Paper 2023/1398

To attest or not to attest, this is the question – Provable attestation in FIDO2

Nina Bindel, SandboxAQ
Nicolas Gama, SandboxAQ
Sandra Guasch, SandboxAQ
Eyal Ronen, Tel Aviv University

FIDO2 is currently the main initiative for passwordless authentication in web servers. It mandates the use of secure hardware authenticators to protect the authentication protocol’s secrets from compromise. However, to ensure that only secure authenticators are being used, web servers need a method to attest their properties. The FIDO2 specifications allow for authenticators and web servers to choose between different attestation modes to prove the characteristics of an authenticator, however the properties of most these modes have not been analysed in the context of FIDO2. In this work, we analyse the security and privacy properties of FIDO2 when different attestation modes included in the standard are used, and show that they lack good balance between security, privacy and revocation of corrupted devices. For example, the basic attestation mode prevents remote servers from tracing user’s actions across different services while requiring reduced trust assumptions. However in case one device is compromised, all the devices from the same batch (e.g., of the same brand or model) need to be recalled, which can be quite complex (and arguably impractical) in consumer scenarios. As a consequence we suggest a new attestation mode based on the recently proposed TokenWeaver, which provides more convenient mechanisms for revoking a single token while maintaining user privacy.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2023
Fido2Passwordless authenticationWebAuthnTokenWeaverAttestation
Contact author(s)
nina bindel @ sandboxaq com
nicolas gama @ sandboxaq com
sandra guasch @ sandboxaq com
eyal ronen @ cs tau ac il
2023-09-21: approved
2023-09-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nina Bindel and Nicolas Gama and Sandra Guasch and Eyal Ronen},
      title = {To attest or not to attest, this is the question – Provable attestation in FIDO2},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1398},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.