Bitcoin Forum
March 29, 2024, 02:33:19 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Bitcoin's Decentralized PKI (Public Key Infrastructure)  (Read 7769 times)
Elwar
Legendary
*
Offline Offline

Activity: 3598
Merit: 2384


Viva Ut Vivas


View Profile WWW
July 10, 2012, 10:56:23 PM
 #21

How do you limit a single ID to a single person?

First seastead company actually selling sea homes: Ocean Builders https://ocean.builders  Of course we accept bitcoin.
1711722799
Hero Member
*
Offline Offline

Posts: 1711722799

View Profile Personal Message (Offline)

Ignore
1711722799
Reply with quote  #2

1711722799
Report to moderator
1711722799
Hero Member
*
Offline Offline

Posts: 1711722799

View Profile Personal Message (Offline)

Ignore
1711722799
Reply with quote  #2

1711722799
Report to moderator
If you want to be a moderator, report many posts with accuracy. You will be noticed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711722799
Hero Member
*
Offline Offline

Posts: 1711722799

View Profile Personal Message (Offline)

Ignore
1711722799
Reply with quote  #2

1711722799
Report to moderator
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 10, 2012, 11:11:13 PM
 #22

It might work if you could give the government a gpg key and they encrypted it in your drivers license. Then you could actually prove you owned it by signing a message with the private key that belongs to the public key on it. I think a decentralized bitcoin database could enhance such things if done correctly.

This system would largely prevent false ID problems because its relatively easy to steal identities. Its not so easy to steal someones private keys as well. This would also work for voting to prove you are an actual person and not a fake or dead voter since politicians dont have the private keys to the dead persons identity.


EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
July 11, 2012, 07:34:22 AM
 #23

How do you limit a single ID to a single person?

See my reply to hazek above.
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
July 11, 2012, 07:55:53 AM
 #24

I understand your sentiment about bloating the bitcoin chain with non-financial data, but if the person creating the transaction was willing to pay for it (via tx fee) then why not?
Bitcoin is the first ever decentralized secure database that has potentially huge applications beyond just financial transaction (Decentralized ID being one of them).
If the core developers and community can expand the bitcoin technology to determine fair TX fee for non-standard transaction and size then it would benefit everyone.
If the proper fee can be managed in a decentralized way then we've really improved bitcoin; however, without this advancement essentially free non-standard transactions that are relatively big will not be favored at all. I have hopes that something will work out.
Remember: every additional use bitcoin has besides financials will ultimately add value to the entire system.

It's not a matter of "sentiment", but a matter of using the appropriate tool for the appropriate task. Also properly separating concepts makes understanding and evolving them easier.

There's absolutely no need to go through ugly hacks to insert this data inside the blockchain if you can create an alternative chain with merged mining. It would be worse for developers of your system, since they would have to find a way to fit their data into bitcoin instead of defining their own database as they please. It would be worse for miners that just want to mine one of the chains, since they would have to store both databases. Anyway, summarizing, these are different purpose databases, there's no need to fuse them. Just do it like namecoin people did it.
Plus I'm still not convinced you really need a blockchain....

The time stamp would be useful for an ID system as it could describe how someones ID evolved over time; however, the real appeal for using the blockchain is that it is a database that cannot be altered or controlled by anyone.

Why is it important to know which modification happened first, and why is it so important that you are able to know this without trusting anyone? As long as you can gather all data that there is about an ID, I suppose you're fine. Maybe I'm failing to see something, but I don't understand why a blockchain would be preferable over a distributed database which can't order things in time without trust.

