This document discusses using homomorphic encryption to perform biometric template matching and verification in an encrypted domain. It describes how homomorphic encryption allows certain arithmetic operations to be performed on encrypted data, enabling distance calculations to be done on encrypted biometric templates without decrypting them. Two methods are summarized - one using a semi-homomorphic Pailler cryptosystem to compute Euclidean and cosine distances, and one using a somewhat homomorphic R-LWE system to compute dot products. Both methods meet the requirements of biometric template protection by providing irreversibility and unlinkability of templates.
2. Motivation
● Biometric information is considered as sensitive data(EU General Data
Protection Regulation 2016/679)
● Biometric templates should be protected to prevent any leakage of the
underlying information
● ISO/IEC 24745 defines the international standard on biometric
information protection
3. ISO/IEC 24745
2 main requirements
★ Irreversibility: Given a
protected template, going
back to the original sample
should not be possible
★ Unlinkability: Two
templates from different
systems (protected under
different keys) should not be
linked
4. Template Protection
1. Cancelable biometrics: Biometric data is distorted or applied an
irreversible transformation
a. biohashing, bloom filters, biometric salting
2. Cryptobiometrics: Cryptographic key is whether extracted from the
biometric data or bound with it
3. Biometrics in the encrypted domain: The templates are encrypted
and processed in the encrypted domain with the help of Homomorphic
Encryption and/or Garbled circuits.
5. Verification Architecture
➔ The authentication server should not learn Tr
or Tp
➔ The database server should not learn Tr
, Tp
or trace subjects
➔ The client should not learn Tr
➔ Honest-but-curious adversary model
6. Homomorphic Encryption
● We should somehow compute distance from Tr
to Tp
● Homomorphic encryption allows us to apply arithmetic operations on
cipher texts. We can add and/or multiply ciphertexts if the encryption
system is homomorphic!
○ RSA is multiplicative homomorphic. m1
e
m2
e
= (m1
m2
)e
(mod n)
● (Semi) Homomorphic Encryption: add or multiply ciphertexts
○ we can add/multiply ciphertexts with plaintexts w.r.t. the algorithm
● Full Homomorphic Encryption: add and multiply ciphertexts
● Somewhat Homomorphic Encryption: add and multiply ciphertexts up to
a limit
7. Pailler Crypto System
● Semi Homomorphic(HE)
● Public Key Encryption
○ two keys, public key PK and private key
SK
○ ct=EPK
(pt)
○ pt=DSK
(ct)
● Probabilistic Encryption
○ EPK
(pt)≠EPK
(pt)’
● Based on difficulty of existence of
n-residue
○ given a composite n and an integer z ,
decide whether there exists y such that
z = y n
mod n 2
.
● pt ∈ Zn
Homomorphic Properties
● Ciphertext addition
○ ct1
= EPK
(pt1
), ct2
= EPK
(pt2
)
○ ct1
⊕ct2
= EPK
(pt1
+pt2
)
● Plaintext addition
○ ct1
= EPK
(pt1
), pt2
○ ct1
⊕pt2
= EPK
(pt1
+pt2
)
● Plaintext multiplication
○ ct1
= EPK
(pt1
), pt2
○ ct1
⨀ pt2
= EPK
(pt1
.pt2
)
10. Evaluation
● Gomez-Barrero et al.(2017) mentions the previous two functions in their paper and
constructed a multi-biometric verification system on top of them.
● As we have a probabilistic encryption scheme, Irreversibility and unlinkability is met.
○ Irreversibility: Given a protected template, going back to the original sample should not be possible
○ Unlinkability: Two templates from different systems (protected under different keys) should not be linked
● Both distances perform the same in encrypted format in terms of accuracy.
● Length of their feature set is 140 (F=140), and number of enrolled samples is 4.
● They report the timing of a single verification process as 5.10-4
seconds.
11. R-LWE based SWHE
● Somewhat Homomorphic(SWHE)
● Public Key Encryption
○ two keys, public key PK and private key SK
○ ct=EPK
(pt)
○ pt=DSK
(ct)
● Probabilistic Encryption
○ EPK
(pt)≠EPK
(pt)’
● Based on difficulty of Ring version of
Learning with Errors Lattice Problem.
● Examples: BGV, FV
● pt ∈ Zp
m
[x] (polynomials)
○ example plaintext: am-1
xm-1
+am-2
xm-2
+..a1
x+a0
Basic Homomorphic Properties
● Ciphertext addition
○ ct1
= EPK
(pt1
), ct2
= EPK
(pt2
)
○ ct1
⊕ct2
= EPK
(pt1
+pt2
)
● Plaintext addition
○ ct1
= EPK
(pt1
), pt2
○ ct1
⊕pt2
= EPK
(pt1
+pt2
)
● Ciphertext multiplication
○ ct1
= EPK
(pt1
), ct2
= EPK
(pt2
)
○ ct1
⨀ct2
= EPK
(pt1
.pt2
)
● Plaintext multiplication
○ ct1
= EPK
(pt1
), pt2
○ ct1
⨀ pt2
= EPK
(pt1
.pt2
)
● And more.. But these operations can be
performed up to a limit defined by the
noise budget
13. Evaluation
● the previous secure dot product calculation function is a simplified version of the secure
hamming distance computation algorithm taken from Yasuda (2017). The paper also
explains an efficient way to decrypt only the constant term. Moreover, the secure tool is
used to build a challenge-response based verification system. (a different protocol than the
picture we have seen)
● Again, as we have a probabilistic encryption scheme, Irreversibility and unlinkability is met.
● No loss in accuracy.
● They report the timing of a single verification process as 5.10-3
seconds. It sounds worse
than Gomez-Barrero et al.(2017). However their feature set F can be up to 2048 in the
reported timing. (it was 140 in Gomez-Barrero et al.(2017))
14. REFERENCES
Gomez-Barrero, M., Maiorana, E., Galbally, J., Campisi, P., & Fierrez, J. (2017). Multi-biometric template protection based on
homomorphic encryption. Pattern Recognition, 67, 149-163.
Yasuda, M. (2017). Secure Hamming distance computation for biometrics using ideal-lattice and ring-LWE homomorphic encryption.
Information Security Journal: A Global Perspective, 26(2), 85-103.
Gomez-Barrero, M., Galbally, J., Morales, A., & Fierrez, J. (2017). Privacy-preserving comparison of variable-length data with
application to biometric template protection. IEEE Access, 5, 8606-8619.
Nautsch, A., Isadskiy, S., Kolberg, J., Gomez-Barrero, M., & Busch, C. (2018). Homomorphic Encryption for Speaker Recognition:
Protection of Biometric Templates and Vendor Model Parameters. arXiv preprint arXiv:1803.03559.
Karabat, C., Kiraz, M. S., Erdogan, H., & Savas, E. (2015). THRIVE: threshold homomorphic encryption based secure and privacy
preserving biometric verification system. EURASIP Journal on Advances in Signal Processing, 2015(1), 71.