Homomorphic Encryption for Privacy-Preserving Biometrics: Comparison
Please note this is a comparison between Version 2 by Lindsay Dong and Version 1 by Wencheng Yang.

The advancement of biometric technology has facilitated wide applications of biometrics in law enforcement, border control, healthcare and financial identification and verification. Given the peculiarity of biometric features (e.g., unchangeability, permanence and uniqueness), the security of biometric data is a key area of research. Security and privacy are vital to enacting integrity, reliability and availability in biometric-related applications. Homomorphic encryption (HE) is concerned with data manipulation in the cryptographic domain, thus addressing the security and privacy issues faced by biometrics.

  • biometrics
  • biometric security
  • privacy
  • homomorphic encryption
  • privacy preserving

1. Introduction

Biometrics is the measurement of human physiological and behavioural characteristics with the purpose of recognising and describing individuals [1]. Biometric traits include biological traits (e.g., fingerprint, face and iris) and behavioural traits (e.g., voice, signature and keystroke). Thanks to the desirable attributes of biometric traits [2], such as distinctiveness, invariance and robustness, biometric systems are now extensively used for identity verification in many applications (e.g., e-health, e-banking and border control). Biometric recognition overcomes the disadvantages of traditional password- or token-based authentication; for example, passwords can be forgotten or guessed and tokens can be stolen or lost.
A typical biometric system consists of two phases: the enrolment phase and the verification phase. In the enrolment phase, a user’s biometric data are extracted from his or her biometric sample (e.g., facial image or fingerprint scan) and stored in a database as a template. In the verification phase, the biometric data of a query, processed in the same way as in the enrolment phase, are compared or matched with the template to calculate a similarity score. If this score is greater than a pre-defined threshold, matching is successful; otherwise, matching is unsuccessful. Figure 1 shows a biometric system equipped with a privacy-preserving functionality (e.g., homomorphic encryption).
Figure 1. A privacy-preserving biometric system (adapted from [3]), with the facial image sourced from the ORL face database [4] and the fingerprint image from the FVC2002 fingerprint database [5].
Despite the benefits brought by biometrics, biometric systems have their own weaknesses. Biometric data are uniquely linked to a person’s identity, and no two individuals in the world own exactly the same biometrics. Biometric data leaked in one application mean that they would be compromised in all other applications that depend on the same biometrics, which could lead to a data breach and identity fraud. With biometric security being a growing concern [6], researchers have developed a variety of biometric template protection techniques. Biometric template protection aims to secure the privacy and confidentiality of biometric template data while providing satisfactory recognition performance. Biometric template protection can be broadly divided into three categories—cancelable biometrics, biometric cryptosystems and homomorphic encryption (HE). These categories differ in their protection techniques, such as non-invertible transformation used by cancelable biometrics, key binding/generation employed in biometric cryptosystems and operation on ciphertext conducted by HE. The selection of the protection technique depends on specific applications and the desired level of security, as each category has its own properties, advantages and disadvantages, which are described below:
  • Cancelable biometrics: For security reasons, cancelable biometric systems do not store the original biometric data as templates. Instead, raw biometric data are transformed by a non-invertible transformation function in the enrolment phase, and the transformed data are stored in the database. Such a transformation is intentional and reproducible [7]. An essential property of cancelable biometrics is irreversibility, meaning that it should be computationally infeasible to retrieve the original biometric data from the transformed template [8]. In the verification phase, the same transformation is applied to the query data. Matching is performed in the transformed domain so that no original biometric data are divulged. If the stored (transformed) template is compromised, a new version can be generated by altering the transformation parameters. Cancelable biometrics is considered relatively simple and easy to implement.
  • Biometric cryptosystems: Bio-cryptosystems combine the benefits of biometrics and cryptography. In bio-cryptosystems, secret keys are either technically tied to or directly produced from biometric data. The original biometric data are encrypted by a secure sketch (e.g., Fuzzy Commitment [9], Fuzzy Vault [10] and PinSketch [11]) with helper data as the output. The helper data are generated by an irreversible cryptographic process so that it is difficult for adversaries to acquire the original biometric features from the helper data [12].
  • Homomorphic encryption (HE): HE tackles the data privacy issues by performing multiple operations on the encrypted data without any decryption [13]. Because the result of the HE computation remains encrypted and can only be decrypted by the data owners, confidentiality is kept and any third party can operate over the ciphertext without accessing the original plaintext [14].
HE is relatively new and promising compared to cancelable biometrics and bio-cryptosystems. It allows mathematical operations to be performed on encrypted biometric data without the need to decrypt them for authentication. In other words, biometric data can be encrypted and stored in databases without being decrypted during matching, thus preventing unauthorised access or privacy breaches. In addition, unlike cancelable biometrics, HE does not affect recognition accuracy. Overall, the application of HE in biometrics can protect the security and privacy of biometric data, while allowing for highly accurate identity verification.

