Biometric authentication offers a secure and convenient way to verify user identity, but traditional systems often require storing sensitive biometric templates, posing significant privacy risks. This paper explores the use of Locality-Sensitive Hashing (LSH) combined with zk-protocols to enable privacy-preserving fingerprint authentication without storing or exposing raw biometric data. LSH is particularly well-suited for fingerprint verification, as it allows similar feature vectors to map to the same or nearby hash buckets, accommodating natural variations in fingerprint scans. Unlike cryptographic hash functions such as SHA-256, LSH preserves similarity, ensuring that minor differences in scans do not prevent successful authentication. However, LSH is not a cryptographically secure function, and its susceptibility to hash collisions raises concerns about false acceptance rates (FAR). Our analysis demonstrates that, with a properly configured system–including an appropriate number of hash functions and buckets–the FAR can be reduced to negligible levels, making unauthorized authentication highly improbable. Furthermore, we address potential vulnerabilities, including whether LSH hashes can be inverted to recover the original biometric data. The results confirm that LSH is inherently non-invertible, preventing reconstruction of the original fingerprint. The integration of zk-protocols ensures that even LSH hashes do not need to be revealed during authentication, providing an additional layer of security. By proving knowledge of a valid fingerprint hash without disclosing it, users can be authenticated while preserving complete privacy. This approach presents a scalable and privacy-focused solution for biometric authentication, eliminating the need for centralized storage of biometric templates. It significantly reduces the risk of data breaches, identity theft, and unauthorized access, making it a strong candidate for secure authentication in privacy-sensitive applications.
[1] Guo, C., You, L., & Hu, G. (2022). A Novel Biometric Identification Scheme Based on Zero-Knowledge Succinct Noninteractive Argument of Knowledge. Security and Communication Networks. https://doi.org/10.1155/2022/2791058
[2] Kotharia, P., Chopra, D., Singh, M., Bhardwaja, S., & Dwivedia, R. (2023). Incorporating Zero-Knowledge Succinct Non-interactive Argument of Knowledge for Blockchain-based Identity Management with Off-Chain Computations. Netaji Subhas University of Technology, Delhi.
[3] Prasad, S., Tiwari, N., & Chawla, M. (2024). Zero-Knowledge Proofs in Biometric Authentication Systems: A Review. Congress on Smart Computing Technologies, 279-290. https://doi.org/10.1007/978-981-97-5081-8_23
[4] Briggs, J. (n.d.). Locality Sensitive Hashing (LSH): The Illustrated Guide. Faiss: The Missing Manual.
[5] Slaney, M., & Casey, M. (2008). Locality-Sensitive Hashing for Finding Nearest Neighbors. IEEE Signal Processing Magazine, 25(2), 128-131. https://doi.org/10.1109/MSP.2007.914237
[6] Jafari, O., Maurya, P., Nagarkar, P., Islam, K. M., & Crushev, C. (2021). A Survey on Locality Sensitive Hashing Algorithms and Their Applications. arXiv preprint. https://doi.org/10.48550/arXiv.2102.08942
[7] Cochez, M. (n.d.). Locality-Sensitive Hashing for Massive String-Based Ontology Matching. University of Jyväskylä.
[8] Al-Najjar, Y., & Sheta, A. (2008). Minutiae Extraction for Fingerprint Recognition. Systems, Signals and Devices (SSD 2008), 5th International Multi-Conference on IEEE. https://doi.org/10.1109/SSD.2008.4632892
[9] Bansal, R., Sehgal, P., & Bedi, P. (2011). Minutiae Extraction from Fingerprint Images – A Review. IJCSI International Journal of Computer Science Issues, 8(5), 3.
[10] Gionis, A., Indyk, P., & Motwani, R. (n.d.). Similarity Search in High Dimensions via Hashing. Stanford University