone. I know that's a terrible practice but people still doing it. And i have seen some worst scenarios where people lose their phones and the 2fa with it losing access to exchanges and wallets.

I like this point, we could use biometrics as a hot wallet without risking all our founds.

I would like to disagree.  There was and still is a big issue with wallets allowing you to store funds on a seed you have not yet backed up.  This is one big issue I hope is now more widely solved.  By making it mandatory to back up a seed, the number of users losing access to their coins is lowered.  Even if by 20%, that is in my opinion significant.

Same goes for the idea of this thread.  I think it could cause unnecessary trouble.  There are a ton of people who have no idea how even the most basic function of a Bitcoin wallet works, let alone how risky using biometrics could turn out to be.  And if you as a beginner have an alternative to the 'hard to understand' Bitcoin Core which is biometrics, will you not choose biometrics since it is just so much more convenient?  YOU may know it is only 'safe' for small amounts, but how many Bitcoin holders actually use Hot Wallets?

Look at everyone around you.  They are picking comfort over anything else, why would it be different in this situation.  By not having alternatives that endanger people's coins, I think all of us get to be safer overall.

-
Regards,
PrivacyG

[o_e_l_e_o]

-snip-

And yet we still have wallets which allow users to skip the seed phrase back up step, and we still have wallets which allow users to unlock them using a fingerprint instead of a PIN or password. You might expect this kind of nonsense from poor quality closed source wallets like Coinomi, but we also see this from multi-billion dollar corporations. Coinbase's wallet, last I checked, allows you to skip the seed phrase back up, and Block's new hardware device they are building uses a fingerprint scanner. It is no wonder that newbies will take these easy but highly insecure routes to storing their bitcoin when some of the largest players in the space enforce the idea that it is acceptable.

[dkbit98]

You don't need anything so extreme. A simple burn or a cut across your finger tip, and there is no guarantee that when you heal your fingerprint will still be identical to what it was before, which is what it needs to be in order to recover your wallet. Good enough for a fingerprint reader maybe, but not good enough to output the exact same string as before.

Maybe you could try backing up your fingerprint in different locations and using different materials like vax, clay, silicone, plasteline, etc 
I heard that even identical twins have different fingerprints, but making duplicate is much easier to reproduce or 3d print.

In the US at least, there have been plenty of court cases where authorities were legally allowed to force you to unlock devices with biometrics, while the same is not true of passwords.

I think they can force you to give them anything they want, including passwords, pins and hidden secrets, especially if you are afraid of them.
They can probably hack your device if weak password is used, but most people choose to cooperate and break under pressure even if they are not guilty of anything.
Some devices you can't unlock only with fingerprint, but you need both fingerprint and password, and you can even set device reset your if it's not unlocked in specific amount of time.

[o_e_l_e_o]

I think they can force you to give them anything they want, including passwords, pins and hidden secrets, especially if you are afraid of them.

They can certainly jail you for not revealing your passwords, but there are several such cases of people claiming that they have forgotten their password/PIN and being released by appeals courts as it is impossible to prove they are lying. This is not the case for fingerprints or other biometrics.

They can probably hack your device if weak password is used, but most people choose to cooperate and break under pressure even if they are not guilty of anything.

Again, certainly in some cases, but there are also plenty of cases they have been unable to break the password or decryption key, or even something as simple as an iPhone unlock PIN.

[OgNasty]

There are too many problems with this idea as society currently operates for it to be viable.  However, when we're all living in the metaverse while our bodies are locked in tubes on some spaceship, this could be a great idea.  You're just too far ahead of your time with this one.  Check back in 300+ years.

[gmaxwell]

Even if you assume they have a 100% reliable method of accurately generating the exact same string from your fingerprint every time

FWIW, the algorithm inside minisketch was created for that purpose.   The idea is that you combine the biometric with non-secret (or not very secret) correction data.  If there is enough correction data the probability of success can be as high as you want.  If you have little enough correction data then the scheme is no less secure than the underlying biometric even against attackers that have the correction data.

How secure would it be?  Who the hell knows.  The security of biometrics is pretty unclear to begin with before you go adding the correction data needed to make them reliable.

In the US overall we have relatively good legal protections against being forced to divulge passwords (though there have been some instances), but we have zilcho protections against being forced to provide biometrics.