2. Homomorphic Encryption

A notion originated by Rivest, Adleman, and Dertouzos in 1978, HE allows calculation over encrypted data. This feature of HE is reflected in some well-known public key cryptosystems, such as the classic RSA [21][15] or El-Gamal [22][16], but it only works for one operation (addition or multiplication) and, sometimes, for a very limited number of two operations [23][17]. Several decades later, Gentry [24][18] in 2009 first proposed a public key encryption scheme capable of any kind of operation, namely fully homomorphic encryption (FHE). HE allows for certain types of operations on ciphertexts without accessing the secret key. In addition, HE produces an encrypted result in which the decryption matches the computed result on the plaintext [25][19]. HE is classified based on a list of mathematical operations on encrypted data. The effectiveness and flexibility of HE are closely related to the number of operations on the list. HE schemes with a higher number of operations are considered more flexible, but have lower efficiency. Conversely, schemes with a smaller number of operations are less flexible, but more efficient [17][20]. Depending on the number of operations that are arbitrarily evaluated on the encrypted data, HE can be classified into different types, including FHE, partially homomorphic encryption (PHE) and somewhat homomorphic encryption (SHE).

2.1. The Basics of HE

Building an HE scheme requires four steps [14]: key generation, encryption, decryption and homomorphic arithmetic operations (e.g., addition and multiplication). An encryption scheme is considered homomorphic [19][21] if it supports homomorphic addition and/or homomorphic multiplication, expressed by: Homomorphic addition: E ( m 1 ) + E ( m 2 ) = E ( m 1 + m 2 ) , m 1 , m 2 M Homomorphic multiplication: E ( m 1 ) E ( m 2 ) = E ( m 1 m 2 ) , m 1 , m 2 M where E represents an HE algorithm, M is the set of all possible messages, “+” denotes the addition operation and “*” the multiplication operation.

2.2. Partially Homomorphic Encryption

PHE allows an infinite number of operations of one type. For instance, additive HE allows an unlimited number of additions, but does not allow multiplication [17][20]. Below is a selection of the main PHE schemes:
  • RSA [21][15]: Inspired by the Diffie–Hellmann key exchange problem [29][22], RSA was proposed in 1978. RSA is one of the first public key encryption methods for securing communication on the Internet. According to [17][20], RSA is considered the first multiplicative PHE.
]. As a result, after a certain number of multiplications or additions, ciphertexts cannot be decrypted correctly because of the growth in the error. To address this issue, Gentry [24][18] introduced a technique, known as bootstrapping, which converts a scheme that is not fully homomorphic (e.g., SHE) into one that is fully homomorphic. In other words, FHE is built on a bootstrappable SHE. Two main FHE schemes are described below:
  • BGV [33][28]: This scheme was a credit to Zvika Brakerski, Craig Gentry and Vinod Vaikuntanathan based on learning with error (LWE) or ring-LWE (RLWE) [33]

2.5. Possible Attacks on HE Systems

Although HE can provide robust security, it is not exempt from attacks. A number of attacks can be initiated against HE systems, the application of HE to biometrics are:
  • Side-channel attacks [36][31][28], without Gentry’s bootstrapping procedure [24][18]. Considered one of the hardest problems, which can be addressed in polynomial time, LWE has been intensively studied to build postquantum cryptographic solutions. As an algebraic variant of LWE, RLWE was put forth to have more efficient real-world applications with stronger security.
  • : Side-channel attacks assume that an adversary has access to some information about the secret key of the encryption algorithm. For example, the adversary launches timing attacks [37][32] that take advantage of the time a system spends on calculations while the encryption/decryption algorithm is being executed. Side-channel attacks are especially troublesome for HE as the encryption/decryption process involves a complex computation, which may leave a trace of information that can be exploited. A desirable security requirement for HE schemes is to have resistance to such attacks, often called leakage resilience, meaning that semantic security should not be breached, even in the case of side-channel attacks.
    GM [30][23]: GM is the first probabilistic public key encryption scheme proposed by Goldwasser and Micali. The GM cryptosystem is based on the hardness of the quadratic residuosity problem.
  • BFV [34][29]: Considering the complexity and efficiency issues of FHE, Brakerski proposed several LWE-based FHE schemes, including Brakerski’s scale-invariant scheme [35][
  • Black box attacks [3830]. BFV is the Fan–Vercauteren variant of Brakerski’s scale-invariant scheme [35][30]. It modifies the LWE setting in [35
    El-Gamal [22][16]: Being a multiplicative PHE scheme, the El-Gamal algorithm was derived from Diffie–Hellmann key exchange. Its security is based on the difficult mathematical problem known as the decisional discrete logarithm problem [14].
  • Paillier [26][24]: Paillier is another probabilistic public key encryption scheme based on the composite residuosity problem [14], similar to the quadratic residuosity problem in GM. The Paillier scheme is homomorphic over addition and several extra basic operations on plaintexts.