Perhaps one of your motivations to use a blockchain is that the monetary incentives in mining helps guaranteeing that multiple copies of the database will exist. Plus it also adds an incentive against bloating it with unnecessary data, since it costs money to add data to the chain. I'm not sure how other distributed databases provide such incentives (anyone knows?). But if it's just for that, I guess you can come up with some sort of monetary incentive for those who "seed it", and some sort of monetary costs for those who add data to it, all that without using mining itself, which is very expensive. Blockchains come at a cost, and carry their own vulnerabilities.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 11, 2012, 09:02:01 AM
Last edit: July 11, 2012, 10:13:32 AM by CIYAM Pty. Ltd.
 #25

How do you limit a single ID to a single person?

One idea that came to my mind was the following:

SHA2( fingerprint information ) == private key 1
SHA2( some pass phrase or personal info ) == private key 2

1) Import the private keys into your wallet then send perhaps a specific BTC amount to both addresses (the sending could be done from anywhere to hide IP). The purpose of this is to be able to find the public key of all registered voters (and to be able to prove you have registered to vote). Also to ensure that no other public key #2 can be used with public key #1 (i.e. identity theft).

2) To prove identity a fingerprint scan would be performed and then public key #2 would be determine from the registration txs in the block chain (of course you need to trust that the device checking the fingerprint only actually outputs the public key and does not keep the raw data and that you were not photographed using the device, etc.).

3) A voting token (say BTC0.001) is sent in a tx that will require two sigs (for the 2 keys).

4) Some time later (and most likely at a different physical location) you can "spend" your vote.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 11, 2012, 09:12:35 AM
 #26

How do you limit a single ID to a single person?

One idea that came to my mind was the following:

SHA2( fingerprint information ) == private key 1
SHA2( some password or personal info ) == private key 2

1) Import the private keys into your wallet then send perhaps a specific BTC amount to public key #1 (the sending could be done from anywhere to hide IP). The purpose of this is to be able to find the public key of all registered voters (and to be able to prove you have registered to vote).

2) To prove identity a fingerprint scan would be performed and public key #2 would need to also be provided (of course you need to trust that the device checking the fingerprint only actually outputs the public key and does not keep the fingerprint raw data and that you were not photographed using the device, etc.).

3) A voting token (say BTC0.001) is sent in a tx requiring that will require two sigs (for the 2 keys).

4) Some time later (and most likely at a different physical location) you can "spend" your vote.


Biometric identity is an interesting way to do it. Hashing your fingerprint into a blockchain I never thought of.

CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 11, 2012, 10:20:20 AM
 #27

Biometric identity is an interesting way to do it. Hashing your fingerprint into a blockchain I never thought of.

One weakness I can now see in my idea (which admittedly just came off the top of my head) is that if someone did manage to get your fingerprint then they would be able to work out who you had voted for (as the public key would be easily traced).

It may be possible, however, to circumvent this problem by using the sort of combining private key stuff that etotheipi has described before for safely being able to generate vanity addresses for other people (this needs some more thought).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Xenland
Legendary
*
Offline Offline

Activity: 980
Merit: 1003


I'm not just any shaman, I'm a Sha256man


View Profile
July 11, 2012, 10:43:16 AM
 #28

Biometric identity is an interesting way to do it. Hashing your fingerprint into a blockchain I never thought of.

One weakness I can now see in my idea (which admittedly just came off the top of my head) is that if someone did manage to get your fingerprint then they would be able to work out who you had voted for (as the public key would be easily traced).

It may be possible, however, to circumvent this problem by using the sort of combining private key stuff that etotheipi has described before for safely being able to generate vanity addresses for other people (this needs some more thought).


Deffinatly want to bring your own fingerprint signing hardware Wink
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 11, 2012, 10:51:15 AM
 #29

Deffinatly want to bring your own fingerprint signing hardware Wink

Yup - complicated private key issues aside the hardware would be a much more difficult trust issue for such a system (but necessary in the approach I was outlining to ensure that no-one can cheat).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
July 11, 2012, 10:56:24 AM
 #30

Biometric identity is an interesting way to do it. Hashing your fingerprint into a blockchain I never thought of.

