Anon Aadhaar [en/cn]

Published on
All posts

Chinese version is available here.

Special thanks to Vu Vo, Mashbean, Andy Guzman, and Yanis Meziane for their rapid review and feedback!

Introduction to Aadhaar

Aadhaar, meaning "foundation" in Hindi, is the world's largest digital identity program, driven by the Indian government and involving about 1.2 billion people, roughly 90% of India's population. Launched in 2009 with the first Aadhaar Number issued in September 2010, it predates the widespread discussion of DID/UID in the 2020s.

The Unique Identification Authority of India (UIDAI), established in January 2009 under the Ministry of Electronics and Information Technology, manages the applications, issuance, and maintenance of Aadhaar numbers. Any Indian citizen or foreign nationals residing in India for more than 182 days in the past year can apply voluntarily to UIDAI.

Source: www.uidai.gov.in
Source: www.uidai.gov.in

Applicants must provide their name, address, gender, date of birth, photograph, two iris scans, and ten fingerprints to receive a 12-digit Unique Identifier (UID), also known as the Aadhaar Number or UIDAI Number.

Paper version of Aadhaar Number
paper version of Aadhaar Number

Initially, Aadhaar was issued as a paper card but is also available as a PDF or image file. From 2020, a PVC card version has also been available.

pvc version of AN
PVC version of AN

The Indian government began developing a unified identification system around 2000 due to territorial disputes, wars, and illegal immigration issues. Before this, India's ID systems were fragmented, including passports, voter IDs, driver's licenses, ration cards, birth certificates, and income-tax PAN cards.

Benefits

The national UID initiative offers several advantages:

  1. Direct Benefit Transfer: This system has improved the efficiency of social welfare policies and subsidy programs, such as monthly concessions on essential goods for low-income families and subsidized natural gas purchases. Aadhaar allows direct transfer of benefits, reducing fraud involving multiple identity cards and collusion with retailers. According to government data, expenditure on gas subsidies dropped by 24% in 2014-2015.

  2. Attendance Monitoring: Aadhaar links to attendance systems to address issues with tardiness and absenteeism among public servants.

  3. SIM Card Registration: The system reduces the number of SIM cards an individual can hold, which is particularly relevant for combating fraud industry.

  4. Streamlined Application Processes for Other Government Documents: Aadhaar, being a relatively low-level proof of identity, can accelerate the application processes for more rigorously verified documents like driver's licenses and passports.

Concerns and Criticism

The aforementioned benefits mostly reflect the perspective of the state/government. However, from the people's viewpoint, the Aadhaar system has many controversial issues:

  1. Privacy: This is undoubtedly the biggest controversy. The Aadhaar system could be used for surveillance and infringing on citizens' privacy—a double-edged sword of efficiency and centralization. For instance, after integrating Aadhaar numbers with the health care system, some HIV patients chose to stop treatment. There have indeed been lawsuits against the government, though the Supreme Court of India has ruled the benefits outweigh the drawbacks.

  2. Security: As a government-established system (even if it is by Indians), the database's security seems inadequate, with several instances of data theft. For example, in 2018, the former UIDAI director R. S. Sharma publicly shared his Aadhaar number on Twitter to demonstrate the system's security. However, it clearly failed as within hours, Sharma’s phone number, address, birthday, phone model, and email were publicly disclosed. In 2017, a significant data leak was confirmed, with similar incidents in 2018. Given the large volume of sensitive personal information involved, this is a serious issue. On the other hand, having a decentralized and fragmented system has its advantages.

  3. Exclusivity: Legally, Aadhaar is a "voluntary" system that should not result in differential/discriminatory treatment for those without an Aadhaar number. However, not joining a system used by the majority often means exclusion. For example, Line is the most popular communication app in Taiwan. No matter how poorly it performs, if a person does not have a Line account, he/she will be excluded from much information and many services. Consequently, non-resident Indians or foreigners living in India might find it harder to access services like SIM cards, which were previously easily available. Additionally, if Aadhaar becomes a necessary credential for welfare policy subsidies, it could exclude those who do not possess it. This issue is also prevalent with Japan's My Number card and the related health welfare policies.

  4. Accuracy: When the government uses the Aadhaar system for identification, the massive population poses a challenge. For instance, if fingerprints from a crime scene are matched against the Aadhaar database, even a 99.999% accuracy rate could result in thousands of false positives (Type I errors).

It's important to keep in mind that when considering the potential problems brought by the Aadhaar system, it is crucial to distinguish whether these issues are inherent to all UID systems or are unique to the Aadhaar solution.

Concerning the first point about privacy issues, the following introduces Anon Aadhaar, a viable solution.

