Cryptology ePrint Archive: Report 2020/017

Biometric-Authenticated Searchable Encryption

Daniel Gardham and Mark Manulis and Constantin Cătălin Drăgan

Abstract: We introduce Biometric-Authenticated Keyword Search (BAKS), a novel searchable encryption scheme that relieves clients from managing cryptographic keys and relies purely on client’s biometric data for authenticated outsourcing and retrieval of files indexed by encrypted keywords. BAKS utilises distributed trust across two servers and the liveness assumption which models physical presence of the client; in particular, BAKS security is guaranteed even if clients’ biometric data, which often has low entropy, becomes public. We formalise two security properties, Authentication and Indistinguishability against Chosen Keyword Attacks, which ensure that only a client with a biometric input sufficiently close to the registered template is considered legitimate and that neither of the two servers involved can learn any information about the encrypted keywords. Our BAKS construction further supports outsourcing and retrieval of files using multiple keywords and flexible search queries (e.g., conjunction, disjunction and subset-type queries). An additional update mechanism allows clients to replace their registered biometrics without requiring re-encryption of outsourced keywords, which enables smooth user migration across devices supporting different types of biometrics.

Category / Keywords: cryptographic protocols / Searchable Encryption, Biometric Authentication, Secret Sharing

Original Publication (with minor differences): ACNS 2020

Date: received 6 Jan 2020, last revised 16 Sep 2020

Contact author: d gardham at surrey ac uk

Available format(s): PDF | BibTeX Citation

Note: Fixed referencing errors.

Version: 20200916:135632 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]