I moved my website to a new host provider.

You are automatically redirected to the new site within a few seconds!

If it does not work: http://biometrics.mainguet.org/

Cryptography & Biometrics / Biométrie et cryptographie

We saw that real security requires cryptogaphy. But how can we combine both worlds?

Fundamental principle of biometrics
Fundamental principle of cryptography
Symmetric key
Asymmetric key
Protecting cyphering keys
Cyphering template
Hashing template / cancellable biometrics
Intricated biometrics


Fundamental principle of biometrics

As a reminder, here is the fundamental principle of biometrics:

fundamental principle of biometrics

If we add the use, then we have a biometric system. Note that some additional data are required, such as an identifier, a key or anything that will be useful to render the service.

biometric system


Fundamental principle of cryptography

Based on computation using a key.

fundamental principle of cryptography

Symmetric key

A secret key is shared, and must cross at least once the public area, which is a problem.

Symmetric key

Asymmetric key

A public key is used to cypher data, a secret key to decypher. There is no more the problem of transmitting a secret key, but the sender must be sure to use the right public key (and not a impostor's public key).

Asymmetric key


Fundamentally a one-way function (data loss).

Hash function

in the following, we don't care about some properties required for hash functions such as collision and fixed size. What is important is the fact that we have a one-way function, which will be useful when we want to cypher a biometric template: it is impossible to return to the original data.

Combining biometrics & cryptography

Protecting keys

This is one of the simplest use of biometrics: protecting the access to the secret key. But the biometric template is not protected: we should use also a secret key to protect the template. Houston, we got a problem! We cannot use biometrics to protect the key that will protect the biometric template, which give access to final secret key...

One usual application is the "password replacement": the fingerprint system is used to release the password to the application. The system is as secure as the password system -this is not better- BUT:

  • this is more convenient
  • and now you can use complicated long passwords that no one is able to find! (and don't forget to write it somewhere in a safe...)

  • Protecting keys with biometrics

    Where is the biometric template? Cyphered with the key that is inside the safe?
    Of course, no, as I would need the key to decipher the template to access the safe where is the key...

    Cyphering template

    We need to protect the template, so we use a secret key. But where is stored this secret key that is used to protect the template?

    Protecting biometric templates with a secret key

    Hashing template / cancellable biometrics

    Using a one-way function cypher the template, and no need to store a secret key. This is sometimes called cancellable biometrics, because it is possible to revoke a template and create a new one, not compatible with the previous one. But this definition is confusing with what I call intricated biometrics.

    Hashing template

    One difficult thing is to prove that you cannot return to the original biometric template (is the transformation a real one-way function?). Also, the comparison algorithm must be adapted, and proven not degrading the results.

    Intricated biometrics

    Here is a naive use of biometrics associated with a secret key.

    Naive use of biometrics and cryptography

    What is wrong in this scheme?

  • The biometric template is readable, without protection!
  • The secret key is readable, without protection! It appears in clear form!
  • The entropy of the intermediate step is 1 bit, which is easy to break.
  • What we would like?

  • A template from which it is impossible to get the original biometric information
  • A template from which it is impossible to recover the secret key
  • No intermediate step with a 1 bit entropy: during the process, the secret key is recovered in memory, used to decode the message and then deleted. If an impostor is trying to use the system, then a wrong key will be generated and the message will still be unreadable.

  • Intricated biometrics

    Is it possible to create such template? The answer is yes.


    Intricated biometrics

    Everything is public at the end: when generating the secret key, it is destroyed at enroll, and appears in memory only a short while for decryption. Also, it is not possible to use the template for another use, crossing databases is just impossible.

    Some links for more information, as a start

  • 1. Ann Cavoukian and Alex Stoianov. "Biometric encryption: A positive-sum technology that achieves strong authentication, security and privacy". White paper, Information and privacy commissioner of Ontario, March 2007.
  • 2. C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, and B.V.K. Vijaya Kumar. "Biometric Encryption", chapter 22. McGraw-Hill, 1999.
  • 3. N. K. Ratha, J. H. Connell, and R. M. Bolle. "Enhancing security and privacy in biometrics-based authentication systems". IBM Systems Journal, 40(3):614-634, 2001.
  • 4. G. I. Davida, Y. Frankel, B. J. Matt, and R. Peralta. "On the relation of error correction and cryptography to an off-line biometric based identification scheme". In Proc. Workshop on Coding and Cryptography, pages 129-138,1999.
  • 5. J.P. Linnartz and P. Tuyls. "New shielding functions to enhance privacy and prevent misuse of biometric templates". In Proc. 4th Int. Conf. Audio and Video based Biometric Person Authentication, pages 393-402, 2003.
  • 6. Alessandra Lumini and Loris Nanni. "An impoved biohashing for human authentication". Pattern Recognition, 40:1057-4065, 2007
  • 7. Boult, T. E.; Scheirer, W. J.; Woodworth, R., "Revocable Fingerprint Biotokens: Accuracy and Security Analysis," /IEEE Conference on Computer Vision and Pattern Recognition, 2007. CVPR '07. / , vol., no., pp.1-8, 17-22 June 2007
  • 8. Y. Dodis, L. Reyzin, and A. Smith. "Fuzzy extractors: How to generate strong keys from biometrics and other noisy data". In Proceedings of the Eurocrypt 2004, pages 523-540, 2004.
  • 9. A. Burnett, F. Byrne, T. Dowling, and A. Dury. "A biometric identity based signature scheme". In Proceedings of the Applied Cryptography and Network Security Conference, 2005.
  • 10. Christopher Ralph Costanzo. "Biometric cryptography: Key generation using feature and parametric aggregation". Online techreport, School of Engineering and Applied Sciences, Department of Computer Science, The George Washington University, October 2004.
  • 11. M.S. Al-Tarawneh, L.C. Khor, W.L. Woo, and S.S. Dlay. "Crypto key generation using contour graph algorithm". In Proceedings of the 24th IASTED International Multi-Conference Signal Processing, Pattern Recognition and Applications, February 2006.
  • 12. A. Juels and M. Sudan. "A fuzzy vault scheme". In A. Lapidoth and E. Teletar, editors, Proc. IEEE Int. Symp. Information Theory, page 408. IEEE Press, 2002
  • 13. Ee-Chien Chang and Qiming Li. "Hiding secret points amidst Chaff". In Proceedings of the Eurocrypt 2006, 2006
  • 14. Gang Zheng, Wanqing Li, and Ce Zhan. "Cryptographic key generation from biometric data using lattice mapping." In ICPR '06: Proceedings of the 18th International Conference on Pattern Recognition, pages 513-516, Washington, DC, USA, 2006. IEEE Computer Society
  • 15. Umut Uludag and Anil K. Jain. "Fuzzy fingerprint vault". In Proc. Workshop: Biometrics: Challenges Arising from Theory to Practice, pages 13-16, August 2004.
  • 16. U. Uludag and A. Jain. "Securing fingerprint template: Fuzzy vault with helper data". In Proc. of the 2006 Conference on Computer Vision and Pattern Recognition Workshop, pages 163-170, June 2006
  • (2010) ISO 24745 - Biometric Template Protection / Christoph Busch
  • Biometrics / Dr Andrzej Drygajlo (EPFL) [I would appreciate a citation...]

  • Biometrics visitors