Introduction to Anon Aadhaar

By separating the public key and private key, Asymmetric Cryptography provides the technical foundation for secure communication and authentication. At the same time, Zero-Knowledge Proofs (ZKP) further protect the privacy of the prover during the authentication process. ZKP is an important research area within the field of Programmable Cryptography, first proposed in 1989. It gained wider acceptance and application after zkSNARKs were introduced in 2013 and is a key technology for privacy protection.

ZKP allows for the verification of a statement's truth without revealing the prover's input.

A simple example: Without ZKP, when buying alcohol, you must prove you are over 18 by showing an ID. With ZKP, there's no need to reveal other non-relevant information on your ID, such as your exact birthdate. You don’t even need to disclose your real age; it's just verified whether you are “over 18.”

Anon Aadhaar, developed by Privacy and Scaling Explorations(PSE) — a formidable yet low-profile team affiliated with the Ethereum Foundation — aims to address the privacy concerns within the Aadhaar system. The logic of the solution is simple: Aadhaar + ZKP = a privacy-assured Aadhaar (Anon Aadhaar).

pvc version of AN
The login system created by the PSE team utilizes Anon Aadhaar.

Currently, Anon Aadhaar is not officially adopted, but as an open-source SDK, it could serve as a component/foundation for other projects (yes, I choose the word "foundation" intentionally :P). For ongoing related projects, refer to the list at the end of the article by PSE.

While ZKP offers significant privacy security, it still falls short of perfect anonymous credentials, such as selective disclosure (July 2024 Update: The "selective disclosure" feature is now supported. See the image above.), data recovery/migration, better interoperability between systems, and faster verification (current ZKP still requires extensive circuit computation).

Relevant Concept Discussion: DID / UID

Decentralized Identifier (DID), Proof of Personhood (PoP), and Unique Identifier (UID) are three easily confused concepts. While definitions for these terms are not perfectly precise, we can understand them through plain common sense: DID emphasizes decentralization and portability of identity data, usually achieved through blockchain technology; PoP stresses verifying real human identity in digital systems to prevent fraud, sybil attacks, and manipulation; UID is a general term, aiming to achieve "Mutually Exclusive & Collectively Exhaustive (MECE)" within identity systems.

The Aadhaar discussed here is a UID, or more specifically, a Proof of Citizenship (PoC), which can be used as a form of PoP. For example, if you have a Taiwanese natural person certificate (PoC), you should be able to directly prove your real human status (PoP) with a high score on the Gitcoin Passport system.

For the pros and cons of using official PoC as PoP, refer to the following framework adapted by PSE from Vitalik's ideas. pvc version of AN

Conclusion

As technologies like Account Abstraction (AA) and ZKP mature, there have been many interesting attempts with DID + Wallet projects recently. For instance, "Proof of Passport" is a project using passport NFC to create SBTs; "Myna" is a AA solution that using Japan's government-issued My Number Card as a hardware wallet. The required technologies are seemingly mature, now just waiting for regulatory improvements and practical implementation. Overall, this is an exciting and promising track.

Notes

  • The ZKP used in Anon Aadhaar is zkSNARKs.
  • Regarding the Selective Disclosure feature, according to the core developers of the Anon Aadhaar project, they are developing it and will soon introduce this feature.

Reference

[ 中文版本 ]

特別感謝 Vu VoMashbeanAndy GuzmanYanis Meziane 的討論與回饋!

Aadhaar 簡介

Aadhaar,印地語(Hindi)中是「基石 / foundation」的意思,是一個由印度政府推動,已有 12 億人參與(佔印度總人口約 90%),目前地表最大的公民數位身分計畫。它於 2009 年推出,並在 2010 年 9 月發出第一組 Aadhaar Number,時間上遠早於 2020 年代被廣泛討論的 DID/UID 議題。

程序上,只要是一位印度公民,或是過去的一年內在印度居住超過 182 天的外國公民,都可以自願性的向 印度唯一身分識別機構(Unique Identification Authority of India, UIDAI)提出申請。

UIDAI 成立於 2009 年 1 月,是一個下轄於電子資訊科技部(Ministry of Electronics and Information Technology)的機構,主要權責就是處理 Aadhaar 號碼的申請、發放、管理與維護。

Source: www.uidai.gov.in
Source: www.uidai.gov.in

具體來說,申請者需要提供「姓名、住址、性別、生日、照片、兩個虹膜、十個指紋」等資料,能換得一個 12 位數字的 Unique Identifier (UID),這個 UID 就是 Aadhaar Number,或也被稱作 UIDAI Number

