Computation of Cryptographic Keys from Face Biometrics

  • Alwyn Goh
  • David C. L. Ngo
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2828)


We outline cryptographic key-computation from biometric data based on error-tolerant transformation of continuous-valued face eigenprojections to zero-error bitstrings suitable for cryptographic applicability. Bio-hashing is based on iterated inner-products between pseudorandom and user-specific eigenprojections, each of which extracts a single-bit from the face data. This discretisation is highly tolerant of data capture offsets, with same-user face data resulting in highly correlated bitstrings. The resultant user identification in terms of a small bitstring-set is then securely reduced to a single cryptographic key via Shamir secret-sharing. Generation of the pseudorandom eigenprojection sequence can be securely parameterised via incorporation of physical tokens. Tokenised bio-hashing is rigorously protective of the face data, with security comparable to cryptographic hashing of token and knowledge key-factors. Our methodology has several major advantages over conventional biometric analysis ie elimination of false accepts (FA) without unacceptable compromise in terms of more probable false rejects (FR), straightforward key-management, and cryptographically rigorous commitment of biometric data in conjunction with verification thereof.


Biometric Data Pseudorandom Generator False Reject Face Data Keystroke Dynamics 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bodo, A.: Method for Producing a Digital Signature with Aid of a Biometric Feature. German Patent DE 42–43–908–A1 (1994)Google Scholar
  2. 2.
    Soutar, C., Tomko, G.J.: Secure Private Key Generation Using a Fingerprint. In: Cardtech/Securetech Conf., vol. 1, pp. 245–252 (1996)Google Scholar
  3. 3.
    Soutar, C., Roberge, D., Stoianov, A., Gilroy, R., Vijaya Kumar, B.V.K.: Biometric Encryption Using Image Processing. In: SPIE, vol. 3314: pp. 178–188 (1998)Google Scholar
  4. 4.
    Davida, G.I., Frankel, Y., Matt, B.J.: On Enabling Secure Applications Through Off– Line Biometric Identification. In: IEEE Symp. on Security & Privacy, pp. 148–157 (1998)Google Scholar
  5. 5.
    Davida, G.I., Frankel, Y., Matt, B.J., Peralta, R.: On the Relation of Error Correction and Cryptography to an Off–Line Biometric–Based Identification Scheme. In: Wkshop Coding & Cryptography, Paris, France (1999)Google Scholar
  6. 6.
    Monrose, F., Reiter, M.K., Wetzel, S.: Password Hardening Based on Keystroke Dynamics. In: 6–th ACM Conf on Comp. & Comms Security, pp. 73–82 (1999)Google Scholar
  7. 7.
    Monrose, F., Reiter, M.K., Li, Q., Wetzel, S.: Cryptographic Key Generation from Voice. In: IEEE Symp. on Security & Privacy, pp. 202–213 (2001)Google Scholar
  8. 8.
    Shamir, A.: How to Share a Secret. ACM Comms. 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Matsumoto, T., Matsumoto, H., Yamada, K., Hoshino, H.: Impact of Artificial “Gummy” Fingers on Fingerprint Systems. In: SPIE, vol. 4677, pp. 275–289 (2002)Google Scholar
  10. 10.
    Sirovich, L., Kirby, M.: A Low–Dimensional Procedure for Characterisation of Human Faces. J Optical Soc 4(3), 519–524 (1987)CrossRefGoogle Scholar
  11. 11.
    Turk, M., Pentland, A.: Face Recognition Using Eigenfaces. In: IEEE Conf. Comp. Vision & Pattern Recognition, pp. 586–591 (1991)Google Scholar
  12. 12.
    Hambridge, J.: The Elements of Dynamic Symmetry. Yale Univ. Press, New Haven (1926)Google Scholar
  13. 13.
    Ngo, D.C.L., Goh, A.: Facial Feature Extraction via Dynamic Symmetry Modelling for User Identification. Pattern Recognition Letters (2003)Google Scholar
  14. 14.
    Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  15. 15.
    Spacek, L.: Face Recognition Data (2000),
  16. 16.
    Menezes, A.J.: Elliptic–Curve Public–Key Cryptosystems. Kluwer Academic Press, Boston (1993)CrossRefzbMATHGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Alwyn Goh
    • 1
  • David C. L. Ngo
    • 2
  1. 1.Corentix LaboratoriesPetaling JayaMalaysia
  2. 2.Faculty of Information Science & TechnologyMultimedia UniversityMelakaMalaysia

Personalised recommendations