One weakness I can now see in my idea (which admittedly just came off the top of my head) is that if someone did manage to get your fingerprint then they would be able to work out who you had voted for (as the public key would be easily traced).

It may be possible, however, to circumvent this problem by using the sort of combining private key stuff that etotheipi has described before for safely being able to generate vanity addresses for other people (this needs some more thought).


Deffinatly want to bring your own fingerprint signing hardware Wink

Dont let anyone cut your fingers off either Cheesy

Luceo
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


Per aspera ad astra!


View Profile
July 11, 2012, 10:59:15 AM
 #31

This would be a legitimate use of the namecoin blockchain.

You could add a function to allow somebody to sign another person's ID, and add a VALUE for gpg key...

CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 11, 2012, 11:02:17 AM
 #32

Dont let anyone cut your fingers off either Cheesy

Yeah - the idea of having 2 keys (or a 2 part private key) would be to stop any usage of the fingerprint key without also having the other private key.

Although I guess if you were about to get your fingers cut off you might end up divulging your other key. Grin

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
July 11, 2012, 11:54:13 AM
 #33

Biometric identity is an interesting way to do it. Hashing your fingerprint into a blockchain I never thought of.

One weakness I can now see in my idea (which admittedly just came off the top of my head) is that if someone did manage to get your fingerprint then they would be able to work out who you had voted for (as the public key would be easily traced).

Are you sure? AFAIK fingerprint scans do not always produce the same string of bytes. Each scan produce a particular "image", and there are algorithms that allow you to compare two different images and tell with a high certainty whether they were produced by the same finger. I guess all biometric scans (retina, DNA etc) work like that actually.

So, if all that's public is a hash of the fingerprint, unless you're really lucky to get the same string that was used to generate such hash, I don't think you'll be able to locate it.
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
July 11, 2012, 11:56:01 AM
 #34

This would be a legitimate use of the namecoin blockchain.

Why?
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 11, 2012, 11:59:33 AM
 #35

Are you sure? AFAIK fingerprint scans do not always produce the same string of bytes. Each scan produce a particular "image", and there are algorithms that allow you to compare two different images and tell with a high certainty whether they were produced by the same finger. I guess all biometric scans (retina, DNA etc) work like that actually.

So, if all that's public is a hash of the fingerprint, unless you're really lucky to get the same string that was used to generate such hash, I don't think you'll be able to locate it.

Yup - for the key to be useful to identify a single individual the actual "fingerprint" would in fact already have to be some sort of hash that would be used for comparing fingerprints (rather than the raw scan data which of course would vary).

I was assuming this is how fingerprint DB's for forensics worked (but must admit I haven't researched it at all).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
July 11, 2012, 12:40:51 PM
 #36

How do you limit a single ID to a single person?

One idea that came to my mind was the following:

SHA2( fingerprint information ) == private key 1
SHA2( some pass phrase or personal info ) == private key 2

1) Import the private keys into your wallet then send perhaps a specific BTC amount to both addresses (the sending could be done from anywhere to hide IP). The purpose of this is to be able to find the public key of all registered voters (and to be able to prove you have registered to vote). Also to ensure that no other public key #2 can be used with public key #1 (i.e. identity theft).

2) To prove identity a fingerprint scan would be performed and then public key #2 would be determine from the registration txs in the block chain (of course you need to trust that the device checking the fingerprint only actually outputs the public key and does not keep the raw data and that you were not photographed using the device, etc.).

3) A voting token (say BTC0.001) is sent in a tx that will require two sigs (for the 2 keys).

4) Some time later (and most likely at a different physical location) you can "spend" your vote.


Wow... you're mixing 3 different things there. Don't you think it's too messy?

A decentralized voting system != decentralized OpenID provider (this topic) != decentralized currency.
AFAICT there's no advantage on making them all be the same system, only disadvantages. I'd recommend sticking to the unix principle of doing just one thing and doing it right - and making things capable of cooperating. The decentralized voting system could eventually use OpenID for authentication, and both p2p systems could eventually use bitcoin to provide monetary incentives to their users.
But they are all different systems, with different applicabilities.

