Paper 2022/1408

BRAKE: Biometric Resilient Authenticated Key Exchange

Pia Bauspieß, Norwegian University of Science and Technology
Tjerand Silde, Norwegian University of Science and Technology
Matej Poljuha, Technical University of Denmark
Alexandre Tullot, ISAE-SUPAERO National Higher French Institute of Aeronautics and Space
Anamaria Costache, Norwegian University of Science and Technology
Christian Rathgeb, Hochschule Darmstadt
Jascha Kolberg, Hochschule Darmstadt
Christoph Busch, Hochschule Darmstadt

Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data are sensitive personal data that need to be protected on a long-term basis. Furthermore, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks. In this work, we present a novel protocol for Biometric Resilient Authenticated Key Exchange that fulfils the above requirements of biometric information protection compliant with the international ISO/IEC 24745 standard. In our protocol, we present a novel modification of unlinkable fuzzy vault schemes that allows their connection with oblivious pseudo-random functions to achieve resilient protection against offline attacks crucial for the protection of biometric data. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of both instantiations of our protocol which achieve real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. IEEE Access
Authenticated Key ExchangeOblivious Pseudo-Random FunctionFuzzy VaultBiometric Information Protection
Contact author(s)
pia bauspiess @ ntnu no
tjerand silde @ ntnu no
s202482 @ student dtu dk
alexandre tullot @ student isae-supaero fr
anamaria costache @ ntnu no
christian rathgeb @ h-da de
christoph busch @ h-da de
2024-03-22: last of 5 revisions
2022-10-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Pia Bauspieß and Tjerand Silde and Matej Poljuha and Alexandre Tullot and Anamaria Costache and Christian Rathgeb and Jascha Kolberg and Christoph Busch},
      title = {BRAKE: Biometric Resilient Authenticated Key Exchange},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1408},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.