Account Recovery with Expanded Password System
Account recovery is a very tricky issue. It would be even trickier when it comes to the account recovery for decentralized/distributed digital identity systems with which we cannot rely on a central authentication server that can hold any volume of personal verification data.
What we need to take into consideration are
- The private key of a public/private key pair to be possessed by the user is supposed to play a critical role for the safe account recovery in decentralized/distributed digital identity.
- A cryptographic key stored on a device would be lost when the device is lost.
- Whatever physically exists can be physically stolen and abused.
- A valid account recovery solution must contain a valid authenticator in its process as the minimal requirement whether centralised or decentralised/distributed.
It is these observations that drove us to propose the re-generation of the private key on-the-fly from our image memory
There is nothing complex in the process of converting our image memory to a cryptographic key; Each image contains a large volume of unique data that works as the high-entropy image identifier. Alternatively, we can allocate a large volume of unique data to each image as the image identifier. Incidentally, alphabets and numbers are handled as the images.
When a set of multiple images are selected, whether in permutation or in combination, as the secret credential, the sum of the image identifier data will naturally have a unique and confidential data of a very high entropy that can work as the seed of a cryptographic key, whether symmetric or asymmetric.
The regenerated private key could be used as the element or one of the elements to get the account recovered. For practicality, users would be encouraged to have multiple copies of the image-to-code converter module and store them at multiple places.
A bad guy who has luckily grasped the software module would still face huge difficulties in finding the correct set of images to regenerate the correct private key and getting the legitimate user's account recovered for the bad guy to take it over. There are various techniques to hamper brute force attacks in both online and offline.
Where a private key is given by another party, a module containing a formula that turns the seed into the given private key should be added at the end of the image-to-code conversion. When designed as such, the program would eliminate the key along with all the halfway data when the program is shut down. The key no longer exists physically but can be regenerated from our memory at any time. This is the on-the-fly key regeneration by Expanded Password System.
This is not just a hypothesis. The ‘Image-to-Code Converter’ software to generate a cryptographic key had been completed and announced as ‘CyptoMnemo’ and ‘Authority-Distributed CryptoMnemo’ in 2004-2005 although we soon became unable to put it on the market due to the lack of budget. We could certainly consider the revival of the project with the latest safe coding technologies when we have secured the budget for it.
Last but not least, the essential point is that we do not rely on 'hard-to-remember' and 'easy-to-evaporate' text passwords but rely on 'hard-to-forget' and 'panic-proof' episodic image memory that had solidly fixed deep in our brain for many years as the original seed of the cryptographic keys.
< References >