Private Eyes: Zero-Leakage Iris Searchable Encryption

Julie Ha; Chloe Cachet; Luke Demarest; Sohaib Ahmad; Benjamin Fuller

Paper 2023/736

Private Eyes: Zero-Leakage Iris Searchable Encryption

Julie Ha, Boston University

Chloe Cachet, University of Connecticut

Luke Demarest

, University of Connecticut

Sohaib Ahmad

, University of Connecticut

Benjamin Fuller

, University of Connecticut

Abstract

This work introduces Private Eyes, the first zero-leakage biometric database. The leakage of the system is unavoidable: 1) the log of the dataset size and 2) the fact that a query occurred. Private Eyes is built from symmetric searchable encryption. Approximate proximity queries are used: given a noisy reading of a biometric, the goal is to retrieve all stored records that are close enough according to a distance metric. This work introduces Private Eyes, the first zero-leakage biometric database. The only leakage of the system is unavoidable: 1) the log of the dataset size and 2) the fact that a query occurred. Private Eyes is built from symmetric searchable encryption. Proximity queries are the required functionality: given a noisy reading of a biometric, the goal is to retrieve all stored records that are close enough according to a distance metric. Private Eyes combines locality sensitive-hashing or LSHs (Indyk and Motwani, STOC 1998) and oblivious maps. One computes many LSHs of each record in the database, and uses these hashes as keys in an encrypted map with the matching biometric readings concatenated as the value. At search time with a noisy reading, one computes the LSHs, and retrieves the disjunction of the resulting values from the map. The underlying encrypted map needs to efficiently answer disjunction queries. We focus on the iris biometric. Iris biometric data requires a large number of LSHs, approximately 1000. The most relevant prior work is in zero-leakage k-nearest-neighbor search (Boldyreva and Tang, PoPETS 2021), but that work is designed for a small number of LSHs. Our cryptographic design is a zero-leakage disjunctive map designed for the setting when most clauses do not match any records. For the iris, on average at most 6% of LSHs match any stored value. Our scheme is implemented and open-sourced. We evaluate using the ND-0405 dataset; this dataset has 356 irises suitable for testing. To scale our evaluation, we use a generative adversarial network to produce synthetic irises. Accurate statistics on sizes beyond available datasets is crucial to optimizing the cryptographic primitives. This tool may be of independent interest. For the largest tested parameters of a 5000 iris database, search requires 26 rounds of communication and 26 minutes of single-threaded computation.

Note: Substantially clarified notation and definitions.

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Preprint.
Keywords: Searchable Encryption Biometrics Proximity Search
Contact author(s): hajulie @ bu edu
chloe cachet @ uconn edu
luke h demarest @ gmail com
sohaib ahmad @ uconn edu
benjamin fuller @ uconn edu
History: 2024-03-13: last of 2 revisions; 2023-05-22: received; See all versions
Short URL: https://ia.cr/2023/736
License: CC BY

BibTeX

@misc{cryptoeprint:2023/736,
      author = {Julie Ha and Chloe Cachet and Luke Demarest and Sohaib Ahmad and Benjamin Fuller},
      title = {Private Eyes: Zero-Leakage Iris Searchable Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2023/736},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/736}},
      url = {https://eprint.iacr.org/2023/736}
}