Currently, biometric-based authentication schemes are widely adopted in the field of online payments. Consequently, this has led to an increasing number of people becoming concerned about the privacy-preservation of their biometric data. Gunasinghe et al. presented PrivBioMTAuth, a solution for mobile phone biometric-based authentication designed to protect users’ privacy. However, the solution has drawbacks, such as its impact on the execution efficiency of the authentication protocol or its vulnerability to man-in-the-middle attacks during the authentication phase. Moreover, the user’s biometric image and the password must be revealed to the identity provider, which may raise security concerns. In this work, we present a novel secure and efficient biometric-based anonymous authentication solution with fully succinct verification and significantly lower storage and communication overhead. Different from PrivBioMTAuth, we rely on the NIZK argument given in Groth’s work to reduce the size of the anonymous identity and simplify the verification complexity. In addition, we design a high-performance protocol for conducting large-scale verification of the user’s anonymous identities. We propose an optimized multi-exponentiation argument based on Bayer et al.’s work and utilize it to ensure that a semi-trusted identity provider who seeks to access the users’ sensitive biometric information can faithfully execute the users’ identity registration protocol. The experiment results show that our proposed scheme is efficient and has privacy-preserving capabilities, and it can be applied in the resource-constrained devices.
Read full abstract