The advancement of biometric technology has facilitated wide applications of biometrics in law enforcement, border control, healthcare and financial identification and verification. Given the peculiarity of biometric features (e.g., unchangeability, permanence and uniqueness), the security of biometric data is a key area of research. Security and privacy are vital to enacting integrity, reliability and availability in biometricrelated applications. Homomorphic encryption (HE) is concerned with data manipulation in the cryptographic domain, thus addressing the security and privacy issues faced by biometrics.
1. Introduction
Biometrics is the measurement of human physiological and behavioural characteristics with the purpose of recognising and describing individuals ^{[1]}. Biometric traits include biological traits (e.g., fingerprint, face and iris) and behavioural traits (e.g., voice, signature and keystroke). Thanks to the desirable attributes of biometric traits ^{[2]}, such as distinctiveness, invariance and robustness, biometric systems are now extensively used for identity verification in many applications (e.g., ehealth, ebanking and border control). Biometric recognition overcomes the disadvantages of traditional password or tokenbased authentication; for example, passwords can be forgotten or guessed and tokens can be stolen or lost.
A typical biometric system consists of two phases: the enrolment phase and the verification phase. In the enrolment phase, a user’s biometric data are extracted from his or her biometric sample (e.g., facial image or fingerprint scan) and stored in a database as a template. In the verification phase, the biometric data of a query, processed in the same way as in the enrolment phase, are compared or matched with the template to calculate a similarity score. If this score is greater than a predefined threshold, matching is successful; otherwise, matching is unsuccessful. Figure 1 shows a biometric system equipped with a privacypreserving functionality (e.g., homomorphic encryption).
Figure 1. A privacypreserving biometric system (adapted from ^{[3]}), with the facial image sourced from the ORL face database ^{[4]} and the fingerprint image from the FVC2002 fingerprint database ^{[5]}.
Despite the benefits brought by biometrics, biometric systems have their own weaknesses. Biometric data are uniquely linked to a person’s identity, and no two individuals in the world own exactly the same biometrics. Biometric data leaked in one application mean that they would be compromised in all other applications that depend on the same biometrics, which could lead to a data breach and identity fraud. With biometric security being a growing concern ^{[6]}, researchers have developed a variety of biometric template protection techniques. Biometric template protection aims to secure the privacy and confidentiality of biometric template data while providing satisfactory recognition performance. Biometric template protection can be broadly divided into three categories—cancelable biometrics, biometric cryptosystems and homomorphic encryption (HE). These categories differ in their protection techniques, such as noninvertible transformation used by cancelable biometrics, key binding/generation employed in biometric cryptosystems and operation on ciphertext conducted by HE. The selection of the protection technique depends on specific applications and the desired level of security, as each category has its own properties, advantages and disadvantages, which are described below:

Cancelable biometrics: For security reasons, cancelable biometric systems do not store the original biometric data as templates. Instead, raw biometric data are transformed by a noninvertible transformation function in the enrolment phase, and the transformed data are stored in the database. Such a transformation is intentional and reproducible ^{[7]}. An essential property of cancelable biometrics is irreversibility, meaning that it should be computationally infeasible to retrieve the original biometric data from the transformed template ^{[8]}. In the verification phase, the same transformation is applied to the query data. Matching is performed in the transformed domain so that no original biometric data are divulged. If the stored (transformed) template is compromised, a new version can be generated by altering the transformation parameters. Cancelable biometrics is considered relatively simple and easy to implement.

Biometric cryptosystems: Biocryptosystems combine the benefits of biometrics and cryptography. In biocryptosystems, secret keys are either technically tied to or directly produced from biometric data. The original biometric data are encrypted by a secure sketch (e.g., Fuzzy Commitment ^{[9]}, Fuzzy Vault ^{[10]} and PinSketch ^{[11]}) with helper data as the output. The helper data are generated by an irreversible cryptographic process so that it is difficult for adversaries to acquire the original biometric features from the helper data ^{[12]}.