2.3. Somewhat Homomorphic Encryption

SHE supports a predefined number of homomorphic operations, with the restriction on the number of permitted operations. Every operation adds to the underlying noise, so its proper evaluation relies only on performing a limited number of operations. When noise exceeds a certain threshold, the decryption of messages fails [17][20]. The key features of two main SHE schemes are introduced below:
  • BGN [31][25]: Developed by Dan Boneh, Eu-Jin Goh and Kobbi Nissim, the BGN scheme was the first to support the addition and multiplication of ciphertexts with a constant size. It allows for any number of additions and a single multiplication operation on a ciphertext of a specified length. The homomorphic property of BGN allows users to evaluate multi-variate polynomials of a total degree of two given the encrypted inputs. The security of BGN is achieved under the assumption of the subgroup decision problem [17][20].
  • CKKS [27][26]: Proposed by Jung Cheon, Andrey Kim, Miran Kim and Yongsoo Song, the CKKS scheme permits approximate addition and multiplication over ciphertexts whose plaintexts can be vectors of real or complex values. Since many HE schemes only work on binary or integer values, this feature of CKKS has attracted many researchers’ attention ][30] to be RLWE. Using a simple modulus switching trick, BFV is more efficient than Brakerski’s scale-invariant scheme [][[14].

2.4. Fully Homomorphic Encryption

For FHE, there is no limit to the number of operations that can be undertaken [32][27]. The inherent characteristic of HE is that, each time a homomorphic operation is performed, the errors increase [13
  • ]33][30] according to [14]. The security of BFV-type cryptosystems is based on the RLWE problem.
  • : A black box attack on HE takes place when an adversary gains access to the encrypted data and manipulates them, but the adversary has no access to the secret key. The adversary’s objective is to obtain information about the plaintext data by examining the output of the homomorphic operation. Through randomised encoding, such as adding a random value to the plaintext before encryption, black box attacks can be tackled.
  • Lattice attacks [39][34]: A lattice attack is a form of attack exploiting the vulnerabilities in lattice structures to restore the secret key in a lattice-based cryptosystem. This type of attack can be used to target some lattice-based HE schemes. For example, it was shown in [39][34] that, under certain parameter settings, an attacker could directly derive the plaintext from the ciphertext and public key even without using the secret key of the lattice-based FHE.
  • Other attacks: Other attacks that target HE include attacks on broadcast encryption [40][35], chosen ciphertext key recovery attacks [40][35], chosen related plaintext attacks [40][35], decoding attacks on LWE [36][31] and reaction attacks [41][36].

3. Potential HE Libraries for Biometric Security

HE libraries play a pivotal role in helping researchers and professionals implement HE in many applications including biometrics. The efficiency of these applications has been greatly improved by the evolution and optimisation of HE libraries over the past few years [16][37]. HE libraries [14,17][14][20] that have been adopted or will potentially be implemented for biometric security are summarised in Table 1.

