[Epic] X509-based verification of Matrix devices

Traditional device verification is done interactively by comparing emojis or scanning a qr-code. Obviously this is not very practical for government-to-ciitzen interaction. Thus, we want to implement x509-based device verification.

Notes/Resources

  • Requirement uIDs (from #299 (closed)): Zapuk_109; LB_26; LB_30; LB_32; LB_34
  • Requirement uIDs: LB_30, LB_32, LB_33, LB_35

Mockup

Mockup of x509-based device verification

(slide 27 from our talk at Matrix Conference 2024, source)

Fragments from chats about this topic

Please consider the risks when signing personal data. This is why cryptographers demand that EUDI Wallet should never exposes any signed data to the relying party but instead should use zero-knowledge proofs for this purpose (see https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/211). If user data is signed, in case of a data breach, everyone worldwide can verify that the leaked data is authentic. See also https://otr.cypherpunks.ca/otr-wpes.pdf for some academic background.

The better approach to that:

x.509-based verification keeps coming up (sweden, fitko, and now gematik); on the element side, the best suggestion is to define a verification mechanism similar to SAS or cross-signing or fingerprint-comparison which says “if your olm pkey has been signed by a trusted x.509 key, then consider it verified"

We also will probably need a way to verify additional information like the type of account, so e.g. whether somebody is a competent authority (Fachbehörde) and which type of Fachbehörde.

Solution: Let's include that information in the X509 certificate. This way, this information is still signed (part of the x509 certificate) but only revealed when the actual channel/device is verified. Using zero-knowledge proofs would be the better alternative to directly signing the olm key (because then the signed data (certificate) never needs to leave the certificate holders device).

That's basically what https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/211 suggests but requires some crypto engineering and implementation.

Just signing the olm key would be much simpler but hat all the downsides of signing personal data (not because of the olm key signature but because the certificate containing signed personal data needs to leave the certificate holders device in order for the other party to verify the olm key signature)

Might be interessting in this contect: ZKP in Matrix: https://matrix.org/blog/2025/05/23/this-week-in-matrix-2025-05-23/#foundational-research-paper-on-garbage-collection-in-matrix-using-cryptographic-proofs

MSC 4316 proposes a solution for this but it's not ideal from a privacy perspective.

Edited by Marco Holz