Abstract
Despite decades of effort, a persistent chasm has existed between the theory and practice of device-level biometric authentication. Theoretical constructions can, in principle, provide biometric authentication with cryptographically secure public enrollment data. However, concrete implementations of these techniques have failed to provide security with real-world parameters. The result is that deployed authentication algorithms rely on data that overtly leaks private information about the biometric; thus systems rely on externalized security measures such as trusted execution environments.
We close this chasm. We introduce a key derivation system with 105 bits of entropy and a 92% true accept rate (TAR) for the iris. Our system advances 1) the feature extraction from the iris and 2) the fuzzy extractor used to derive keys. The fuzzy extractor builds on sample-then-lock (Canetti et al., Journal of Cryptology 2021). We (1) Introduce a new sampling method with a better trade-off between TAR and entropy when features have different quality, (2) Correct Canetti et al.'s main security proof, showing the minimum of min-entropy over subsets is the relevant security measure, and (3) Tighten Canetti et al.'s concrete analysis, nearly doubling security under reasonable assumptions. Our final feature extractor incorporates ideas from the new sampling method to produce features optimized for the sample-then-lock construction.
The only statistical assumption needed to show security of our system is necessary: the accuracy of min-entropy estimation.
At 105 bits, our quantitative level of security is well above prior work. Simhadri et al. (ISC, 2019) report 32 bits on the iris, but they have a bug in their analysis that reduces their strength. Zhang et al.'s (ePrint 2021/1559) system achieves 45 bits on the face but assumes independence between biometrics and the used error-correcting code, an assumption that cannot be easily verified.