Paper version of Aadhaar Number
紙本版本的 Aadhaar Number

形式上,Aadhaar 預設是一張紙,也可以拿到 PDF 檔或圖片檔案。從 2020 年開始,也能另外申辦 PVC 卡片 的版本。

pvc version of AN
PVC 卡片版本的 Aadhaar Number

從歷史上來看,由於領土邊界爭議、戰爭、非法移民等問題,印度政府大約在 2000 年左右開始研擬一套統一的身分認證系統。在此之前,印度的身分認證系統相當混亂,例如同時存在護照、選民身分證、駕照、配給卡(ration card)、出生證明、所得稅卡(income-tax PAN card)等多個獨立的體系。

優點

在國家層面推行的 UID,可以被理解為一套實名制系統。除了直觀上可以提高行政效率之外,還有許多好處,例如:

  1. 福利轉移(Direct Benefit Transfer):印度有一套物資配給的社會福利政策,讓低收入家庭在必要物資上每月享有減免;此外,還有一套天然氣補助政策,讓受補貼者可以以優惠價購買瓦斯,政府則賠償公司的損失。在過去,有心人士可以輕易利用多重身分來詐取政府的福利,例如多申請幾張配給卡,並與瓦斯零售商勾結。採用 Aadhaar 系統後,政府可以通過 Aadhaar 直接將補貼轉移到受益人手中,並更容易識別非法或重複領取的配給卡。根據印度政府的數據,2014-2015 年間,天然氣補貼的 開支減少了 24%。當然,這些政府的數據僅供參考。是的,我認為 UIDAI 專案的初衷就是幫政府節省開支。

  2. 公務機關的考勤使用:印度公務員的遲到、早退與無故翹班是常見的,官方用 Aadhaar 連結公務機關打卡系統,甚至還做了一套全名監督的 介面 (貌似國外的 IP 是點不開的)。

  3. 手機 SIM 的實名化認證:降低一個人同時擁有過多手機號的情況,畢竟通常只有詐騙集團、水軍刷分公司這些垃圾產業從業人口才需要。

  4. 加速其他政府文件的申辦:不同的政府文件對於身分識別而言,具有不同的認證強度,因此認證過程的嚴謹程度也有所不同,例如駕照的發行明顯比護照更簡便,Aadhaar 卡作為一種相對低階的身分證明系統,可以用它來加速其他嚴謹程度更高的文件的申辦流程。

問題與批評

上述的優點大多是站在國家/政府的角度出發。但如果從人民的角度來看,Aadhaar 體系存在許多值得爭議的問題

  1. 隱私權:這無疑是最大的爭議點。Aadhaar 系統可能被用於監控和侵犯公民隱私,這是效率與中心化的雙刃劍。例如 Aadhaar 號碼整合健保系統後,有 HIV 患者選擇停止治療。也真的有人為此把政府告上法庭(似乎有點作秀的動機),不過目前印度最高法院的判定是利大於弊。

  2. 安全性:由於是政府建立的系統(即便是由印度人),資料庫的安全性似乎不足,已經有過多起資料被盜的前例。例如 2018 年時,前 UIDAI 總監 R. S. Sharma 在 Twitter 上公開他的 Aadhaar 號碼,想試圖證明系統的安全性;但是很明顯是失敗的,在幾個小時內,Sharma 的手機號碼、地址、生日、手機型號、信箱都被公諸於世。在 2017 時確認曾有過大量資料的 洩漏問題,2018 年時也有類似的 案例。考慮到涉及大量個人敏感資訊,這是一個嚴重問題。(從另一個角度來看,分散且割裂的系統還是有好處的,等於變相做了很多的斷點。)

  3. 排除性:法律上,Aadhaar 是一個“自願性”的系統,不應因為沒有 Aadhaar 號碼而進行差異化/歧視性待遇。但實際上,不加入多數人使用的系統,往往意味著被排除在外。例如在台灣,Line 是多數人的選擇,所以無論客觀上它做的多垃圾,沒有一個 Line 帳號是不方便的。因此,不住在印度的印度人或居住在印度的外籍人士可能發現,一些以往容易獲得的服務,如 SIM 卡,現在變得難以取得。再加上福利政策補貼的配給方式,若 Aadaar 作為必要認證的要素,將對未持有 Aadhaar 的申請者造成排他性。這個問題也出現在日本的 My Number 卡與健康福利政策的議題上。

  4. 精確度:當政府想利用 Aadhaar 系統進行判斷時,必須考慮到龐大人口帶來的問題。例如,犯罪現場的指紋如果用 Aadhaar 數據庫反推嫌犯,即使正確率高達 99.999%,在 12 億用戶的情況下,可能導致萬人被誤判(偽陽性問題,或型一錯誤 Type I Error)。

