pith. sign in

arxiv: 2409.17509 · v2 · submitted 2024-09-26 · 💻 cs.CR

BioZero: Privacy-Preserving and Publicly Verifiable On-Chain Biometric Authentication via Homomorphic Commitments and Zero-Knowledge Proofs

Zibin Lin , Taotao Wang , Junhao Lai , Shengli Zhang , Qing Yang , Soung Chang Liew This is my paper

Pith reviewed 2026-05-23 21:09 UTC · model grok-4.3

classification 💻 cs.CR
keywords privacy-preserving biometric authenticationhomomorphic commitmentszero-knowledge proofson-chain verificationdecentralized identityPedersen commitmentsGroth16blockchain authentication
0
0 comments X

The pith

BioZero binds biometric witnesses to decentralized identities using homomorphic commitments and succinct zero-knowledge proofs for on-chain verification without revealing templates.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents BioZero as a protocol that ties an enrolled biometric identity to an account in a decentralized setting so that authentication decisions can be publicly verified on-chain. It achieves this by committing to templates with Pedersen commitments, performing homomorphic matching, adding consistency spot-checks, and wrapping the result in Groth16 proofs. The design targets an open threat model that includes replay, timing, brute-force, oracle, and forgery attacks while claiming to preserve acceptance soundness, freshness, template privacy, and non-malleability. Experiments on Ethereum show lower latency and gas costs than a pure zk-SNARK baseline once the number of spot-checks grows, with biometric accuracy loss kept under one percent. A sympathetic reader would care because the work offers a concrete route to biometric authentication in environments where simple key possession is insufficient once secrets leak or are reused.

Core claim

BioZero combines Pedersen commitment-homomorphic computation, consistency spot-checks with lambda equal to one, and Groth16 zero-knowledge proofs to produce identity-bound authentication that supports succinct on-chain verification while satisfying acceptance soundness, freshness, template privacy, and non-malleability under an open decentralized threat model that includes replay, timing, brute-force, oracle, and forgery attacks.

What carries the argument

Pedersen commitment-homomorphic computation together with lambda=1 consistency spot-checks and Groth16 zero-knowledge proofs that together enforce identity binding and on-chain verifiability.

If this is right

  • Network-adjusted total authentication latency drops by up to 67.8 times compared with a zk-SNARK-only baseline on Ethereum.
  • Client-side proving time improves by up to 266.4 times while on-chain verification remains in the 28.8-41.2 ms range.
  • Gas consumption becomes lower than the baseline once N reaches 16 and reaches 2.59 times lower at N=128.
  • Quantized 128D and 512D face models on LFW incur accuracy loss below 1 percent across practical ranges.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same commitment-plus-spot-check pattern could be applied to other biometric modalities or to multi-factor identity proofs.
  • Integration with existing decentralized identifier standards would allow the protocol to serve as a drop-in authentication layer.
  • An attacker who can break the unlinkability assumption would need only modest changes to the current spot-check design to restore security.
  • The performance numbers suggest the approach scales to moderate numbers of spot-checks without requiring changes to the underlying proof system.

Load-bearing premise

Biometric templates remain unlinkable and the lambda=1 spot-check mechanism suffices to block forgery and enforce consistency against replay, timing, brute-force, oracle, and forgery attacks.

What would settle it

A demonstration that an adversary can either forge a valid authentication proof for an unenrolled template or link two biometric templates across independent sessions would falsify the security claims.

Figures

Figures reproduced from arXiv: 2409.17509 by Junhao Lai, Qing Yang, Shengli Zhang, Soung Chang Liew, Taotao Wang, Zibin Lin.

Figure 1
Figure 1. Figure 1: The functional building blocks and the working flow of BioZero biometric authentication. [PITH_FULL_IMAGE:figures/full_fig_p006_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: The block diagram of the circuit used in the Groth16 zk-SNRAK algorithm. [PITH_FULL_IMAGE:figures/full_fig_p007_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Experimental evaluation results of BioZero and Vanilla ZKBio: (a) the proof generation time; (b) the verification time; (c) the total authentication [PITH_FULL_IMAGE:figures/full_fig_p011_3.png] view at source ↗
read the original abstract

