Costs set to rule out register of fingerprints

Ian Batten ukcrypto at chiark.greenend.org.uk
Wed, 30 Jan 2008 11:57:49 +0000 

On 30 Jan 08, at 1054, Ian Brown wrote:
>
> ICAO or another international organisation could act as a root  
> certifier. Verifiers would then only need that public key to  
> validate a signed issuing authority key.

Yes, I can quite imagine that every country would be prepared to sign  
up to a process where their passports were validated by an  
international organisation.  I can also imagine that every country  
would be entirely happy about a situation where the compromise of an  
international organisation they have no control over would compromise  
their entire passport process.   I doubt you could persuade more than  
one of France, China, Russia or the USA to agree to that.


>
>> including people with very well-resourced spook agencies.
>
> I'm not sure what difference this makes?

It's taken for granted that attacking an RSA key pair without the  
private key or the underlying primes is computationally infeasible.   
But factoring large composites isn't provably hard, and deriving the  
private key from the public key isn't provably equivalent to that  
problem anyway.  The USA, say, has a lot of mathematicians, a lot of  
computers and a lot of money.  Why would Putin agree?

If a method to factor large composites in O(n) time arrived tomorrow  
morning, it would be surprising, extraordinary and shocking; it  
wouldn't, however, overturn any long-established results.  And the  
NSA don't need O(n): they just need O(n^x) where x is a bit less than  
your planning assumptions.  Crypto systems (as we all know) are also  
not only attackable by brute force or via clever attacks on the  
maths; there's a lot of other attacks on implementation.  Again, the  
NSA might just have the people to look at those attacks.

>> do you want to bet your signature algorithm and technique against,  
>> say, a fully resourced joint attack by the Chinese and Russian  
>> governments?
>
> who have all sorts of other, probably easier, attacks available to  
> them.

Easier than compromising an official in the passport office of a  
small African country where $1000 is lifetime's earnings, in exchange  
for which you get the ability to fake the passports of that country  
in arbitrary quantity?  That plays well for cover --- your agents can  
travel on passports of another country.  And it plays well as an  
attack --- once you've done it, you tell everyone and watch all the  
citizens of that country become unable to travel.   What would the  
USA do with the ability to produce arbitrary numbers of Iranian  
passports, or the ability to render all Iranian passports practically  
invalid?

ian