## DH, Metamask, Passkeys and AA silur@polkachampionship --- First there was "New directions in cryptography". Then.... nothing happened? :thinking_face: --- ## 3 (ab)used ways to authenticate - Something you know (a password) - Something you have (a chipcard) - Something you are (a biometric feature) Some usecases enforce all of them --- Even though public-key encryption enjoyed huge popularity in academy and critical infrastructure... Security to this day is still mostly passwords (something you know) --- ### The Dunning–Kruger effect of passwords  - I use different passwords everywhere -> `Password123, Password124` - I Obfuscate my passwords (using only every second character) - I use random passwords but with meaning! (`1_10v1_my_c47`) --- ## On password managers  --- ## On offline password managers Nobody uses offline password managers :man-shrugging: <small>...except a few neckbeard geek hackers like me</small> --- ## Biometry - A user has 92 online accounts on average for daily use - We realized it's too much so we started putting fingerprint scanners and faceid into phones - Which you still can't use on websites - Cannot change (linkability issues) - Leaks (privacy issues) --- ## Hardware tokens - Expensive - Loss results in complete service lockout --- The only infrastucture where authentiction was approached the right way from the start is web3! --- ## Pros (excerpt :D) - Signing time-bound challenges is the way Diffie and Hellman made for us in 1976 - Revocation lists solve leakage automatically (naive broadcast encryption TLS works this way) - Multiparty key-agreements, even ephemeral (see zCash) --- ## Cons - Private keys still leak - Especially if they are derived from the same seed - There exist bad plaintext you should never sign - Crypto operations still take place on untrusted EE --- ## WebauthN and Passkeys - FIDO alliance, recognizing these downsides created webauthn in order to delete passwords once and for all - This is currently how yubikeys work (mostly) - Textbook webauhtn is already supported by major providers such as crypto exchanges --- - A step further FIDO put yubikey in your phone - The "private key" is derived/unlocked by your fingerprint/faceId - You can login to a website the same way you unlock your device - Google and Apple is already enforcing this on you without your knowledge :) --- ## Ledgers and Trezors  - always worked the same way - yet users and experts criticize crypto for the lost funds --- ## On account abstraction - AA existed way before the current craze - Just in many different ways - ERC4337 only standardized it --- ## Major AA usecases - On-chain subscription - Easy Role delegation - Social recovery - AUTOMATION - Custodial wallet with blockchain as the custody --- - EOAs initiate a UserOp with a... digital signature - That "bundlers" bundle together (think a second layer of miners) - And forward to an entrypoint in your name Does this auth process ring a bell? --- ## Mixing Passkeys into your AA wallet - One device for both google and your DeFi - Both uses standard ECDSA (AA wallets doesn't have to authorize only ETH way) - Social recovery still possible with a lost wallet - Doesn't leak your biometric features - Inexpensive (ARM trustzone comes with your device) --- ... it comes with your device? :thinking_face: - Current passkey implementations do not have a threat model for compromised devices - Even with ARM Trustzone in the picture - Malware doesn't have to hack the SE, only get your biometric data - The SE is not the only way to get your private key - YOU ARE --- ## Ledgers for Passkeys? - Comes with the same issues as ledger itself - Expensive - Ledger Live has no offline mode :warning: - EAL5 does not resist sophisticated SC and FA attacks --- ## Proposal  - CC EAL6+ - Inexpensive - Supports a variety of cryptographic algos - Multi-interface - Passkeys + AA --- Spare a momment to validate? https://tinyurl.com/2th7wtjd  --- Thanks for your attention! https://silur.dev https://www.linkedin.com/in/silur @silur@infosec.exchange