Homomorphic encryption (HE): HE tackles the data privacy issues by performing multiple operations on the encrypted data without any decryption ^{[13]}. Because the result of the HE computation remains encrypted and can only be decrypted by the data owners, confidentiality is kept and any third party can operate over the ciphertext without accessing the original plaintext ^{[14]}.
HE is relatively new and promising compared to cancelable biometrics and biocryptosystems. It allows mathematical operations to be performed on encrypted biometric data without the need to decrypt them for authentication. In other words, biometric data can be encrypted and stored in databases without being decrypted during matching, thus preventing unauthorised access or privacy breaches. In addition, unlike cancelable biometrics, HE does not affect recognition accuracy. Overall, the application of HE in biometrics can protect the security and privacy of biometric data, while allowing for highly accurate identity verification.
2. Homomorphic Encryption
A notion originated by Rivest, Adleman, and Dertouzos in 1978, HE allows calculation over encrypted data. This feature of HE is reflected in some wellknown public key cryptosystems, such as the classic RSA ^{[15]} or ElGamal ^{[16]}, but it only works for one operation (addition or multiplication) and, sometimes, for a very limited number of two operations ^{[17]}. Several decades later, Gentry ^{[18]} in 2009 first proposed a public key encryption scheme capable of any kind of operation, namely fully homomorphic encryption (FHE).
HE allows for certain types of operations on ciphertexts without accessing the secret key. In addition, HE produces an encrypted result in which the decryption matches the computed result on the plaintext ^{[19]}. HE is classified based on a list of mathematical operations on encrypted data. The effectiveness and flexibility of HE are closely related to the number of operations on the list. HE schemes with a higher number of operations are considered more flexible, but have lower efficiency. Conversely, schemes with a smaller number of operations are less flexible, but more efficient ^{[20]}. Depending on the number of operations that are arbitrarily evaluated on the encrypted data, HE can be classified into different types, including FHE, partially homomorphic encryption (PHE) and somewhat homomorphic encryption (SHE).
2.1. The Basics of HE
Building an HE scheme requires four steps ^{[14]}: key generation, encryption, decryption and homomorphic arithmetic operations (e.g., addition and multiplication). An encryption scheme is considered homomorphic ^{[21]} if it supports homomorphic addition and/or homomorphic multiplication, expressed by:
Homomorphic addition:
$$E\left({m}_{1}\right)+E\left({m}_{2}\right)=E({m}_{1}+{m}_{2}),\phantom{\rule{4pt}{0ex}}\forall {m}_{1},{m}_{2}\in M$$
Homomorphic multiplication:
$$E\left({m}_{1}\right)\ast E\left({m}_{2}\right)=E({m}_{1}\ast {m}_{2}),\phantom{\rule{4pt}{0ex}}\forall {m}_{1},{m}_{2}\in M$$
where E represents an HE algorithm, M is the set of all possible messages, “+” denotes the addition operation and “*” the multiplication operation.
2.2. Partially Homomorphic Encryption
PHE allows an infinite number of operations of one type. For instance, additive HE allows an unlimited number of additions, but does not allow multiplication ^{[20]}. Below is a selection of the main PHE schemes:

RSA ^{[15]}: Inspired by the Diffie–Hellmann key exchange problem ^{[22]}, RSA was proposed in 1978. RSA is one of the first public key encryption methods for securing communication on the Internet. According to ^{[20]}, RSA is considered the first multiplicative PHE.

GM ^{[23]}: GM is the first probabilistic public key encryption scheme proposed by Goldwasser and Micali. The GM cryptosystem is based on the hardness of the quadratic residuosity problem.

ElGamal ^{[16]}: Being a multiplicative PHE scheme, the ElGamal algorithm was derived from Diffie–Hellmann key exchange. Its security is based on the difficult mathematical problem known as the decisional discrete logarithm problem ^{[14]}.