From a geek novelty perspective I think it's a cute idea to screw with-- but with a security hat on I think biometrics are across the board a bad idea and the best you can say about them is that they haven't yet been proven to be completely worthless yet.

[o_e_l_e_o]

If there is enough correction data the probability of success can be as high as you want.  If you have little enough correction data then the scheme is no less secure than the underlying biometric even against attackers that have the correction data.

The question then being "What is the optimal amount of correction data?" Too much and you weaken the security of your system. Too little and you could end up spending hours generating key after key from your fingerprint trying to find a collision to the one you generated in the first instance. (And better hope that first key wasn't some statistical outlier, or else you might never generate it again!)

[aysg76]

You don't need anything so extreme. A simple burn or a cut across your finger tip, and there is no guarantee that when you heal your fingerprint will still be identical to what it was before, which is what it needs to be in order to recover your wallet. Good enough for a fingerprint reader maybe, but not good enough to output the exact same string as before.

For sure there are many cases where have been instances of fingerprint changes and even damge of your womb prints due to skin damage and forensic experts have to said on this topic

Pretty much any cut or burn that goes deeper than the outer layer of the skin can affect the fingerprint pattern in a permanent way. But even with permanent scarring, the new scar becomes a unique aspect of that person's fingerprint.

So what happens in this scenario is you use to login to your wallet with your biometrics but now you don't have that same prints so how do you login into your wallet? In that case you need some extra layer of security or someone else backup but that could be extremely risky and should be avoided.You could see more instances here

So this practice is not good and think we have discussed it before hand on the forum that how risky it could be due to certain problems linked with it.

In the US at least, there have been plenty of court cases where authorities were legally allowed to force you to unlock devices with biometrics, while the same is not true of passwords.

That's what government and court are injected with to do in these cases where if they found something suspicious they will force you to that task and unlocking the phone is very common practice in most of the countries and you can't resist it because you can be punished so don't left with that options.

Moreover there are many cases where it would be risky if someone found out that your biometrics are there for utilising your wallet balance and they can take it from you and even the technology is advanced that copying fingerprint with same identical prints is easy and then your device needs to be in their hands and your funds are gone within a blink of eye.

[dkbit98]

From a geek novelty perspective I think it's a cute idea to screw with-- but with a security hat on I think biometrics are across the board a bad idea and the best you can say about them is that they haven't yet been proven to be completely worthless yet.

That makes you question why there is such a big push for using biometrics for everything.  
China and some other countries are already starting to use features like Pay With Face or Pay With Palm, and they market this as safest and most convenient way for payment.
All this data is held on some central server and it's connected with all your history, money, social credit system and social media accounts...
So if you had some accident and you mess up your face, or you disobey supreme ruler, you can't pay or use anything in this stupid system.

[o_e_l_e_o]

All this data is held on some central server and it's connected with all your history, money, social credit system and social media accounts...

It also allows mass physical surveillance to be far more effective. Cameras monitoring an entire crowd are one thing - cameras monitoring an entire crowd linked to a handy database which already includes multiple scans of every single citizen's face are much better.

So if you had some accident and you mess up your face, or you disobey supreme ruler, you can't pay or use anything in this stupid system.

This is a downside of biometrics in general. If your password is compromised or lost, it can be replaced. If your biometrics are compromised or lost, then tough luck. If I think a password, PIN, access card, physical token, etc., has been stolen or duplicated, then I can log in/phone up/visit/whatever the entity in question and rescind and replace whatever it is. If I think my face has been stolen from a database, then I'm screwed.

Biometrics are not safe now, and will probably be even less safe as time goes on and biometric databases become widely hacked in the same way that password databases are widely hacked today.

[seoincorporation]

There are too many problems with this idea as society currently operates for it to be viable.  However, when we're all living in the metaverse while our bodies are locked in tubes on some spaceship, this could be a great idea.  You're just too far ahead of your time with this one.  Check back in 300+ years.