Decentralized identity systems promise user-controlled identifiers and cross-domain verification without a shared identity provider, yet authentication still reduces to possession of keys or credentials once secrets are leaked, reused, or replayed. We present BioZero, a privacy-preserving biometric authentication protocol for decentralized identity that binds an enrolled identity to a biometric witness without revealing biometric templates, while enabling publicly verifiable on-chain decisions. BioZero combines Pedersen commitment-homomorphic computation, consistency spot-checks, and Groth16 zero-knowledge proofs to achieve identity-bound authentication with succinct on-chain verification. We analyze acceptance soundness, freshness, template privacy, and non-malleability under an open decentralized threat model including replay, timing, brute-force, oracle, and forgery attacks. On an Ethereum testbed, BioZero achieves up to 67.8x lower network-adjusted total authentication latency and up to 266.4x faster client-side proving than a zk-SNARK-only baseline. Verification stays in the millisecond range (28.8-41.2 ms vs. 35.4-77.6 ms). With lambda=1 spot-checking, gas grows from 336,778 to 954,066 as N increases from 2 to 128, becomes lower than the baseline from N>=16, and is 2.59x lower at N=128. LFW experiments on 128D and 512D models show accuracy loss below 1% across practical quantization ranges. These results indicate that BioZero is a practical authentication layer for decentralized biometric identity systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. BioZero presents a protocol for privacy-preserving biometric authentication in decentralized identity systems. It binds enrolled identities to biometric witnesses using Pedersen commitments with homomorphic computation, lambda=1 consistency spot-checks, and Groth16 zero-knowledge proofs, enabling succinct on-chain verification. The paper claims acceptance soundness, freshness, template privacy, and non-malleability under an open decentralized threat model against replay, timing, brute-force, oracle, and forgery attacks. Performance claims include up to 67.8x lower network-adjusted latency and 266.4x faster client-side proving than a zk-SNARK baseline on Ethereum, with verification in 28.8-41.2 ms and gas costs becoming favorable for N>=16; LFW experiments show <1% accuracy loss for 128D/512D models.

Significance. If the security arguments hold with explicit reductions and bounds, the work would provide a concrete construction combining homomorphic commitments and spot-checks to achieve identity-bound on-chain biometric auth without template exposure, addressing a gap in decentralized systems. The reported efficiency gains and low accuracy impact indicate potential practicality for Ethereum-based deployments, though significance hinges on whether the central security claims are rigorously supported beyond high-level assertions.

major comments (2)
  1. [Security analysis] Security analysis (likely §4 or equivalent): the claim that lambda=1 spot-checks suffice to enforce consistency and prevent forgery lacks probability bounds on false-accept under realistic intra-user biometric variance, and provides no reduction showing that a single spot-check binds the witness to the commitment against the listed attack vectors.
  2. [Security analysis] Security analysis: the argument for template privacy and non-malleability across multiple authentications does not address unlinkability of the resulting commitments or provide a formal argument that the Pedersen-homomorphic + Groth16 combination prevents linkage under the open decentralized model.
minor comments (2)
  1. [Abstract] Abstract and §5: the performance comparison to the zk-SNARK-only baseline should explicitly state the baseline construction and parameter settings used for the 67.8x and 266.4x factors.
  2. [Experiments] Experimental section: clarify the quantization ranges and model dimensions (128D vs 512D) for the LFW accuracy results to allow direct reproduction.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on the security analysis. We address the two major comments point by point below, agreeing that additional formalization will strengthen the manuscript.

read point-by-point responses

  1. Referee: [Security analysis] Security analysis (likely §4 or equivalent): the claim that lambda=1 spot-checks suffice to enforce consistency and prevent forgery lacks probability bounds on false-accept under realistic intra-user biometric variance, and provides no reduction showing that a single spot-check binds the witness to the commitment against the listed attack vectors.

    Authors: We agree that the existing high-level argument for lambda=1 spot-checks would be strengthened by explicit bounds. In the revised manuscript we will add probability bounds on false-accept rates that incorporate the intra-user variance measured in our LFW experiments (128D/512D models). We will also include a reduction argument establishing that the single spot-check, together with the homomorphic Pedersen commitment and Groth16 soundness, binds the witness to the enrolled commitment against replay, forgery, and the other enumerated attacks under the open decentralized model. revision: yes

  2. Referee: [Security analysis] Security analysis: the argument for template privacy and non-malleability across multiple authentications does not address unlinkability of the resulting commitments or provide a formal argument that the Pedersen-homomorphic + Groth16 combination prevents linkage under the open decentralized model.