Paillier ^{[24]}: Paillier is another probabilistic public key encryption scheme based on the composite residuosity problem ^{[14]}, similar to the quadratic residuosity problem in GM. The Paillier scheme is homomorphic over addition and several extra basic operations on plaintexts.
2.3. Somewhat Homomorphic Encryption
SHE supports a predefined number of homomorphic operations, with the restriction on the number of permitted operations. Every operation adds to the underlying noise, so its proper evaluation relies only on performing a limited number of operations. When noise exceeds a certain threshold, the decryption of messages fails ^{[20]}. The key features of two main SHE schemes are introduced below:

BGN ^{[25]}: Developed by Dan Boneh, EuJin Goh and Kobbi Nissim, the BGN scheme was the first to support the addition and multiplication of ciphertexts with a constant size. It allows for any number of additions and a single multiplication operation on a ciphertext of a specified length. The homomorphic property of BGN allows users to evaluate multivariate polynomials of a total degree of two given the encrypted inputs. The security of BGN is achieved under the assumption of the subgroup decision problem ^{[20]}.

CKKS ^{[26]}: Proposed by Jung Cheon, Andrey Kim, Miran Kim and Yongsoo Song, the CKKS scheme permits approximate addition and multiplication over ciphertexts whose plaintexts can be vectors of real or complex values. Since many HE schemes only work on binary or integer values, this feature of CKKS has attracted many researchers’ attention ^{[14]}.
2.4. Fully Homomorphic Encryption
For FHE, there is no limit to the number of operations that can be undertaken ^{[27]}. The inherent characteristic of HE is that, each time a homomorphic operation is performed, the errors increase ^{[13]}. As a result, after a certain number of multiplications or additions, ciphertexts cannot be decrypted correctly because of the growth in the error. To address this issue, Gentry ^{[18]} introduced a technique, known as bootstrapping, which converts a scheme that is not fully homomorphic (e.g., SHE) into one that is fully homomorphic. In other words, FHE is built on a bootstrappable SHE. Two main FHE schemes are described below:

BGV ^{[28]}: This scheme was a credit to Zvika Brakerski, Craig Gentry and Vinod Vaikuntanathan based on learning with error (LWE) or ringLWE (RLWE) ^{[28]}, without Gentry’s bootstrapping procedure ^{[18]}. Considered one of the hardest problems, which can be addressed in polynomial time, LWE has been intensively studied to build postquantum cryptographic solutions. As an algebraic variant of LWE, RLWE was put forth to have more efficient realworld applications with stronger security.

BFV ^{[29]}: Considering the complexity and efficiency issues of FHE, Brakerski proposed several LWEbased FHE schemes, including Brakerski’s scaleinvariant scheme ^{[30]}. BFV is the Fan–Vercauteren variant of Brakerski’s scaleinvariant scheme ^{[30]}. It modifies the LWE setting in ^{[30]} to be RLWE. Using a simple modulus switching trick, BFV is more efficient than Brakerski’s scaleinvariant scheme ^{[30]} according to ^{[14]}. The security of BFVtype cryptosystems is based on the RLWE problem.
2.5. Possible Attacks on HE Systems
Although HE can provide robust security, it is not exempt from attacks. A number of attacks can be initiated against HE systems, the application of HE to biometrics are:

Sidechannel attacks ^{[31]}: Sidechannel attacks assume that an adversary has access to some information about the secret key of the encryption algorithm. For example, the adversary launches timing attacks ^{[32]} that take advantage of the time a system spends on calculations while the encryption/decryption algorithm is being executed. Sidechannel attacks are especially troublesome for HE as the encryption/decryption process involves a complex computation, which may leave a trace of information that can be exploited. A desirable security requirement for HE schemes is to have resistance to such attacks, often called leakage resilience, meaning that semantic security should not be breached, even in the case of sidechannel attacks.

Black box attacks ^{[33]}: A black box attack on HE takes place when an adversary gains access to the encrypted data and manipulates them, but the adversary has no access to the secret key. The adversary’s objective is to obtain information about the plaintext data by examining the output of the homomorphic operation. Through randomised encoding, such as adding a random value to the plaintext before encryption, black box attacks can be tackled.