Also, about your idea in particular, I'm not sure you can have the fingerprint in the private key. I'm not sure you can produce a unique hash out of all possible scans a finger can produce*. So, during the validation phase (2), the scanner would not be able to produce the same private key to derive the public key from.
Unless you also provide the original private key to the scanner, besides your thumb. Was that the idea?
If that's the case, and you're really going to trust the scanner like that not to output your private key, then what difference does it make if the fingerprint is a private key or just some hashed data in the public database?

* I'm not 100% sure of that. But I remember I friend who once used a fingerprint validation API, and he had to provide to the API both the scan output and what was saved in the database for the intended person. The API would tell if it matched or not. If it was possible to produce a common hash of all possible scans, then why wouldn't this hash be stored instead?
EhVedadoOAnonimato
Hero Member
*****
Offline Offline

Activity: 630
Merit: 500



View Profile
July 11, 2012, 12:51:20 PM
 #37

Deffinatly want to bring your own fingerprint signing hardware Wink

That would just transfer the trust issue to the counter-party requesting your fingerprint to be checked.... s/he would need to trust your device not to be fraudulent.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 11, 2012, 12:56:35 PM
 #38

Wow... you're mixing 3 different things there. Don't you think it's too messy?

Without a doubt trying to uniquely identify someone and then allow that person (and only that person) to perform a tx in a way that cannot later be deconstructed to then identify them is one very difficult problem (so any solution I think is going to be somewhat messy).

Also, about your idea in particular, I'm not sure you can have the fingerprint in the private key. I'm not sure you can produce a unique hash out of all possible scans a finger can produce*. So, during the validation phase (2), the scanner would not be able to produce the same private key to derive the public key from.
Unless you also provide the original private key to the scanner, besides your thumb. Was that the idea?
If that's the case, and you're really going to trust the scanner like that not to output your private key, then what difference does it make if the fingerprint is a private key or just some hashed data in the public database?

* I'm not 100% sure of that. But I remember I friend who once used a fingerprint validation API, and he had to provide to the API both the scan output and what was saved in the database for the intended person. The API would tell if it matched or not. If it was possible to produce a common hash of all possible scans, then why wouldn't this hash be stored instead?

Also for sure I don't know anything about how actual fingerprint software operates. I was really just trying to put out an idea that perhaps someone else could work out (or perhaps just disprove if what I'm suggesting is not actually theoretically possible).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1072


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 11, 2012, 12:58:29 PM
 #39

Deffinatly want to bring your own fingerprint signing hardware Wink

That would just transfer the trust issue to the counter-party requesting your fingerprint to be checked.... s/he would need to trust your device not to be fraudulent.

One very interesting technology that comes to my mind with regards to this issue is open source 3D printing (although the possibility of using this tech to create such devices is probably a long way away). Smiley

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Xenland
Legendary
*
Offline Offline

Activity: 980
Merit: 1003


I'm not just any shaman, I'm a Sha256man


View Profile
July 11, 2012, 12:59:33 PM
 #40

Deffinatly want to bring your own fingerprint signing hardware Wink

That would just transfer the trust issue to the counter-party requesting your fingerprint to be checked.... s/he would need to trust your device not to be fraudulent.
Exactly my point actually.... Finger printing is flawed to authenticate identity.. It only shows "significant evidence" you are authenticating your identity with only fingerprint. AFAIK a true fingerprint system would incorporate a Fingerprint, Eye scan as well as a unique password that is unique to the identity but then again that’s for entering secure buildings by that method of authentication becuase as its easy to kill someone and take their fingerprints, eyeballs(eww) and beat the password outta them before you kill them its shouldn't be possible to enter a secure building with a bloddy finger, an eye ball(forget the password) llol
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!