With the rise of crypto-assets, more people are getting exposed to the concept of cryptographic accounts, “wallets”, public and private keys. Also, there are now numerous projects working on identity management and digital ID using cryptography and blockchain technology.
As a human being, you have very strong assurance that, as long as you are alive, your identity can be neither compromised nor lost. It is just about impossible to impersonate someone in front of people who know that person, and even identical twins have unique fingerprints and irises! So let’s look at two potential issues with linking a human identity to a private cryptographic key.
There is no way to prove that a private key is *not* compromised
In public key cryptography, everything depends on the private key being kept secret. Even a brief peek at the key, a blurry picture of its QR code for example, could compromise the key. The same goes for the word list used for initialising a wallet.
If you have a gold bar in a safe deposit box at your bank, you can go and verify that it has not been stolen. If you own securities, you can check your broker’s statement. But when you come to inspect the sealed envelope with your private key or word list, you generally cannot be absolutely certain that no-one else has seen it. It is a very disconcerting thought.
You can put an offline computer inside a secure vault, generate a keypair using trusted software and make sure that the private key never leaves the vault. That way you can be confident that this particular private key is not compromised. You could have the entire process audited and certified by a reputable auditing firm — but it would still not be proof. But what if the auditor took a peek? In any event, if you wanted to actually use the key as part of a digital ID, you would have to take it out of the vault.
An aside on identifying compromised keys: the honeypot method
One way to identify a compromised key would be to use such a key to create a wallet in some crypto-asset, deposit some funds there and link that wallet to your digital identity. Presumably, as soon as the key is compromised, someone will move the assets out of that account. But the solution is not foolproof: what if the attacker decides that the ability to impersonate you is more valuable than the funds in the wallet?
There is no way to retrieve a lost public key
For people who are learning about crypto-assets, the realisation that the loss of the private key is tantamount to the definitive loss of the asset is also quite disconcerting. If you lose your passport, there are ways to get another one issued. If necessary, people who know you will be asked to verify your identity. And if you forget the access codes to your online banking, your bank can issue new ones. In other words, it’s your identity that is important, not some document.
Because a lost private key cannot be recovered, the use of naïve public key cryptography in many areas will necessarily be limited. Imagine your citizenship and passport being linked to a private cryptographic key. What if losing the key would make you stateless and an illegal alien in your own country, would that make any sense? Probably not.
So what do we need?
What we need is cryptography that cannot be compromised, and where keys cannot be lost. One way to do this is via biometric identification using whatever is necessary, from facial and voice recognition, to fingerprints, iris scans and DNA sequencing. In other words, the body of the signer must be the private key — a private key that does not need to be hidden and can only be compromised by catastrophic accident or death.
We could imagine different levels of identification, a simple voice identification for a small purchase up to a DNA sample for some very important event. For such important occasions, this process could be enhanced or partly complemented by having brief interactions between the signer and people who know him/her and thus can confirm the signer’s identity even during a very short voice or video call.
Each person would also have a public key which could be used to verify signatures and encrypt messages to be sent to that person. We might even have a concept of a private key, or sequence of private keys, but these would be useless to anyone but the owner of that particular body.
Finally, it is important to remember that nothing in the foreseeable future will beat the age-old method of humans recognising each other and physically witnessing a human act. Some things will continue to be done in person, no matter how advanced digital IDs become.