Table 1. HE libraries for biometric security (adapted from [13,15]).
HE libraries for biometric security (adapted from [13][38]).
HE Library Year Released HE Schemes Supported Development Language
HElib [44]HElib [39] 2013 BGV and CKKS C++
Python-Paillier [55]Python-Paillier [40] 2013 Paillier Python
Java-Paillier [56]Java-Paillier [41] - Paillier Java
SEAL [44]SEAL [39] 2015 BGV, BFV and CKKS C++
FHEW [47]FHEW [42] 2015 - C
TFHE [45]TFHE [43] 2016 Ring variant of GSW C/C++
HEANN [27]HEANN [26] 2016 CKKS C++
Pyfhel [52]Pyfhel [44] 2018 BGV, BFV and CKKS Python and Cython
PALISADE [49]PALISADE [45] 2019 BGV, BFV and CKKS C++
Lattigo [50]Lattigo [46] 2019 BGV, BFV and CKKS Go
TenSEAL [57]TenSEAL [47] 2021 CKKS C++ or Python
OpenFHE [53]OpenFHE [48] 2022 BGV, BFV and CKKS C++

4. HE-Based Approaches to Biometric Security

4.1. HE-Based Approaches to Face Security

Shahreza et al. [58][49] proposed a hybrid solution to securing face templates by combining the cancelable biometric (CB) technique and HE. Since the protected templates are irreversible even in the case of a compromised secret key (often referred to as the fully compromised case), using CB prior to HE strengthens the security and privacy of the whole system and reduces template dimensions, which accelerates the computation of ciphertexts. Román et al. [59][50] used public key encryption and HE to protect facial data. The experimental results showed that recognition performance is retained after protection. The proposed method also renders size-reduced protected templates and keys and a fast execution time compared to other lattice-based HE schemes. Bauspieß et al. [60][51] developed an improved coefficient-packing-based FHE method to secure face templates. Capable of feature dimensionality reduction, the proposed method streamlines computations. The experimental evaluation over a public face database showed that efficient face recognition in the cryptographic domain (up to a 1.6% reduction in computing time) can be achieved on off-the-shelf hardware with no loss in recognition accuracy.

4.2. HE-Based Approaches to Iris Security

In iris recognition, cameras are used to capture high-resolution images of the iris, from which unique features are extracted, such as the texture, shape and pattern of the iris. As one of the most-accurate biometric authentication modalities, there is ongoing research in protecting iris data [69][52]

Morampudi et al. [70][53] proposed a secure and verifiable classification-based iris authentication system, named SvaS, with FHE on a malicious cloud server. SvaS aims at privacy-preserving training and privacy-preserving classification of nearest-neighbour and multiclass perceptron models. The BFV scheme [34][29] provides security protection to iris templates. In this scheme, the ensemble verification vector is responsible for verifying the correctness of the computed classification results. Song et al. [71][54] introduced an iris-based ciphertext authentication system using FHE and the fuzzy vault. Authentication is performed with no decryption of iris templates whose homomorphic ciphertexts are stored in the database, so there is no disclosure about the iris templates. Furthermore, the proposed system eliminates the need for trust centre authentication as authentication is conducted directly on the server side using a one-time message authentication code. 

4.3. HE-Based Approaches to Fingerprint Security

Fingerprints are one of the most-widely used biometric traits. Fingerprint recognition utilises the unique pattern of the ridges and valleys on a person’s fingerprints for identity authentication [78][55]. HE-based methods for fingerprint security are discussed below. Yang et al. [79][56] proposed an HE-based fingerprint authentication system for access control and protecting sensitive fingerprint template data. Due to the use of HE, fingerprint matching takes place in the encrypted domain, making it difficult for adversaries to gain access to the original fingerprint template in the absence of the private key. The scholars also analysed the trade-off between computing time and recognition accuracy.

4.4. HE-Based Approaches to Gait Security

Each person has a distinctive gait, which can be used to distinguish them. Gait recognition utilises the way a person walks to recognise them. Lin et al. [81][57] proposed HE-based gait recognition to protect sensitive gait feature data. Different from fingerprint or face data, which are time-independent, gait features are time-dependent and continuous. The scholars modified a convolutional neural network (CNN) and combined it with FHE to handle encrypted gait data.

4.5. HE-Based Approaches to Voice Security

Voice recognition [82][58], also referred to as speaker recognition, authenticates individuals according to the unique characteristics of a person’s voice, such as intonation, tone of voice and accent. Rahulamathavan [83][59] redesigned the back-end of speaker verification systems to alleviate the privacy concerns of speech features. Based on the Newton–Raphson method, the scholars proposed a solution to addressing the limitation of CKKS (i.e., computing the inverse square root of encrypted numbers), yielding negligible loss in recognition accuracy with reduced multiplication depth.