Lattice attacks ^{[34]}: A lattice attack is a form of attack exploiting the vulnerabilities in lattice structures to restore the secret key in a latticebased cryptosystem. This type of attack can be used to target some latticebased HE schemes. For example, it was shown in ^{[34]} that, under certain parameter settings, an attacker could directly derive the plaintext from the ciphertext and public key even without using the secret key of the latticebased FHE.

Other attacks: Other attacks that target HE include attacks on broadcast encryption ^{[35]}, chosen ciphertext key recovery attacks ^{[35]}, chosen related plaintext attacks ^{[35]}, decoding attacks on LWE ^{[31]} and reaction attacks ^{[36]}.
3. Potential HE Libraries for Biometric Security
HE libraries play a pivotal role in helping researchers and professionals implement HE in many applications including biometrics. The efficiency of these applications has been greatly improved by the evolution and optimisation of HE libraries over the past few years ^{[37]}. HE libraries ^{[14]}^{[20]} that have been adopted or will potentially be implemented for biometric security are summarised in Table 1.
Table 1. HE libraries for biometric security (adapted from ^{[13]}^{[38]}).
HE Library 
Year Released 
HE Schemes Supported 
Development Language 
HElib ^{[39]} 
2013 
BGV and CKKS 
C++ 
PythonPaillier ^{[40]} 
2013 
Paillier 
Python 
JavaPaillier ^{[41]} 
 
