BioZero: Privacy-Preserving and Publicly Verifiable On-Chain Biometric Authentication via Homomorphic Commitments and Zero-Knowledge Proofs

Decentralized identity systems promise user-controlled identifiers and cross-domain verification without a shared identity provider, yet authentication still reduces to possession of keys or credentials once secrets are leaked, reused, or replayed. We present BioZero, a privacy-preserving biometric authentication protocol for decentralized identity that binds an enrolled identity to a biometric witness without revealing biometric templates, while enabling publicly verifiable on-chain decisions. BioZero combines Pedersen commitment-homomorphic computation, consistency spot-checks, and Groth16 zero-knowledge proofs to achieve identity-bound authentication with succinct on-chain verification. We analyze acceptance soundness, freshness, template privacy, and non-malleability under an open decentralized threat model including replay, timing, brute-force, oracle, and forgery attacks. On an Ethereum testbed, BioZero achieves up to 67.8x lower network-adjusted total authentication latency and up to 266.4x faster client-side proving than a zk-SNARK-only baseline. Verification stays in the millisecond range (28.8-41.2 ms vs. 35.4-77.6 ms). With lambda=1 spot-checking, gas grows from 336,778 to 954,066 as N increases from 2 to 128, becomes lower than the baseline from N>=16, and is 2.59x lower at N=128. LFW experiments on 128D and 512D models show accuracy loss below 1% across practical quantization ranges. These results indicate that BioZero is a practical authentication layer for decentralized biometric identity systems.