## Xinxia Song* , Zhigang Chen** *** and Dechao Sun**## |

Segment | n | [TeX:] $$\left(\log _{2} q\right)_{\min }$$ |
---|---|---|

16 | 128 | 64 |

8 | 256 | 65 |

4 | 512 | 65 |

2 | 1024 | 67 |

1 | 2048 | 68 |

From the data in Table 1, it shows that the segmented ciphertext modulus q decreases little, so the segmentation does not significantly improve the efficiency and safety of the system. Also, Table 2 shows the maximum value of [TeX:] $$\log _{2} q$$ for n = 1024, 2048, 4096, 8192, 16384 with a security level of 80 bits [20,21]. Based on the comprehensive analysis of the data in Tables 1 and 2, the final choice of n = 2048, [TeX:] $$q=2^{76}-2^{22}+1$$, at this time to ensure that the security level of 80 or more at the same time, the ciphertext to complete the Hamming distance calculation noise growth does not exceed the noise budget.

Table 2.

Security lever (bit) | n | [TeX:] $$\left(\log _{2} q\right)_{\max }$$ |
---|---|---|

80 | 1024 | 47.5 |

80 | 2048 | 95.4 |

80 | 4096 | 192 |

80 | 8192 | 392.1 |

80 | 16384 | 799.6 |

Network transmission security: An attacker can obtain only the homomorphic encrypted iris feature data or the data generated by the cloud server through random number calculation. Therefore, the network attacker can’t use the acquired data to decipher the original iris feature plaintext data, and also can resist the replay attack.

Server security: Even an attacker can access the server's database. Because the iris templates stored in the server database are encrypted. These ciphertext templates do not reveal any information about the user's iris characteristics. If the user registers in multiple authentication servers based on this protocol, the keys obtained by the user are definitely different, so the user does not leak information when storing multiple templates in multiple server databases. If you suspect that a template has been corrupted, you can generate a new template with a different key.

Client security: Even if an attacker has access to the client system, he cannot obtain the iris feature template and secret key and cannot authenticate. If an attacker uses brute force, the effort required is equal to randomly assigning a bit vector. If the attacker wants to obtain the iris feature information in the server database by modifying the bits to be sent to the server, the OTM authentication method adopted in this paper can solve this problem well. Even an attacker can send a modification (d, T) to pass the authentication test. However, it is basically impossible for an attacker to achieve both iris recognition success and authentication success.

The following is the time taken for the system to test the fully homomorphic calculation process. The registration process is shown in Table 3.

Table 3.

Operations | TN 1 | TN 2 | TN 3 |
---|---|---|---|

CRT Compose | 13.3 | 12.3 | 12.2 |

Encrypt | 105.5 | 107.2 | 104.5 |

Total | 1047.2 | 985.4 | 1000.8 |

The authentication part is used as shown in Table 4.

Table 4.

Operation | TN 1 | TN 2 | TN 3 |
---|---|---|---|

Sequare | 275.7 | 292.1 | 285.4 |

Sub | 2.8 | 3.0 | 2.9 |

CRT Compose(r0, r1) | 28.9 | 29.8 | 23.3 |

ctd * r0+r1 | 194.3 | 202.7 | 188.9 |

Decrypt (ctd, ctT) | 245.1 | 273.5 | 231.6 |

Decompose (ctd, ctT) | 24.1 | 29.0 | 26.0 |

Total | 2446.5 | 2544.8 | 2439.1 |

The test results are as follows:

In the registration part, the average registration time is 1011.1 ms, while the iris template encryption only takes 105.7 ms on average, accounting for 10.5% of the total registration time.

In the authentication part, the total time of authentication is 2476.8 ms on average, while the average of homomorphism is 482.6 ms, accounting for 19.5% of the total authentication time, and the average time of encrypting and decrypting ciphertexts is 355.8 ms, accounting for 14.4% of the total authen-tication time.

Since the tests are conducted locally, the performance of the system depends on the processing power of the notebook CPU. Through analysis, the system loads and communicates part of the graphical interface with the longest time, while the homomorphic encryption and decryption and the total time spent less than 40%. Therefore, the iris ciphertext full homomorphic efficiency is still good.

Below we compare the results with paper [11]. The length of biometric is 630 bits in [11], while the length is 2048 in our scheme. The normal size of irises is 2048 bits. We study the 2048-bit binary vector segmentation. Table 1 shows that the segmented ciphertext modulus q decreases little, so the segmen¬tation does not significantly improve the efficiency and safety of the system. Therefore the 2048-bit binary vector segmentation is a good choice. In order to compare the performance with [11] at the same level, we also take 630 bits biometric of irises in our scheme. Table 5 shows that our results are better than the scheme [11].

Table 5.

Operations | Our scheme | Ghostshe [11] |
---|---|---|

Encryption | 13.3 | 16.16 |

Decryption | 105.5 | 163.72 |

Addition | 0.05 | 0.05 |

Multiplication | 10.2 | 14.32 |

With the rapid development of information technology, information security has become the most concerned point. The system combines homomorphic encryption with biometrics to ensure the security and integrity of user feature templates. In real life, such as online payment, account login, etc., biometrics can be used for identity verification, and the system can perform ciphertext calculation in the cloud, which greatly improves the security of data processing. It can be seen from the performance analysis that the efficiency of the system is good when the circuit depth of the fully homomorphic encryption cal¬culation is not high. Despite this, the system is still far from the actual complex application requirements, and further research is needed.

This paper is supported by the Natural Science Foundation of Zhejiang Province of China (No. LY17F020002), Public Projects of Zhejiang Province (No. 2017C33079, LGG18F020001), Ningbo Natural Science Foundation (No. 2017A610120, 2018A610159), and the State Key Laboratory of Cryptology (No. 2017-MS-18).

