Join Log in
Score:2
TommyF avatar Crypto

Can you restore a private key from biometrics?

us flag
TommyF

My understanding is that iOS FaceID/Fingerprint for example use an underlying mathematical representation of the biometric features.

Is it possible to generate a key pair from this representation and re-generate the same key pair from the same input but on a different device for example?

I only found this old thread from 2014 that touches a similar subject but I'm wondering if there is a way to do this with modern built in biometrics in our phones.

216
2 + 0
Score:4
fgrieu avatar Crypto
ng flag
fgrieu

No, it's not possible to generate a private key (or key pair) from biometric data acquired by a sensor, and regenerate the same one with a different device that has no communication whatsoever with the original one.

That's true

  • For fingerprint, blood vessels map, retina scan; any biometric, even if we have lots of biometric data (fingerprint of many fingers…)
  • By extension, for any acquisition by computer of naturally diverse/noisy data: position of fibers of a sheet of paper, defects in a crystal, even power-up state of static RAM memory (which is inherently digital).
  • Even if we use the same acquisition device after a zeroization. The problem is not sensor variability (it's noise).
  • Even if we want only a stable identifier with no absolute requirement for uniqueness (e.g. a 40-bit bitstring).

Problem is: we won't get something reproducible unless we have some error-correction data to counter the noise. And that needs to be stored.

What we can do, with enough biometric data and some care, is make things such that:

  • With error-correction data stored and made available independently of the biometric, we get the desired reproducible private key (or identifier).
  • The combination of said error-correction data and private key is non-revealing of the biometric.
  • Knowledge of both the biometric data and the error-correction data is needed to regenerate the private key, or match either the biometric data or the error-correction data with the private key.

Note: I don't know how much useful entropy a single fingerprint holds when the error-correction data is assumed public. I suspect it's not much compered to the standard ≈120-bit security level targeted for modern key pairs. However, at least in principle, we can use several fingerprints. And standard key-stretching techniques can add at least 20 bits on top of that.

In commercial devices, error-correction data is often stored in the acquisition device if there's a single one; or in a central database; or shared among a network of acquisition devices.

My main reference on this is a slightly dated (2007) book by Pim Tuyls, Boris Škorić, Tom Kevenaar: Security with Noisy Data (paywalled), subtitled On Private Biometrics, Secure Key Storage and Anti-Counterfeiting.

I welcome recommendations for more recent reference material (there's some papers on Boris Škorić's page, but I have yet to explore them).

Independently: even if what's asked was possible, or when the error-correction data is public: biometric is not sound as the sole secret to generate a private key. A fingerprint is not secret. It's on one's passport or other ID, which is routinely handed to untrusted individuals. It's in the ID issuer's database. It can be captured in a variety of ways, including traces left on a glass of water. Also it can't be changed when compromised.

+ 2
TommyF avatar
us flag
TommyF
Great answer, thank you! How sensitive is that error correction data? If the error correction db is compromised, does it make the key vulnerable to brute forcing? And are there any good examples of an implementation of such a system? (I'm a dev, not a cryptographer)
0
Reply
fgrieu avatar
ng flag
fgrieu
@TommyF: It's possible to arrange things so that a compromise of the database reveals nothing about either private keys or biometrics. Unavoidably, compromise of the database and capture of a biometric (which in practice should be assumed) reveals the private key of the corresponding individual.
0
Reply
Score:0
b degnan avatar Crypto
ca flag
b degnan

I would say that you make a biometric key that you could recreate, if you wanted to do so in the design of the sensor and algorithm. I will use an analog IC that I created as an example. Firstly, you need to see this clip from the movie "Sneakers": https://www.youtube.com/watch?v=-zVgWpVXb64

Using an FPAA, I programmed an analog voice print system. The reason that one would do this over digital is that I can pull words out with nW in a highly complex voice. You do this with a decision plane that is multidimensional. I could program the system to recognize the clip from the movie across multiple iterations of the IC. What I had was a high count decision plane with relatively "low precision" choices in each plane.

Let's say that you translate to a digital system. You could use many different, low precision, features to determine the decision. You would be able to reproduce this on multiple systems. This approach is in contrast to how digital systems work which is generally few, high precision samples.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.