Paper 2020/017

Biometric-Authenticated Searchable Encryption

Daniel Gardham, Mark Manulis, and Constantin Cătălin Drăgan


We introduce Biometric-Authenticated Keyword Search (BAKS), a novel searchable encryption scheme that relieves clients from managing cryptographic keys and relies purely on client’s biometric data for authenticated outsourcing and retrieval of files indexed by encrypted keywords. BAKS utilises distributed trust across two servers and the liveness assumption which models physical presence of the client; in particular, BAKS security is guaranteed even if clients’ biometric data, which often has low entropy, becomes public. We formalise two security properties, Authentication and Indistinguishability against Chosen Keyword Attacks, which ensure that only a client with a biometric input sufficiently close to the registered template is considered legitimate and that neither of the two servers involved can learn any information about the encrypted keywords. Our BAKS construction further supports outsourcing and retrieval of files using multiple keywords and flexible search queries (e.g., conjunction, disjunction and subset-type queries). An additional update mechanism allows clients to replace their registered biometrics without requiring re-encryption of outsourced keywords, which enables smooth user migration across devices supporting different types of biometrics.

Note: Fixed referencing errors.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. ACNS 2020
Searchable EncryptionBiometric AuthenticationSecret Sharing
Contact author(s)
d gardham @ surrey ac uk
2020-09-16: last of 2 revisions
2020-01-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Gardham and Mark Manulis and Constantin Cătălin Drăgan},
      title = {Biometric-Authenticated Searchable Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2020/017},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.