Paillier 
Java 
SEAL ^{[39]} 
2015 
BGV, BFV and CKKS 
C++ 
FHEW ^{[42]} 
2015 
 
C 
TFHE ^{[43]} 
2016 
Ring variant of GSW 
C/C++ 
HEANN ^{[26]} 
2016 
CKKS 
C++ 
Pyfhel ^{[44]} 
2018 
BGV, BFV and CKKS 
Python and Cython 
PALISADE ^{[45]} 
2019 
BGV, BFV and CKKS 
C++ 
Lattigo ^{[46]} 
2019 
BGV, BFV and CKKS 
Go 
TenSEAL ^{[47]} 
2021 
CKKS 
C++ or Python 
OpenFHE ^{[48]} 
2022 
BGV, BFV and CKKS 
C++ 
4. HEBased Approaches to Biometric Security
4.1. HEBased Approaches to Face Security
Shahreza et al. ^{[49]} proposed a hybrid solution to securing face templates by combining the cancelable biometric (CB) technique and HE. Since the protected templates are irreversible even in the case of a compromised secret key (often referred to as the fully compromised case), using CB prior to HE strengthens the security and privacy of the whole system and reduces template dimensions, which accelerates the computation of ciphertexts. Román et al. ^{[50]} used public key encryption and HE to protect facial data. The experimental results showed that recognition performance is retained after protection. The proposed method also renders sizereduced protected templates and keys and a fast execution time compared to other latticebased HE schemes. Bauspieß et al. ^{[51]} developed an improved coefficientpackingbased FHE method to secure face templates. Capable of feature dimensionality reduction, the proposed method streamlines computations. The experimental evaluation over a public face database showed that efficient face recognition in the cryptographic domain (up to a 1.6% reduction in computing time) can be achieved on offtheshelf hardware with no loss in recognition accuracy.
4.2. HEBased Approaches to Iris Security
In iris recognition, cameras are used to capture highresolution images of the iris, from which unique features are extracted, such as the texture, shape and pattern of the iris. As one of the mostaccurate biometric authentication modalities, there is ongoing research in protecting iris data ^{[52]}.
Morampudi et al. ^{[53]} proposed a secure and verifiable classificationbased iris authentication system, named SvaS, with FHE on a malicious cloud server. SvaS aims at privacypreserving training and privacypreserving classification of nearestneighbour and multiclass perceptron models. The BFV scheme ^{[29]} provides security protection to iris templates. In this scheme, the ensemble verification vector is responsible for verifying the correctness of the computed classification results. Song et al. ^{[54]} introduced an irisbased ciphertext authentication system using FHE and the fuzzy vault. Authentication is performed with no decryption of iris templates whose homomorphic ciphertexts are stored in the database, so there is no disclosure about the iris templates. Furthermore, the proposed system eliminates the need for trust centre authentication as authentication is conducted directly on the server side using a onetime message authentication code.
4.3. HEBased Approaches to Fingerprint Security
Fingerprints are one of the mostwidely used biometric traits. Fingerprint recognition utilises the unique pattern of the ridges and valleys on a person’s fingerprints for identity authentication ^{[55]}. HEbased methods for fingerprint security are discussed below.
Yang et al. ^{[56]} proposed an HEbased fingerprint authentication system for access control and protecting sensitive fingerprint template data. Due to the use of HE, fingerprint matching takes place in the encrypted domain, making it difficult for adversaries to gain access to the original fingerprint template in the absence of the private key. The scholars also analysed the tradeoff between computing time and recognition accuracy.
4.4. HEBased Approaches to Gait Security
Each person has a distinctive gait, which can be used to distinguish them. Gait recognition utilises the way a person walks to recognise them. Lin et al. ^{[57]} proposed HEbased gait recognition to protect sensitive gait feature data. Different from fingerprint or face data, which are timeindependent, gait features are timedependent and continuous. The scholars modified a convolutional neural network (CNN) and combined it with FHE to handle encrypted gait data.
4.5. HEBased Approaches to Voice Security
Voice recognition
^{[58]}, also referred to as speaker recognition, authenticates individuals according to the unique characteristics of a person’s voice, such as intonation, tone of voice and accent. Rahulamathavan
^{[59]} redesigned the backend of speaker verification systems to alleviate the privacy concerns of speech features. Based on the Newton–Raphson method, the scholars proposed a solution to addressing the limitation of CKKS (i.e., computing the inverse square root of encrypted numbers), yielding negligible loss in recognition accuracy with reduced multiplication depth.
4.6. HEBased Approaches to Signature Security
Signature recognition makes use of the unique characteristics of a person’s signature to identify them
^{[60]}. In signature recognition systems, a digital pen or touchpad is used to capture users’ signatures, which are processed to extract distinctive features, such as the order of strokes, stress and writing speed. Barrero et al.
^{[61]} proposed HEbased biometric template protection, in which only encrypted data are processed and templates are of a fixed length. In a completely repeatable experimental framework, the scholars analysed different distance measures in the scenario of online signatures, showing that all requirements for biometric template protection (e.g., irreversibility, unlinkability and renewability) are met without compromising recognition performance and with a low computational cost.
5. Integrating HE with Other Technologies for Biometric Security
5.1. HE with Blockchain
Blockchain is an advanced technology that delivers the service of decentralised data storage and the capability to record and protect transactions using cryptography ^{[62]}. All the nodes involved in the blockchain know every transaction that occurs in the blockchain ^{[63]}. Integrating HE and blockchain technology provides a powerful combination for biometric security, allowing sensitive biometric data to be processed without compromising security.
5.2. HE with Machine/Deep Learning
With machine/deep learning technology entering many industries, as well as people’s lives, privacy and security concerns arise from system users, operators and administrators. Since CNNs are extensively employed to handle complicated visual tasks, integrating HE with machine/deep learning offers strong privacy protection for biometric systems. Wingarz et al.
^{[64]} detailed the steps to create a privacypreserving CNN and analysed its applicability and scalability in the real world. In this context, a homomorphically encrypted neural network was implemented for face recognition. The simulation results showed that running a CNN on homomorphically encrypted inputs achieved the same recognition accuracy as in a conventional CNN case.
5.3. HE with Differential Privacy
With applications in many fields (e.g., statistics and data analysis), differential privacy (DP) provides a robust protocol for privacy preservation. The basic idea of DP is to protect the privacy of individual data points by incorporating “noise” in the data so that nobody’s data can be distinguished from any other individual’s data ^{[65]}. Combining HE and DP in biometric systems renders an effective tool for protecting the privacy of biometric data, while permitting sophisticated data manipulation and analysis.