[Phase 3] HIP 27: Allow 1-character mistakes in displayed addresses

juanu · January 5, 2022, 3:17pm

HIP: 27
title: Allow 1-character mistakes in displayed addresses
author: @Mizu @juanu
status: Phase 2
created: 20

Simple Summary

This proposal would modify the registry policy to allow for limited mistakes or omissions in the address displayed in a profile’s video.

Abstract

Many profiles get challenged due to mistakes affecting a single character in the address displayed by the submitter in their video. This proposal would make it so a single such mistake would no longer be grounds for rejection. This would not reduce the security of the profile or the PoH registry in any practical terms as will be demonstrated below.
Motivation

Submitters will often write down their address by hand instead of printing it or displaying it on another screen. This might be because they don’t have a printer or another device with a screen they can easily display it on, or simply because they find writing the address by hand to be more convenient at that time.

As one might expect, it is often the case that submitters make mistakes when copying their address. Sometimes, these are significant errors such as the omission of a large part of the address, in which case it might be possible for an attacker to generate matching addresses, but often the error will affect only one character. We may distinguish 4 types of errors:

- omitted character: a character is omitted from the address (e.g. “abcd” → “abd”)
- mistaken character: a different character has been written in place of the one expected in that position (e.g. “abcd” → “ab9d”)
- swapped adjacent characters: two characters adjacent to each other have been swapped (e.g. “abcd” → “acbd”)
- additional character: an additional character has been inserted anywhere in the address (e.g. “abcd” → “abc0d”)

This proposal would allow at most one of the above three errors in a displayed address. The effects on the security of an address (i.e. on the ability of an attacker to find a private key generating an address which would match the displayed address) would be the following:

- omitted character: 9.32 bits: lg(40*16): 40 positions to insert the missing character which has 16 possible values
- mistaken character: 9.23 bits: lg(40*15): 40 characters with 15 possible invalid values each
- swapped adjacent characters: 5.29 bits: lg(39): 39 possible swaps of adjacent characters, although note that this can be slightly lower still since not all swaps have an effect (e.g. in “abbd”, swapping the two "b"s has no effect)
- additional character: 5.36 bits: lg(41): 41 choices for which character to delete

Note that if a character is missing (case 1.) the three other cases are no longer allowed, and conversely, if the displayed address has all 40 characters (case 2. and 3.), the first and fourth cases are no longer allowed, and if there is an extra character, then only case 4. may be considered. As a result the maximum security loss is max(lg(N_1), lg(N_2 + N_3), lg(N_4)) = max(9.32, 9.32, 5.36) = 9.32 bits, reducing the total security of an address from 160 to 150.68 bits. Given the low stakes involved in being able to create a fake profile with an existing PoH registration video and the fact that no one is likely to be able to crack 150 bits of an Ethereum key for the foreseeable future, this should be an acceptable security compromise.

At this point, it is worth noting that there is one disadvantage to this proposal: It will no longer be possible to find a person’s profile from the video alone without trying all possible allowed errors, which is to say 639 trials in the worst case. This is easily remedied with a simple software loop, but something to keep in mind.

Specification

The following text will be appended at the end of the first bullet point of subsection 4. of the “List of current required/optional elements and submission rules”:

A single one of the following errors occurring once will be tolerated in the displayed address:
- omitted character: a character is omitted from the address (e.g. “abcd” → “abd”)
- mistaken character: a different character has been written in place of the one expected in that position (e.g. “abcd” → “ab9d”)
- swapped adjacent characters: two characters adjacent to each other have been swapped (e.g. “abcd” → “acbd”, but not “adcb”)
- additional character: an additional character has been inserted anywhere in the address (e.g. “abcd” → “abc0d”)

As stated on the effects on security, 1 character does not add a great impact on security, but it does greatly impact on UX and humans registering making honest mistakes.
It could be argued that in a future time, we could be allowing more characters mistakes, which would lead to a slippery slope. The key point is to maintain security and adding more characters would have a greater impact on security. 1 character mistakes can be considered as a good balance between honest mistakes while maintaining security.

Mission Board Ratification

Since this HIP has been recreated from an existing phase 2, the proposers have asked the Mission Boards to ratify the validity of this HIP. The board’s vote on this phase 3 is proof enough that they confirm it’s validity. (See Special binding Mission Board Ratification: HIP 27)

SNAPSHOT URL

Nyjo · January 10, 2022, 5:43am

Hello everyone, I do not know if this is the means to express myself in this regard, but I am a person who is currently in the voting phase in the court of Kleros, and I agree with the approval of this HIP, of the Research I do I see that many are challenged by errors like this. To err is human and this is human error, this is proof that we are human. I do not know how my trial ended in Kleros but it does not seem fair that in the majority not to mention in all trials of this type there is only one vote that is the one who raises the dispute and not anyone else from the Kleros council. …if I hereby request that you help me with a vote in favor so as not to lose the money and time invested in this project, I thank you. It must be taken into account that, like me, many of us carry out this registration out of necessity, because we want to have a more dignified life, and losing a very strong value of money and not entering due to human error is a dagger in the pocket of each of the that we were wrong in the video. It should be noted that I have uploaded a new video as evidence that cannot be done but somehow I need to try to fix this and not lose money … every time an evidence is uploaded there is an economic cost that adds to the value insurance … I made the effort not to lose everything … I ask for your help not only for me but for many who do not even know that they are Challenged. Thank you for your time and hopefully my case will be solved since there are only a few days left.

NTP · January 10, 2022, 11:11am

I do not believe this is a good idea at all. We can mitigate against these errors by forcing more confirmation checks in the registration process (Are you sure you have the correct address? ARE YOU DOUBLY SURE YOU HAVE THE CORRECT REGISTRATION ADDRESS? and so on). Changing the rules will only complicate things even more for identification purposes. We are not allowed to use any document with errors - like passports and driving licenses - so why should PoH?

Nyjo · January 10, 2022, 3:44pm

Because passports and driving licenses are documents issued by a government entity in each country without failures, the eth address is an address that must be manipulated by the person who performs the registration and that is where errors can occur, many of us are just understanding this world of wallets and cryptos and this new world, so erring is something that can be easily done because we are human and we make mistakes

NTP · January 10, 2022, 4:00pm

I understand what you’re saying, but even with licenses and passports, they rely on our accurate information. You can’t get a number of your address wrong, or the wrong initials in your name or telephone number etc. The idea that you can create an identification as important as PoH means it has to be airtight. Otherwise what’s the point? Sorry to be so pedantic, but I really believe it’s not the process that’s broken, but the way people are guided to complete the process properly. At the moment the instructions are just not good enough, and it actually has little to do with crypto and wallets and everything to do with social engineering and proper professional user on-boarding and interfaces.

ludovico · January 11, 2022, 2:12pm

they would be registering with the proper and accurate address, process would be still up and running. This does not break anything, the registered human will still be a unique person in the registry, only a tiny fraction of them would have a video with a sign with a mistake in it.

Nyjo · January 12, 2022, 12:35pm

My case has just come out of the voting phase and as I comment only one vote defined that I lost the case, now in the appeal phase I am not clear what should be done, but completing the money that is requested to complete this stage is for me impossible to complete … so I understand that I lost my money … I understand that this HIP leaving phase 3 is already approved and with that the case should be considered valid in my favor … and if someone guides me what else I can do so as not to lose the money I thank you in advance

ludovico · January 12, 2022, 5:38pm

Historically, the approval of new HIPs do not apply to cases that started before it is approved. Also the HIP has not been updated in the primary document, so this hip is still not valid for your case.