    Authors: The manuscript currently invokes the hiding property of Pedersen commitments for template privacy and Groth16 soundness for non-malleability. We concur that unlinkability across sessions is not explicitly treated. The revision will add a dedicated paragraph on unlinkability and a formal argument showing that the combination of homomorphic commitments and zero-knowledge proofs prevents linkage of commitments under the stated threat model. revision: yes

Circularity Check

0 steps flagged

No circularity: construction uses standard primitives with independent security claims and external benchmarks.

full rationale

The paper describes BioZero as a protocol combining Pedersen commitments, homomorphic computation, lambda=1 spot-checks, and Groth16 proofs to meet stated security properties under an open threat model. No equations, derivations, or self-citations are exhibited that reduce the central claims (acceptance soundness, privacy, non-malleability) to fitted inputs or prior self-work by definition. Performance numbers (latency, gas, accuracy loss <1% on LFW) are measured against external baselines and datasets rather than being forced by the protocol definition itself. The analysis is presented as holding against listed attacks without the text showing any self-definitional or fitted-input reductions.

Axiom & Free-Parameter Ledger

2 free parameters · 2 axioms · 0 invented entities

The central claim rests on standard cryptographic assumptions for the cited primitives and on experimental choices for spot-checking and quantization; no new entities are postulated.

free parameters (2)
  • lambda = 1
    Spot-checking rate set to 1 in the reported gas and latency experiments.
  • N
    Number of spot-checks varied from 2 to 128 to measure gas scaling.
axioms (2)
  • standard math Pedersen commitments are binding and hiding under the discrete-log assumption
    Invoked to support template privacy and homomorphic properties in the protocol description.
  • standard math Groth16 zk-SNARKs provide succinct, sound, and zero-knowledge verification
    Used for the on-chain verification step.

pith-pipeline@v0.9.0 · 5839 in / 1502 out tokens · 27576 ms · 2026-05-23T21:09:47.502652+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

28 extracted references · 28 canonical work pages

  1. [1]

    Security services using blockchains: A state of the art survey,

    T. Salman, M. Zolanvari, A. Erbad, R. Jain, and M. Samaka, “Security services using blockchains: A state of the art survey,” IEEE communi- cations surveys & tutorials , vol. 21, no. 1, pp. 858–880, 2018

    work page 2018

  2. [2]

    Account service network: a unified decentralized web 3.0 portal with credible anonymity,

    T. Wang, S. Zhang, Q. Yang, and S. C. Liew, “Account service network: a unified decentralized web 3.0 portal with credible anonymity,” IEEE Network, vol. 37, no. 6, pp. 101–108, 2023

    work page 2023

  3. [3]

    Ai-powered biometrics for internet of things security: A review and future vision,

    A. I. Awad, A. Babu, E. Barka, and K. Shuaib, “Ai-powered biometrics for internet of things security: A review and future vision,” Journal of Information Security and Applications , vol. 82, p. 103748, 2024

    work page 2024

  4. [4]

    A survey on blockchain- based identity management and decentralized privacy for personal data,

    K. Gilani, E. Bertin, J. Hatin, and N. Crespi, “A survey on blockchain- based identity management and decentralized privacy for personal data,” in 2020 2nd Conference on Blockchain Research & Applications for Innovative Networks and Services (BRAINS) . IEEE, 2020, pp. 97–101

    work page 2020

  5. [5]

    Decentralized society: Finding web3’s soul,

    E. G. Weyl, P. Ohlhaver, and V . Buterin, “Decentralized society: Finding web3’s soul,” 2022, available at SSRN 4105763. [Online]. Available: http://dx.doi.org/10.2139/ssrn.4105763

    work page doi:10.2139/ssrn.4105763 2022

  6. [6]

    Non-interactive and information-theoretic secure ver- ifiable secret sharing,

    T. P. Pedersen, “Non-interactive and information-theoretic secure ver- ifiable secret sharing,” in Annual international cryptology conference . Springer, 1991, pp. 129–140

    work page 1991

  7. [7]

    On the size of pairing-based non-interactive arguments,

    J. Groth, “On the size of pairing-based non-interactive arguments,” in Advances in Cryptology–EUROCRYPT 2016: 35th Annual Interna- tional Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part II 35 . Springer, 2016, pp. 305–326

    work page 2016

  8. [8]

    Bitcoin: A peer-to-peer electronic cash system,

    S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf

    work page 2008

  9. [9]

    A next-generation smart contract and decentralized application platform,

    V . Buterin et al. , “A next-generation smart contract and decentralized application platform,” white paper, vol. 3, no. 37, pp. 1–36, 2014

    work page 2014

  10. [10]

