[Aurornis]

You're assuming the leak was accidental, the person knows about it, and they didn't intend for others to use it.

What happens when someone sets up a marketplace where people can sell those blind signatures using their ID for $2 each? And then kids just pay $2 to have someone else blindly use their ID to validate the account, because supposedly the system is structured so that nobody can tell which ID was used or tie it back to the account?

[namibj]

E.g. the German ID card can all on it's own, just using a server certificate configured/parametrized for this and signed by the government, do a simultaneous pseudonym passkey mint and age gate check. That way you could easily block ID reuse; note that the passkey is locked to the card not the person as it's cryptographically derived from the pair of the card's private internal key, and the server's private key that goes to the certificate.

Access to this part of the card is secured by PAKE between the transport layer (TLS) encrypting and user interface providing NFC reader (for example phone with the app, or dedicated hardware) using a PIN.

[hiciu]

That's where the google play integrity / attestation comes into the effect.

In theory you cannot export your private key from the device (from the secure element), so for each $2 someone would have to quickly unlock their phone, scan code via the app and so on.

[coppsilgold]

Private keys from secure elements leak all the time. There will be a flawed implementation that someone exploits, an insider will smuggle a key out etc.

This is why true zero-knowledge systems for this sort of thing aren't practical and will never be. Because a SINGLE leak will break it and there will be no way to even detect it.

The attestation systems you reference don't even allow true zero knowledge attestation, they involve a trusted intermediary to convert your burned-in private key to a temporary key which you use for attestation with a third party.

And the temporary key isn't even a product of a blind signature. And it's rate limited. So if a service selling these temporary keys shows up they will be able to easily trace it to the burned-in key responsible - then revoke it and if possible initiate legal action.

This also means that whenever you register to a service using one of these schemes you are registering with your real identity, it's only a question of how hard and how many parties need to collude to extract it.

And in the event that they really do blindly sign tokens generated on your device, then their scheme will not survive adoption. As it gets adopted, the value of these blind signatures will rise and services that sell them will pop up. There will be no way of tracing the sold blind signature to the compromised/colluding device and rate limiting will merely necessitate a farm of such devices as opposed to a single leaked key.

*Note that Blind Signatures are Zero Knowledge.

[blackqueeriroh]

Can you tell me when a private key has leaked from the Secure Enclave on a iPhone?