IACR published Smart-ID’s cryptanalysis
Augustin P. Sarr, a researcher at the Gaston Berger University in Saint-Louis, Senegal, published a cryptanalysis of Smart-ID system in which he also takes a look at a very important aspect of Smart-ID’s system – the clone detection mechanism that is used to discover and reveal any cloning attempts.
The article, which was published on the International Association for Cryptologic Research’s website in the beginning of December, concludes that if specific conditions are met, then a hypothetical attacker could guess the PIN codes of a Smart-ID user without the user ever finding out about it.
Sarr’s research is based on the earlier publications of scientists working at AS Cybernetica, which were presented at the ESORICS 2017 symposium. In these publications, the authors describe the first iteration of Smart-ID’s design, but do not talk about the freely accessible protocol description of Smart-ID.
Before being introduced to the wider public, Smart-ID’s system underwent multiple development stages during which various attack scenarios were analysed and additional security features were created and introduced to combat them. Smart-ID is evaluated at EAL4+ according to the Common Criteria standards. Smart-ID’s capability of withstanding various attacks was also evaluated during this security evaluation.
Smart-ID’s technical documentation is available to everyone and can be found here: https://github.com/SK-EID/smart-id-documentation/wiki/Technical-overview