Paper 2022/1408

BRAKE: Biometric Resilient Authenticated Key Exchange

Pia Bauspieß, Norwegian University of Science and Technology
Tjerand Silde, Norwegian University of Science and Technology
Alexandre Tullot
Anamaria Costache, Norwegian University of Science and Technology
Christian Rathgeb, Hochschule Darmstadt
Jascha Kolberg, Hochschule Darmstadt
Christoph Busch, Hochschule Darmstadt

Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data differ from passwords in two crucial points: firstly, they are sensitive personal data that need to be protected on a long-term basis. Secondly, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks. In this work, we present a protocol for biometric resilient authenticated key exchange that fulfils the above requirements of biometric information protection compliant with ISO/IEC 24745. The protocol is based on established improved fuzzy vault schemes and validated with good recognition performance. We build our protocol from trusted primitives for password-authenticated key exchange using oblivious pseudo-random functions. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of our protocol instantiated with elliptic curves and a state-of-the art unlinkable fingerprint fuzzy vault scheme which achieves real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange.

Available format(s)
Cryptographic protocols
Publication info
Authenticated Key Exchange Oblivious Pseudo-Random Function Fuzzy Vault Biometric Information Protection
Contact author(s)
pia bauspiess @ ntnu no
tjerand silde @ ntnu no
alexandre tullot @ student isae-supaero fr
anamaria costache @ ntnu no
christian rathgeb @ h-da de
christoph busch @ h-da de
2022-12-04: revised
2022-10-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Pia Bauspieß and Tjerand Silde and Alexandre Tullot and Anamaria Costache and Christian Rathgeb and Jascha Kolberg and Christoph Busch},
      title = {BRAKE: Biometric Resilient Authenticated Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1408},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.