在考慮 Aadhaar 系統帶來的潛在問題時,需要明確區分,這些問題是所有 UID 系統共有的,還是由於 Aadhaar 這一解決方案獨有的新問題。針對第一點關於隱私權的問題,以下要介紹的 Anon Aadhaar,給了我們一個可行的解決方案。

Anon Aadhaar 介紹

透過分離公鑰與私鑰,非對稱加密(Asymmetric Cryptography) 為安全通訊與驗證(authentication)提供了技術上的基石。與此同時,零知識證明(Zero-Knowledge Proof, ZKP) 技術能進一步的保護驗證過程中,證明者(prover)的隱私。ZKP 是 Programmable Cryptography 學科下的一個重要研究領域,首次於 1989 年被提出,在 2013 年 zkSNARKs 被提出後得到更廣泛的接受和應用,是保護隱私的關鍵技術。

簡化來說,ZKP 允許在不透露證明者輸入(prover’ input)的情況下,證明某個陳述(statement)的真實性。

舉個常見例子:在沒有 ZKP 的情況下,你(prover)去超市買酒時,需要證明自己超過 18 歲(statement),必須出示身分證(prover’s input)。但有了 ZKP,就無需透露身分證上的其他非相關資訊,如生日、婚姻狀況、戶籍地等。你甚至不需要透露真實的生日/年齡,因為最終只需確定是否“超過 18 歲”。

Anon Aadhaar 是 Privacy and Scaling Explorations (PSE) —— 一個隸屬於 Ethereum Fundation 的超強卻低調團隊 —— 完成的項目,旨在解決 Aadhaar 系統中的隱私問題。解決方案的邏輯是簡單的:Aadhaar + ZKP = 一個可以保障隱私的 Aadhaar(Anon Aadhaar)。

picture Anon_Aadhaar
使用 Anon Aadhaar 做的登入系統(by PSE team)

目前 Anon Aadhaar 還不是官方採用的系統,但作為一套開源的 SDK,可以作為其他專案的組件。有關正在進行的相關專案,可以參考 PSE 撰寫的文章末尾的列表。

雖然 ZKP 提供了高度的隱私安全性,但距離完美的匿名憑證 (Anonymous Credentials) 還是有段差距,例如支持選擇性透露(Selective Disclosure)(2024-07 更新:現在已經支援“選擇性透露”的功能了!見上圖)、身分資料的恢復與轉移(Data Recovery / Migration)、更好的系統可互通/互操作性(Interoperability)、可以快速進行驗證(目前 ZKP 還需較長時間的 circuit 計算)。

概念延伸 DID / UID

分散式識別符(Decentralized Identifier, DID)、人格證明(Proof of Personhood, PoP)、獨立識別符(Unique identifier, UID)是三個容易混淆的概念。雖然對這三者的定義尚無完美精確性,但我們可以用樸實的常識來理解:DID 強調去中心化與身分數據的可攜性,不一定要,但通常是用區塊鏈技術來實現;PoP 強調在數位系統中驗證真實人類身分,以防詐騙、攻擊、操縱;而 UID 是一個比較廣泛的詞彙,指的是在身分系統中,試圖做到「彼此獨立,互無遺漏」(Mutually Exclusive & Collectively Exhaustive, MECE)。

本文談的 Aadhaar 是一種 UID,或更準確的說是一種 Proof of Citizenship (PoC)。我們可以利用這種 PoC 可以作為一種 PoP 的形式。例如,如果有台灣自然人憑證(PoC),在 Gitcoin Passport 系統上,理應要能直接有一個超高分數證明你是真人(PoP)。

關於使用官方推行的 PoC 來做 PoP 的優缺點,可以參考以下由 PSE 改編自 Vitalik 想法的框架: pvc version of AN

結語

隨著帳戶抽象化(AA)和零知識證明(ZKP)等技術逐漸成熟,DID + Wallet 類型的專案最近出現了許多有趣的嘗試。舉例來說,「Proof of Passport」是一個利用護照 NFC 來製作 SBT 的專案;而「Myna」則是一個將日本政府發行的 My Number Card 用作硬體錢包的抽象錢包解決方案。需要的技術似乎都已經相當成熟,現在只等待相關法規的完善和有人將其腳踏實地的完成。總的來說,這是一個有趣又令人期待的賽道。

備註

  • Anon Aadhaar 所使用的 ZKP,具體來說是 zkSNARKs。
  • 關於 Selective Disclosure 的功能,根據 Anon Aadhaar 專案核心開發者的說法,他們正在開發,並很快就能推出這項功能。

Reference