What we think about Proof of personhood based on biometrics passports

Countries that issue electronic passports follow the standard designed by ICAO: biometric passports have a chip inside with digitally signed information.
There are a couple of open-source projects that use the chip in electronic passports via NFC scan to generate proofs using the underlying key pair. The biometrics themselves do not need to be extracted (and it would be illegal for unauthorized personnel to extract it anyway).

A context-aware & unique yet anonymous identifier can be generated based on the underlying unique private key that the passport chip contains. Note that the issuing government knows the list of public keys associated with the passports they issued, so as is, this anonymous identifier would not be issuer unlinkable. It can be used to prove “humanity” (or more accurately, “ownership of a unique passport”), nationality, age, etc.

We are personally in contact with three distinct teams developing proof of passport solutions:

1. OpenPassport (previously named “Proof of Passport”) - Led by Florent Tavernier with 7 contributors. Funded by the Ethereum Foundation and PSE.

2. zkPassport - Co-founded by 2 individuals and an alum of a16z’s Crypto Startup Accelerator.

3. Rarimo’s ZK Passport - The largest team (> 10 people), which raised $10M in Series A. Rarimo provides much more than just a proof of passport solution. It’s a comprehensive ecosystem of identity infrastructure and products.

   • Freedom Tool: A voting app based on their proof of passport solution.
   • RariMe Wallet: Used for scanning your passport, registering with the smart-contract, and soon for sending proofs to third-party apps. Currently invite-only, but expected to be open to anyone by Autumn 2024.

On Rarimo specifically

A key breakthrough in Rarimo’s solution is Issuer Unlinkability, meaning that while the government can know who registered to Rarimo (dictionary attack by hashing all the public keys corresponding to the passports they issued), the issuing government cannot know which passport was used by which “verifier” app. This is achieved by adding a registration step to append the passports’ public keys into a giant Merkle tree that lives in a smart contract, and then binding a zk proof of Merkle tree membership with the unlinkable proof of passports used by the apps.

The trade-off for this solution is that the registration step is globally accessible on the blockchain. If the issuing government is an authoritarian regime and if there aren’t many apps that use Rarimo, or if the apps that can be accessed are all controversial from the government’s point of view, then merely having registered could lead to repercussions. The latter is unlikely as there are already many non-sensitive apps that use this protocol (notably airdrop solutions). The other projects do not have this registration step and send the proof linkable to the passport’s public key directly to the third-party app’s server (e.g., Agora server). It would then be up to the responsibility of the third-party app to safeguard who can access this data and create mechanisms to unlink content from this public key. However, data leaks are frequent, even from the largest and most secure companies. And in the case of passport data, if the originating government wants to access the data, either by force or by legal means, it will be hard for the app to protect against such attacks on user privacy. Thus, instead of merely learning that some citizens have registered, the government could learn which app the citizen used, which is worse. Note that despite Rarimo using a smart contract for registration, the registration gas fees are paid entirely by Rarimo, and this complexity is hidden from the end-users.

Rarimo also implements a way to enforce uniqueness-check when requesting for an anonymous proof of passport as a third-party social app. An API for on-chain access as well as off-chain access (based on QR code or deep-link flows) are on the way and should be available by Autumn 2024. All of this combined can provide a comprehensive privacy-preserving yet verifiable and unique authentication system.

Besides passport scanning, Rarimo aims to provide a solution that integrates various identity solutions (Verifiable Credentials, Polygon ID, World ID, mDL, SBT, etc.) into one unified identity layer. Their identity layer is “Merkelized”: it uses the same registration step as the passport verification. The main advantage of this on-chain registration process is that it can turn linkable credentials into unlinkable ones in a trustless way. This is particularly interesting, as unlinkable credentials in practice are the exceptions, not the norm.

Below is the diagram showing the passport registration step and the proof reuse from an ecosystem of third-party apps:

Advantages

• Fundamentally, proof of passport solutions provide the same concept as Digital Passports based on Verifiable Credentials, except that unlike Verifiable Credentials, these passports are already owned by hundreds of millions of people!
• The Rarimo team in particular provides multiple breakthroughs beyond the proof of passport scanning solutions:
  • Unified platform with the ambition to be compatible with various standards of identity credentials.
  • Ability to turn linkable credentials into unlinkable ones, in a trustless way (including the biometric passports).
  • Built-in verifiable & sybil-resistant yet privacy-preserving & issuer-unlinkable authentication system.

Limitations

• While hundreds of millions of people own a physical passport, the vast majority of the global population doesn’t, especially the most vulnerable ones, such as refugees or stateless people.
• People can have multiple passports, and there is no way to verify it’s the same person only with the proof of passport solutions. Proof of passport only provides “proof of citizenship”, but not real “proof of personhood”.
• No support for revocation. Revoked passports (due to loss, theft, or early renewals) can still generate proofs, and there is no built-in way to provide a non-revocation proof. This can be a feature or a bug, depending on the context. In the case of an authoritarian regime that arbitrarily cancels passports of political opponents, this feature can be a powerful way to keep enabling these persons to have a voice.
• Even though it is unlikely for most people, a passport can technically be used by someone other than the person on the passport. Adding liveness checks, preferably in a privacy-preserving way (zkML), could eventually solve the problem. However, if someone is malicious enough to force or buy the usage of other people's passports, they may also be malicious enough to force or pay them into doing the liveness check. Note that this is a larger limitation that affects every proof-of-personhood solution.
• Scanning with NFC can be cumbersome.
• Mostly immature implementations.
• Proof generation is relatively slow.
• The legal aspect of using government-issued passports varies between countries. However, our first investigation has shown that KYC regulations do not consider zero-knowledge proofs as means of verification, so it does not fall under the KYC regulation laws, and as a result, the passport scanning in this context is a grey area.
• The unique identifiers generated in the proofs are generally not issuer-unlinkable: the issuing government would be able to associate them with the precise passport, because these identifiers are correlated with the passport’s public keys which are known by the issuing authorities. Out of the three mentioned, Rarimo is the only solution that successfully works around this problem.

Could it be useful for our requirements?

While Verifiable Credentials are the holy grail of credential infrastructure, they are not yet available in most parts of the world, and when they are, they are rarely of the issuer-unlinkable flavor. On the other hand, biometric passports are already there, and these proof of passports are more privacy-preserving and user-friendly than full-blown KYC. As a result, proof of passports unlocks the development of a privacy-preserving yet verifiable authentication system right now. In particular, Rarimo provides a trustless solution for using passport scanning in an issuer-unlinkable way.

The main limitation for passport scanning is that it ostracizes the part of the population that doesn't own a passport. This can be mitigated by integrating other proof of identity solutions as well. In the long term, besides passport scanning, Rarimo is a promising option for unifying various credential standards, including the issuer-linkable ones, in a trustless and issuer-unlinkable way.