    Theorematum quorundam ad numeros primos spectantium demonstratio,

    L. Euler, “Theorematum quorundam ad numeros primos spectantium demonstratio,” Commentarii academiae scientiarum Petropolitanae , vol. 8, pp. 141–146, 1741

    work page

  11. [11]

    Statistical zero knowledge protocols to prove modular polynomial relations,

    E. Fujisaki and T. Okamoto, “Statistical zero knowledge protocols to prove modular polynomial relations,” in Advances in Cryptol- ogy—CRYPTO’97: 17th Annual International Cryptology Conference Santa Barbara, California, USA August 17–21, 1997 Proceedings 17 . Springer, 1997, pp. 16–30

    work page 1997

  12. [12]

    How to prove yourself: Practical solutions to identification and signature problems,

    A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” in Conference on the theory and application of cryptographic techniques . Springer, 1986, pp. 186–194

    work page 1986

  13. [13]

    The knowledge complexity of interactive proof-systems,

    S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity of interactive proof-systems,” in Providing sound foundations for cryptog- raphy: On the work of shafi goldwasser and silvio micali . Association for Computing Machinery, 2019, pp. 203–225

    work page 2019

  14. [14]

    A survey on zero-knowledge proof in blockchain,

    X. Sun, F. R. Yu, P. Zhang, Z. Sun, W. Xie, and X. Peng, “A survey on zero-knowledge proof in blockchain,” IEEE network, vol. 35, no. 4, pp. 198–205, 2021

    work page 2021

  15. [15]

    Zerocash: Decentralized anonymous payments from bitcoin,

    E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE symposium on security and privacy . IEEE, 2014, pp. 459–474

    work page 2014

  16. [16]

    Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems,

    P. C. Kocher, “Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems,” in Advances in Cryptology—CRYPTO’96: 16th Annual International Cryptology Conference Santa Barbara, California, USA August 18–22, 1996 Proceedings 16. Springer, 1996, pp. 104–113

    work page 1996

  17. [17]

    D. E. Knuth, The Art of Computer Programming, Volume 2: Seminu- merical Algorithms, 3rd ed. Addison-Wesley, 1997

    work page 1997

  18. [18]

    Automated cryptographic analysis of the pedersen commitment scheme,

    R. Metere and C. Dong, “Automated cryptographic analysis of the pedersen commitment scheme,” in Computer Network Security: 7th International Conference on Mathematical Methods, Models, and Ar- chitectures for Computer Network Security, MMM-ACNS 2017, Warsaw, Poland, August 28-30, 2017, Proceedings 7 . Springer, 2017, pp. 275– 287

    work page 2017

  19. [19]

    Blockmaze: An efficient privacy-preserving account-model blockchain based on zk- snarks,

    Z. Guan, Z. Wan, Y . Yang, Y . Zhou, and B. Huang, “Blockmaze: An efficient privacy-preserving account-model blockchain based on zk- snarks,” IEEE Transactions on Dependable and Secure Computing , vol. 19, no. 3, pp. 1446–1463, 2020

    work page 2020

  20. [20]

    Secure one-time biometrie tokens for non-repudiable multi-party transactions,

    K. Nandakumar, N. Ratha, S. Pankanti, and S. Darnell, “Secure one-time biometrie tokens for non-repudiable multi-party transactions,” in 2017 IEEE Workshop on Information Forensics and Security (WIFS) . IEEE, 2017, pp. 1–6

    work page 2017

  21. [21]

    Blockchain-based identity management with mobile device,

    Z. Gao, L. Xu, G. Turner, B. Patel, N. Diallo, L. Chen, and W. Shi, “Blockchain-based identity management with mobile device,” in Pro- ceedings of the 1st Workshop on Cryptocurrencies and Blockchains for Distributed Systems, 2018, pp. 66–70

    work page 2018

  22. [22]

    Private digital identity on blockchain,

    T. Hamer, K. Taylor, K. S. Ng, A. Tiu et al., “Private digital identity on blockchain,” 2019. [Online]. Available: https://ceur-ws.org/V ol-2599/ paper5.pdf

    work page 2019

  23. [23]

    A cryptocurrency for the masses or a universal id?: Worldcoin aims to scan all the world’s eyeballs,

    E. Gent, “A cryptocurrency for the masses or a universal id?: Worldcoin aims to scan all the world’s eyeballs,” IEEE Spectrum , vol. 60, no. 1, pp. 42–57, 2023. 14

    work page 2023

  24. [24]

    Securing biometric authentication system using blockchain,

    Y . K. Lee and J. