I'm aware that the USA is a special case and that's why I specifically mentioned it in my talk.  In other parts of the developed world passport ownership is much higher. The UK Passport office issued over 5 million passports in the last year alone, for a country of about 65 million people.

Anyway, any American that wants a passport can get one. And passport ownership there has been going up steadily over time.


I would not say that pointing a large directional antenna at somebodies pocket (how do you even know they have a passport in there?) and then breaking the BAC encryption on it would be classed as "easy".

Also, American passports have shielding in the outer layer so that can't work. Other countries rely on the encryption or on the active authentication system to prevent cloning. Countries that use neither extra shielding nor active auth presumably don't feel that this type of theft is actually an issue in practice. If times changed, they could upgrade.

I didn't get the rest of your post, sorry. You want an alternative MITM breaker that isn't this and isn't SSL either? Then what?


Great question! The talk was only 15 minutes (a lot of people were standing the whole time), so there is a bunch of detail that I glossed over.

The proof you present is proof you ran a program correctly. Thus the hash can be salted, memory hard or whatever you want to do. Now I think there is a legitimate issue here which is that the space of valid passports is not very large - even in the best case of 100% ownership it's O(size of country) so even if the hash is salted or whatever a government that wanted really badly to deanonymize its citizens who are running nodes could potentially brute force every single hash. This is especially an issue because a program that's being proved runs much slower than a normal program would. So there's some perhaps some more work to do here.

Of course it is not any different to the situation we have today where a government can just find every IP in their country that's running a node and go look the owners up via telcos. Even if you assume all nodes run via Tor it's not clear you can stop a government de-anonymizing you, because of things like traffic flooding attacks. And frankly the Bitcoin P2P network is quite latency sensitive, new blocks need to be flooded as fast as possible to minimize miner losses to orphan blocks, so it's unclear to me that the entire Bitcoin network will ever run behind Tor 100%. I certainly wouldn't predict it as a no-brainer future.

In short, whilst a dedicated government might be able to reverse the hash somehow, they already have other options that are unlikely to go away, and the hash does stop everyone else from learning who you are which is still pretty useful (indeed, a basic requirement).