Amid the inconvenience caused by the COVID-19 pandemic came an encouraging piece of news: The Taiwan Digital COVID-19 Certificate is now recognized by the European Commission as equivalent to the EU Digital COVID Certificate.
This implies that for people who were vaccinated in Taiwan, the EU will one day be able to map their vaccination records by scanning their digital certificates, accelerating arrival procedures.
The magic behind this technology is blockchain cryptography.
Blockchains are known for being decentralized and immutable. Authenticity of data or a sender can be trusted because blockchain protocol is based upon public-key cryptography, also known as asymmetric cryptography.
This uses a pair of keys for encryption and decryption, one public and one private. A private key generates a public key, but only paired keys can decrypt each other.
Digital signatures are an important real-world application of public-key cryptography.
If person A wants to send a message to person B, the digital signature ensures that B is the only recipient and that A is the author.
The steps are as follows:
First, A sends its public key to B and B sends its public key to A.
Second, A encrypts the data with its private key, generating a confidential document. Then, it uses a cryptographic hash function to generate a hash value to send the file.
Next, A uses B’s public key to encrypt the confidential document, along with the hash value, generating a confidential document for B. This process ensures that only B can decrypt it.
Third, when B receives the confidential document, B uses its own private key to decrypt it and obtains the original file and the hash value.
After that, B uses A’s public key to ensure that the document is from A.
Fourth, B uses the cryptographic hash function to compute the hash value after decryption. If the value is the same as the hash value received, B can be assured that the information has not been tampered with in transit.
As the hash values computed by hash functions are immutable — meaning it is impossible to find the original value through reverse calculation — there is no way people can get to the source text.
This is how the digital signature scheme verifies identities and ensures data integrity.
Digital certificates are akin to digital IDs. Digital certificates contain the owner’s name, serial number, the expiration date of the certificate and a copy of the owner’s public key — which requires its corresponding private key to verify its authenticity — and the issuer’s digital signature, so that the recipient can verify the authenticity of the certificate.
In addition to the digital vaccine certificates, the Executive Yuan in January 2019 approved the National Development Council’s Smart Government Action Plan.
To integrate government services, it plans to replace the old-type national identity card with a digital identity card that combines the ID card with the citizen digital certificate. This is another example of digital certificates.
The blockchain technology might still be in its nascent stage, but its wider application is just around the corner.
What remains is for government departments to work together to complete regulations to ensure people’s information is kept secure and their personal data protected.
Chen Wan-yu is a Chiayi District Court judge.
Translated by Rita Wang
Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.