4.6. HE-Based Approaches to Signature Security

Signature recognition makes use of the unique characteristics of a person’s signature to identify them [85][60]. In signature recognition systems, a digital pen or touchpad is used to capture users’ signatures, which are processed to extract distinctive features, such as the order of strokes, stress and writing speed. Barrero et al. [86][61] proposed HE-based biometric template protection, in which only encrypted data are processed and templates are of a fixed length. In a completely repeatable experimental framework, the scholars analysed different distance measures in the scenario of online signatures, showing that all requirements for biometric template protection (e.g., irreversibility, unlinkability and renewability) are met without compromising recognition performance and with a low computational cost.

5. Integrating HE with Other Technologies for Biometric Security

5.1. HE with Blockchain

Blockchain is an advanced technology that delivers the service of decentralised data storage and the capability to record and protect transactions using cryptography [96][62]. All the nodes involved in the blockchain know every transaction that occurs in the blockchain [97][63]. Integrating HE and blockchain technology provides a powerful combination for biometric security, allowing sensitive biometric data to be processed without compromising security.

5.2. HE with Machine/Deep Learning

With machine/deep learning technology entering many industries, as well as people’s lives, privacy and security concerns arise from system users, operators and administrators. Since CNNs are extensively employed to handle complicated visual tasks, integrating HE with machine/deep learning offers strong privacy protection for biometric systems. Wingarz et al. [66][64] detailed the steps to create a privacy-preserving CNN and analysed its applicability and scalability in the real world. In this context, a homomorphically encrypted neural network was implemented for face recognition. The simulation results showed that running a CNN on homomorphically encrypted inputs achieved the same recognition accuracy as in a conventional CNN case.

5.3. HE with Differential Privacy

With applications in many fields (e.g., statistics and data analysis), differential privacy (DP) provides a robust protocol for privacy preservation. The basic idea of DP is to protect the privacy of individual data points by incorporating “noise” in the data so that nobody’s data can be distinguished from any other individual’s data [98][65]. Combining HE and DP in biometric systems renders an effective tool for protecting the privacy of biometric data, while permitting sophisticated data manipulation and analysis.