He received the B.Sc. degree in mathematics from Kashgar University in 1995, the M.Sc. degree in computer software and theory from the Northwest University in 2004, and received Ph.D. in the Nanjing University of Aeronautics and Astronautics in 2015. From 2013 to 2014, he was an academic visitor at Information Security Group of Royal Holloway, University of London. He is a professor at Zhejiang Wanli University. He is also a visiting researcher at State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences now. Currently his researches focus on fully homomorphic encryption, lattice-based cryptography and blockchain.

- 1 R. Belguechi, V. Alimi, E. Cherrier, P. Lacharme, C. Rosenberger, "An overview on privacy preserving biometrics,"
*in Recent Application in Biometrics. RijekaCroatia: InTech, p. 65-84*, 2011.custom:[[[-]]] - 2 N. K. Ratha, J. H. Connell, R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems,"
*IBM Systems Journal*, vol. 40, no. 3, pp. 614-634, 2001.doi:[[[10.1147/sj.403.0614]]] - 3 A. Juels, M. Sudan, "A fuzzy vault scheme,"
*DesignsCodes and Cryptography*, vol. 38, no. 2, pp. 237-257, 2006.doi:[[[10.1007/s10623-005-6343-z]]] - 4 A. Juels, M. Wattenberg, "A fuzzy commitment scheme," in
*Proceedings of the 6th ACM Conference on Computer and Communications Security*, Singapore, 1999;pp. 28-36. custom:[[[-]]] - 5 M. Blanton, P. Gasti, "Secure and efficient protocols for iris and fingerprint identification,"
*in European Symposium on Research in Computer Security. Heidelberg: Springer*, pp. 190-209, 2011.custom:[[[-]]] - 6 I. Damgard, M. Geisler, M. Kroigard, "Homomorphic encryption and secure comparison,"
*International Journal of Applied Cryptography*, vol. 1, no. 1, pp. 22-31, 2008.doi:[[[10.1504/IJACT.2008.017048]]] - 7 R. Kulkarni, A. Namboodiri, "Secure hamming distance based biometric authentication," in
*Proceedings of 2013 International Conference on Biometrics (ICB)*, Madrid, Spain, 2013;pp. 1-6. custom:[[[-]]] - 8 C. Gentry, "Fully homomorphic encryption using ideal lattices," in
*Proceedings of the 41st Annual ACM Symposium on Theory of Computing*, Bethesda, MD, 2009;pp. 169-178. custom:[[[-]]] - 9 C. Karabat, M. S. Kiraz, H. Erdogan, E. Savas, "THRIVE: threshold homomorphic encryption based secure and privacy preserving biometric verification system,"
*EURASIP Journal on Advances in Signal Processing*, vol. 2015, no. 71, 2015.doi:[[[10.1186/s13634-015-0255-5]]] - 10 M. J. Dworkin, "SHA-3 Standard: permutation-based hash and extendable-output functions (NIST FIPS-202),"
*National Institute of Standards and TechnologyGaithersburg, MD*, 2015.custom:[[[-]]] - 11 J. H. Cheon, H. Chung, M. Kim, K. W. Lee, "Ghostshell: secure biometric authentication using Integrity-based homomorphic evaluations,"
*IACR Cryptology ePrint Archive*, vol. 2016, no. 484, 2016.custom:[[[-]]] - 12 J. Fan, F. Vercauteren, "Somewhat practical fully homomorphic encryption,"
*IACR Cryptology ePrint Archive*, vol. 2012, no. 144, 2012.custom:[[[-]]] - 13 H. Chen, K. Laine, R. Player, "Simple encrypted arithmetic library-SEAL v2.1,"
*in Financial Cryptography and Data Security. Cham: Springer*, pp. 3-18, 2017.custom:[[[-]]] - 14 Z. Brakerski, C. Gentry, S. Halevi, "Packed ciphertexts in LWE-based homomorphic encryption,"
*in Public Key Cryptography – PKC 2013. Heidelberg: Springer*, pp. 1-13, 2013.custom:[[[-]]] - 15 N. P. Smart, F. V ercauteren, "Fully homomorphic SIMD operations,"
*DesignsCodes and Cryptography*, vol. 71, no. 1, pp. 57-81, 2014.doi:[[[10.1007/s10623-012-9720-4]]] - 16 J. Deng, C. Xu, H. Yang, "A secure computation scheme of inner product based on fully homomorphic encryption,"
*Journal of University of Electronic Science and Technology of China*, vol. 45, no. 5, pp. 808-811, 2016.custom:[[[-]]] - 17 S. Thavalengal, P. Bigioi, P. Corcoran, "Iris authentication in handheld devices-considerations for constraint-free acquisition,"
*IEEE Transactions on Consumer Electronics*, vol. 61, no. 2, pp. 245-253, 2015.custom:[[[-]]] - 18
*CASIA iris database (Online). Available:*, http://biometrics.idealtest.org - 19 L. Masek, P. Kovesi, "MA TLAB source code for a biometric identification system based on iris patterns,"
*School of Computer Science and Software EngineeringUniversity of Western Australia*, 2003.custom:[[[-]]] - 20 Q. Tian, Z. Liu., "Survey of iris recognition,"
*Application Research of Computers*, vol. 25, no. 5, pp. 1295-1300, 2008.custom:[[[-]]] - 21 M. R. Albrecht, "On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL,"
*in Advanced in Cryptology – EUROCRYPT 2017. Cham: Springer*, pp. 103-129, 2017.custom:[[[-]]]