Privacy-Preserving Biometric Matching Using Homomorphic Encryption

TL;DR

This paper introduces a privacy-preserving biometric authentication protocol using fully homomorphic encryption, enabling secure remote matching of biometric data while maintaining user privacy and device authentication.

Contribution

It presents a novel protocol based on FHE for biometric matching that ensures privacy and security, along with a proof-of-concept implementation and performance analysis.

Findings

The protocol maintains biometric privacy during remote matching.

Implementation demonstrates feasibility with potential for real-world use after optimizations.

Performance results highlight the computational challenges of FHE in biometric applications.

Abstract

Biometric matching involves storing and processing sensitive user information. Maintaining the privacy of this data is thus a major challenge, and homomorphic encryption offers a possible solution. We propose a privacy-preserving biometrics-based authentication protocol based on fully homomorphic encryption, where the biometric sample for a user is gathered by a local device but matched against a biometric template by a remote server operating solely on encrypted data. The design ensures that 1) the user's sensitive biometric data remains private, and 2) the user and client device are securely authenticated to the server. A proof-of-concept implementation building on the TFHE library is also presented, which includes the underlying basic operations needed to execute the biometric matching. Performance results from the implementation show how complex it is to make FHE practical in this context, but it appears that, with implementation optimisations and improvements, the protocol could be used for real-world applications.