References

  1. Yang, W.; Wang, S.; Hu, J.; Zheng, G.; Valli, C. Security and Accuracy of Fingerprint-based Biometrics: A Review. Symmetry 2019, 11, 141.
  2. Yang, W.; Wang, S.; Sahri, N.M.; Karie, N.M.; Ahmed, M.; Valli, C. Biometrics for Internet-of-Things Security: A Review. Sensors 2021, 21, 6163.
  3. Yang, W.; Wang, S.; Shahzad, M.; Zhou, W. A cancelable biometric authentication system based on feature-adaptive random projection. J. Inf. Secur. Appl. 2021, 58, 102704.
  4. Saraswathi, M.; Sivakumari, D.S. Evaluation of PCA and LDA techniques for Face recognition using ORL face database. Int. J. Comput. Sci. Inf. Technol. 2015, 6, 810–813.
  5. Maio, D.; Maltoni, D.; Cappelli, R.; Wayman, J.L.; Jain, A.K. FVC2002: Second fingerprint verification competition. In Proceedings of the 2002 International Conference on Pattern Recognition, Quebec City, QC, Canada, 11–15 August 2002; IEEE: New York, NY, USA, 2002; Volume 3, pp. 811–814.
  6. Iezzi, M. Practical privacy-preserving data science with homomorphic encryption: An overview. In Proceedings of the 2020 IEEE International Conference on Big Data (Big Data), Atlanta, GA, USA, 10–13 December 2020; IEEE: New York, NY, USA, 2020; pp. 3979–3988.
  7. Yang, W.; Hu, J.; Wang, S.; Wu, Q. Biometrics based Privacy-Preserving Authentication and Mobile Template Protection. Wirel. Commun. Mob. Comput. 2018, 2018, 7107295.
  8. Yang, W.; Wang, S.; Kang, J.J.; Johnstone, M.N.; Bedari, A. A linear convolution-based cancelable fingerprint biometric authentication system. Comput. Secur. 2022, 114, 102583.
  9. Juels, A.; Wattenberg, M. A fuzzy commitment scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore, 1–4 November 1999; ACM: New York, NY, USA, 1999; pp. 28–36.
  10. Juels, A.; Sudan, M. A fuzzy vault scheme. Des. Codes Cryptogr. 2006, 38, 237–257.
  11. Dodis, Y.; Reyzin, L.; Smith, A. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Proceedings of the Advances in cryptology-Eurocrypt 2004, Interlaken, Switzerland, 2–6 May 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 523–540.
  12. Yang, W.; Hu, J.; Wang, S. A Delaunay Quadrangle-Based Fingerprint Authentication System With Template Protection Using Topology Code for Local Registration and Security Enhancement. IEEE Trans. Inf. Forensics Secur. 2014, 9, 1179–1192.
  13. Marcolla, C.; Sucasas, V.; Manzano, M.; Bassoli, R.; Fitzek, F.H.; Aaraj, N. Survey on Fully Homomorphic Encryption, Theory, and Applications. Proc. IEEE 2022, 110, 1572–1609.
  14. Doan, T.V.T.; Messai, M.L.; Gavin, G.; Darmon, J. A Survey on Implementations of Homomorphic Encryption Schemes. Res. Sq. 2022, 37.
  15. Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public key cryptosystems. Commun. ACM 1978, 21, 120–126.
  16. ElGamal, T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 1985, 31, 469–472.
  17. Bringer, J.; Chabanne, H.; Patey, A. Privacy-preserving biometric identification using secure multiparty computation: An overview and recent trends. IEEE Signal Process. Mag. 2013, 30, 42–52.
  18. Gentry, C. A Fully Homomorphic Encryption Scheme; Stanford University: Stanford, CA, USA, 2009.
  19. Sun, X.; Yu, F.R.; Zhang, P.; Xie, W.; Peng, X. A survey on secure computation based on homomorphic encryption in vehicular ad hoc networks. Sensors 2020, 20, 4253.
  20. Pulido-Gaytan, B.; Tchernykh, A.; Cortés-Mendoza, J.M.; Babenko, M.; Radchenko, G.; Avetisyan, A.; Drozdov, A.Y. Privacy-preserving neural networks with Homomorphic encryption: Challenges and opportunities. Peer-Peer Netw. Appl. 2021, 14, 1666–1691.
  21. Bansal, V. Survey on Homomorphic Encryption. In Proceedings of the 2021 5th International Conference on Information Systems and Computer Networks (ISCON), Mathura, India, 22–23 October 2021; IEEE: New York, NY, USA, 2021; pp. 1–4.
  22. Diffie, W.; Hellman, M.E. New directions in cryptography. In Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman; Springer: Berlin/Heidelberg, Germany, 2022; pp. 365–390.
  23. Goldwasser, S.; Micali, S. Probabilistic encryption & how to play mental poker keeping secret all partial information. In Proceedings of the Fourteenth Annual ACM Symposium on Theory of Computing, San Francisco, CA, USA, 5–7 May 1982; pp. 365–377.
  24. Paillier, P. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, Prague, Czech Republic, 2–6 May 1999; Springer: Berlin/Heidelberg, Germany, 1999; pp. 223–238.
