Private Eyes: Zero-Leakage Iris Searchable Encryption

Julie Ha; Chloe Cachet; Luke Demarest; Sohaib Ahmad; Benjamin Fuller

Paper 2023/736

Private Eyes: Zero-Leakage Iris Searchable Encryption

Julie Ha

, Boston University

Chloe Cachet

, National Research Council Canada

Luke Demarest

, Gonzaga University

Sohaib Ahmad

, University of Connecticut

Benjamin Fuller

, University of Connecticut

Abstract

This work introduces Private Eyes, the first zero-leakage biometric database. The only leakage of the system is unavoidable: 1) the log of the dataset size and 2) the fact that a query occurred. Private Eyes is built from oblivious symmetric searchable encryption. Approximate proximity queries are used: given a noisy reading of a biometric, the goal is to retrieve all stored records that are close enough according to a distance metric. Private Eyes combines locality sensitive-hashing or LSHs (Indyk and Motwani, STOC 1998) and oblivious maps which map keywords to values. One computes many LSHs of each record in the database and uses these hashes as keywords in the oblivious map with the matching biometric readings concatenated as the value. At search time with a noisy reading, one computes the LSHs and retrieves the disjunction of the resulting values from the map. The underlying oblivious map needs to answer disjunction queries efficiently. We focus on the iris biometric which requires a large number of LSHs, approximately . Boldyreva and Tang's (PoPETS 2021) design yields a suitable map for a small number of LSHs (their application was in zero-leakage -nearest-neighbor search). Our solution is a zero-leakage disjunctive map designed for the setting when most clauses do not match any records. For the iris, on average at most of LSHs match any stored value. We evaluate using the ND-0405 dataset; this dataset has irises suitable for testing. To scale our evaluation, we use a generative adversarial network to produce synthetic irises. Accurate statistics on sizes beyond available datasets is crucial to optimizing the cryptographic primitives. This tool may be of independent interest. For the largest tested parameters of a synthetic iris database, a search requires rounds of communication and ms of parallel computation. Our scheme is implemented and open-sourced.

Note: Expanded results on 25,000 random irises

Metadata

Available format(s): PDF
Category: Cryptographic protocols
Publication info: Published elsewhere. Major revision. Codaspy 2025
DOI: 10.1145/3714393.3726497
Keywords: Searchable Encryption Biometrics Proximity Search
Contact author(s): hajulie @ bu edu
chloe cachet @ nrc-cnrc gc ca
luke h demarest @ gmail com
sohaib ahmad @ uconn edu
benjamin fuller @ uconn edu
History: 2025-03-28: last of 5 revisions; 2023-05-22: received; See all versions
Short URL: https://ia.cr/2023/736
License: CC BY

BibTeX

@misc{cryptoeprint:2023/736,
      author = {Julie Ha and Chloe Cachet and Luke Demarest and Sohaib Ahmad and Benjamin Fuller},
      title = {Private Eyes: Zero-Leakage Iris Searchable Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/736},
      year = {2023},
      doi = {10.1145/3714393.3726497},
      url = {https://eprint.iacr.org/2023/736}
}