LMAES: a novel one-way encryption approach for secure and decryption-less biometric template authentication
摘要
Biometric Templates (BT) must be protected for secure biometric authentication and identification systems. Secure storage and encryption are essential strategies for protecting biometric data. Homomorphic Encryption (HE) provides a powerful means of safeguarding BT by reducing unauthorized access while enabling secure computation over ciphertexts. Nevertheless, the complex cryptographic operations and large ciphertext sizes of some HE methods introduce considerable computational and storage overhead, which may affect performance, particularly for real-time applications on resource-constrained devices. A novel method for biometric data authentication is proposed that enables secure comparison directly over ciphertexts without requiring decryption or computation on plaintexts. The approach relies on a one-way encryption scheme, LMAES (Low Message Avalanche Effect Scheme). Two distinct cloud-based BT protection models were developed, one employing LMAES and the other adopting HE methods. All implemented techniques, LMAES, BGN, BCP, Paillier, and RLHABC, were configured in compliance with the NIST key management standard (NIST SP-800-57). Security was evaluated using entropy, key sensitivity, correlation, difference, and plaintext sensitivity tests, where LMAES demonstrated immunity against various attacks. A theoretical cryptanalysis further confirmed its one-way encryption property and resistance against known plaintext and ciphertext attacks. Performance was assessed through encryption and authentication execution times, as well as ciphertext sizes. For LMAES with matrix dimension equal to 4, encryption was approximately 165 faster, authentication nearly 295 faster, and ciphertext sizes about 50 smaller compared to the heaviest alternatives. A qualitative comparison table is also provided, highlighting the advantages of the proposed cloud-based solution over modern biometric template protection methods.