  25. Boneh, D.; Goh, E.J.; Nissim, K. Evaluating 2-DNF formulas on ciphertexts. In Proceedings of the Theory of Cryptography Conference, Cambridge, MA, USA, 10–12 February 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 325–341.
  26. Cheon, J.H.; Kim, A.; Kim, M.; Song, Y. Homomorphic encryption for arithmetic of approximate numbers. In Proceedings of the International conference on the theory and application of cryptology and information security, Hong Kong, China, 3–7 December 2017; Springer: Berlin/Heidelberg, Germany, 2017; pp. 409–437.
  27. Zhigang, C.; Jian, W.; Liqun, C.; Xinxia, S. Review of how to construct a fully homomorphic encryption scheme. Int. J. Secur. Its Appl. 2014, 8, 221–230.
  28. Brakerski, Z.; Gentry, C.; Vaikuntanathan, V. (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory (TOCT) 2014, 6, 1–36.
  29. Fan, J.; Vercauteren, F. Somewhat practical fully homomorphic encryption. In Cryptology ePrint Archive; 2012; p. 19. Available online: https://eprint.iacr.org/2012/144 (accessed on 1 February 2023).
  30. Brakerski, Z. Fully homomorphic encryption without modulus switching from classical GapSVP. In Proceedings of the Annual Cryptology Conference, Barbara, CA, USA, 19–23 August 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 868–886.
  31. Chase, M.; Chen, H.; Ding, J.; Goldwasser, S.; Gorbunov, S.; Hoffstein, J.; Lauter, K.; Lokam, S.; Moody, D.; Morrison, T. Security of homomorphic encryption. HomomorphicEncryption. org, Redmond WA, Tech. Rep. 2017. Available online: https://www.microsoft.com/en-us/research/wp-content/uploads/2018/01/security_homomorphic_encryption_white_paper.pdf (accessed on 1 February 2023).
  32. Cheng, W.; Danger, J.L.; Guilley, S.; Huang, F.; Korchi, A.B.; Rioul, O. Cache-Timing Attack on the SEAL Homomorphic Encryption Library. In Proceedings of the 11th International Workshop on Security Proofs for Embedded Systems (PROOFS 2022), Leuven, Belgium, 19 September 2022.
  33. Borovik, A.; Yalçınkaya, Ş. Homomorphic encryption and some black box attacks. In Proceedings of the Mathematical Software–ICMS 2020: 7th International Conference, Braunschweig, Germany, 13–16 July 2020; Springer: Berlin/Heidelberg, Germany, 2020; pp. 115–124.
  34. Chunsheng, G. Attack on fully homomorphic encryption over the integers. arXiv 2012, arXiv:1202.3321.
  35. Bogos, S.; Gaspoz, J.; Vaudenay, S. Cryptanalysis of a homomorphic encryption scheme. Cryptogr. Commun. 2018, 10, 27–39.
  36. Zhang, Z.; Plantard, T.; Susilo, W. Reaction attack on outsourced computing with fully homomorphic encryption schemes. In Proceedings of the International Conference on Information Security and Cryptology, Seoul, Republic of Korea, 2–4 December 2020; Springer: Berlin/Heidelberg, Germany, 2012; pp. 419–436.
  37. Abreu, Z.; Pereira, L. Privacy protection in smart meters using homomorphic encryption: An overview. Wiley Interdiscip. Rev. Data Min. Knowl. Discov. 2022, 12, e1469.
  38. Munjal, K.; Bhatia, R. A systematic review of homomorphic encryption and its contributions in healthcare industry. Complex Intell. Syst. 2022, 1–28.
  39. Halevi, S.; Shoup, V. Algorithms in helib. In Proceedings of the Annual Cryptology Conference, Santa Barbara, CA, USA, 17–21 August 2014; Springer: Berlin/Heidelberg, Germany, 2014; pp. 554–571.
  40. Data61, C. Python Paillier Library. 2013. Available online: https://github.com/data61/python-paillier (accessed on 1 February 2023).
  41. Java Paillier Library. Available online: http://www.csee.umbc.edu/~kunliu1/research/Paillier.html (accessed on 1 February 2023).
  42. FHEW Library. Available online: https://github.com/lducas/FHEW/ (accessed on 1 February 2023).
  43. Chillotti, I.; Gama, N.; Georgieva, M.; Izabachene, M. Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, 4–8 December 2016; Springer: Berlin/Heidelberg, Germany, 2016; pp. 3–33.
  44. Pyfhel Library. Available online: https://github.com/ibarrond/Pyfhel (accessed on 1 February 2023).
  45. Polyakov, Y.; Rohloff, K.; Ryan, G.W. Palisade Lattice Cryptography Library User Manual; Technical Report; Cybersecurity Research Center, New Jersey Institute of Technology (NJIT): Newark, NJ, USA, 2017; Volume 15.
  46. Mouchet, C.V.; Bossuat, J.P.; Troncoso-Pastoriza, J.R.; Hubaux, J.P. Lattigo: A multiparty homomorphic encryption library in go. In Proceedings of the 8th Workshop on Encrypted Computing and Applied Homomorphic Cryptography, Virtual, 15 December 2020; pp. 64–70.
