The problem Zalileo solves

Existing Proof of Location protocols assume that the coordinates they take as an input are correct. This assumption is a hard sell due to the ease of GPS spoofing which can be done on-device but also through interference, a good example of that is during war time a military entity might spoof the GPS which can make GPS guided missles divert to different locations.

Zalileo uses navigational messages from Galileo (the European Space Agency global satelite navigation system), which recently start publicly testing OS-NMA (Open Source - Navigation Message Authentication). This technology can sign navigational messages to verify that they've come from the actual Galileo service. It does this using ECDSA P-256 and ECDSA P-521.

Challenges we ran into

Multiple issues were encountered;

• The most recent public key is has not been made publicly accessible. We have ended up signing messages ourselves to mock the behaviour, but have verified that with the actual public key it would easily swap out.
• There were issues with retrieving the correct navigational messages. This was solved by taking the phone outside... somehow this venue was blocking an accurate GPS lock.
• Issues around the signature scheme were encountered.