300 years is too much mate, i think 10 years will be enough to get to that point. Just look at the news

The microchip implants that let you pay with your hand
https://www.bbc.com/news/business-61008730

Elon Musk Says a Neuralink Update Is Coming on Halloween
https://www.cnet.com/science/elon-musk-says-a-neuralink-update-is-coming-on-halloween/

And here is the tricky part of the biometric where we have to make us the next questions:

Is a microchip implant part of our biometrics?
How long it will take us to create the ADN print?

Maybe the fact that sign a transaction with the finger print es a bad idea, but it could be done with a NFC implanted chip.

[PawGo]

300 years is too much mate, i think 10 years will be enough to get to that point. Just look at the news
The microchip implants that let you pay with your hand
https://www.bbc.com/news/business-61008730

Future is now (almost).
It is quite easy to have it working right now: https://walletmor.com/
By the way it would be interesting to have LN wallet based on NFC, where you may pay without camera/qr code scan.

I am not sure if I would like to have it in my body, but if anyone want's it, there are possibilities.

Is a microchip implant part of our biometrics?

No, I do not think so. It is just like a normal bank card which you have "build-in".
For me, biometrics is something which is clearly related to a given person's body. Fingerprint, iris recognition, etc.

[o_e_l_e_o]

It is quite easy to have it working right now: https://walletmor.com/

God, what kind of dystopian nightmare is this? Put a chip in yourself to avoid the enormous hassle of having to spend 5 whole seconds taking out your wallet or phone to pay for something! The only downsides are we have to cut you open, risk of scarring and infection, and we'll need to cut you open more times in the future to replace it. Oh, and you now have a permanent tracking device physically inside you at all times which you cannot remove or turn off. But still! Save 5 seconds!

I'll pass, thanks.

[PawGo]

Put a chip in yourself to avoid the enormous hassle of having to spend 5 whole seconds taking out your wallet or phone to pay for something!

Apparently it is not only for paying. Have you seen that news about tesla owner who now is able to open his car with hand??

https://nypost.com/2022/08/22/tesla-owner-implants-car-keys-in-his-hand-using-microchip/

[dkbit98]

It also allows mass physical surveillance to be far more effective. Cameras monitoring an entire crowd are one thing - cameras monitoring an entire crowd linked to a handy database which already includes multiple scans of every single citizen's face are much better.

It's opening a can full of worms, and if you include payment in this combination than you are getting perfect tool for controlling and eliminating people.
You can probably turn off people with single push of a button and disable him any access for traveling and paying for anything, if he was not obedient enough.

This is a downside of biometrics in general. If your password is compromised or lost, it can be replaced. If your biometrics are compromised or lost, then tough luck. If I think a password, PIN, access card, physical token, etc., has been stolen or duplicated, then I can log in/phone up/visit/whatever the entity in question and rescind and replace whatever it is. If I think my face has been stolen from a database, then I'm screwed.

Exactly!
You can't replace and change your finger, I mean maybe you can with some huge reconstructive plastic surgery, but this would make drastic changes in your life.
I guess they could always create some backup and reset method, but imagine if (or when) hackers steal this information.
Talking about this subject, how do you think would Black Alien Project and Diablo Praddo pass any biometric verification?  
https://www.youtube.com/watch?v=jSf1bko4iZg

By the way it would be interesting to have LN wallet based on NFC, where you may pay without camera/qr code scan.

I think it's idiotic and stupid to turn your body into antenna for any reason... because this is what NFT is.
But I am not surprised seeing some people puting horns, permanent paint in their eyes, and all other crazy stuff.

[o_e_l_e_o]

You can probably turn off people with single push of a button and disable him any access for traveling and paying for anything, if he was not obedient enough.

Absolutely. If your only option is to pay with your biometrics, then whoever is control of that biometric database and servers (i.e. the government) can prevent you from paying for anything at any time. Did you publish something online critical of the regime? Not being able to buy any food or drink for a week should teach you to be more careful in the future.

Although the same could be said of the direction we are heading with CBDCs.

I guess they could always create some backup and reset method, but imagine if (or when) hackers steal this information.

I guess the way around it would be that when you first register your biometrics, the server applies some function which involves your biometric and a random number, and stores the random number and the output of the function without ever actually storing your biometric, just like storing a password hash but not the password. In the event you need to replace your biometric, then the server simply wipes your random number and output, generates a new random number, and then applies that random number with you biometric again in the same function to generate a new output to match against in the future.