  47. Benaissa, A.; Retiat, B.; Cebere, B.; Belfedhal, A.E. TenSEAL: A library for encrypted tensor operations using homomorphic encryption. arXiv 2021, arXiv:2104.03152.
  48. OpenFHE Library. Available online: https://github.com/openfheorg/openfhe-development (accessed on 1 February 2023).
  49. Shahreza, H.O.; Rathgeb, C.; Osorio-Roig, D.; Hahn, V.K.; Marcel, S.; Busch, C. Hybrid Protection of Biometric Templates by Combining Homomorphic Encryption and Cancelable Biometrics. In Proceedings of the 2022 International Joint Conference on Biometrics (IJCB 2022), Abu Dhabi, United Arab Emirates, 10–13 October 2022; p. 10.
  50. Roberto Román, R.A. A Quantum-Resistant Face Template Protection Scheme using Kyber and Saber Public Key Encryption Algorithms. In Proceedings of the 2022 International Conference of the Biometrics Special Interest Group (BIOSIG), Darmstadt, Germany, 14–16 September 2022.
  51. Bauspieß, P.; Olafsson, J.; Kolberg, J.; Drozdowski, P.; Rathgeb, C.; Busch, C. Improved homomorphically encrypted biometric identification using coefficient packing. In Proceedings of the 2022 International Workshop on Biometrics and Forensics (IWBF), Salzburg, Austria, 20–21 April 2022; IEEE: New York, NY, USA, 2022; pp. 1–6.
  52. Yang, W.; Wang, S.; Hu, J.; Ibrahim, A.; Zheng, G.; Macedo, M.; Johnstone, M.; Valli, C. A Cancelable Iris- and Steganography-based User Authentication System for the Internet of Things. Sensors 2019, 19, 2985.
  53. Morampudi, M.K.; Prasad, M.V.; Verma, M.; Raju, U. Secure and verifiable iris authentication system using fully homomorphic encryption. Comput. Electr. Eng. 2021, 89, 106924.
  54. Song, X.; Chen, Z.; Sun, D. Iris ciphertext authentication system based on fully homomorphic encryption. J. Inf. Process. Syst. 2020, 16, 599–611.
  55. Shahzad, M.; Wang, S.; Deng, G.; Yang, W. Alignment-free Cancelable Fingerprint Templates with Dual Protection. Pattern Recognit. 2020, 111, 107735.
  56. Yang, W.; Wang, S.; Yu, K.; Kang, J.J.; Johnstone, M.N. Secure Fingerprint Authentication with Homomorphic Encryption. In Proceedings of the 2020 Digital Image Computing: Techniques and Applications, Melbourne, Australia, 29 November–2 December 2020; IEEE: New York, NY, USA, 2020; pp. 1–6.
  57. Lin, L.; Tian, B.; Zhao, Y.; Niu, Y. A Privacy-Preserving Gait Recognition Scheme Under Homomorphic Encryption. In Proceedings of the 2022 International Conference on Networking and Network Applications (NaNA), Urumqi, China, 3–5 December 2022; IEEE: New York, NY, USA, 2022; pp. 406–410.
  58. Ahmed, S.; Chowdhury, A.R.; Fawaz, K.; Ramanathan, P. Spreech: A System for Privacy-Preserving Speech Transcription. arXiv 2019, arXiv:1909.04198.
  59. Rahulamathavan, Y. Privacy-preserving Similarity Calculation of Speaker Features Using Fully Homomorphic Encryption. arXiv 2022, arXiv:2202.07994.
  60. Lotfy, Y.A.; Darwish, S.M. A Secure Signature Scheme for IoT Blockchain Framework Based on Multimodal Biometrics. In Proceedings of the International Conference on Advanced Intelligent Systems and Informatics, Cairo, Egypt, 19–21 October 2020; Springer: Berlin/Heidelberg, Germany, 2020; pp. 261–270.
  61. Gomez-Barrero, M.; Fierrez, J.; Galbally, J.; Maiorana, E.; Campisi, P. Implementation of fixed-length template protection based on homomorphic encryption with application to signature biometrics. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, Las Vegas, NV, USA, 26 June–1 July 2016; pp. 191–198.
  62. Yang, W.; Wang, S.; Yin, X.; Wang, X.; Hu, J. A Review on Security Issues and Solutions of the Internet of Drones. IEEE Open J. Comput. Soc. 2022, 3, 96–110.
  63. Wang, X.; Zha, X.; Ni, W.; Liu, R.P.; Guo, Y.J.; Niu, X.; Zheng, K. Survey on blockchain for Internet of Things. Comput. Commun. 2019, 136, 10–29.
  64. Wingarz, T.; Gomez-Barrero, M.; Busch, C.; Fischer, M. Privacy-Preserving Convolutional Neural Networks Using Homomorphic Encryption. In Proceedings of the 2022 International Workshop on Biometrics and Forensics (IWBF), Rome, Italy, 6–7 May 2021; IEEE: New York, NY, USA, 2021; pp. 1–6.
  65. Wood, A.; Altman, M.; Bembenek, A.; Bun, M.; Gaboardi, M.; Honaker, J.; Nissim, K.; O’Brien, D.R.; Steinke, T.; Vadhan, S. Differential privacy: A primer for a non-technical audience. Vanderbilt J. Entertain. Technol. Law 2018, 21, 209.
More
ScholarVision Creations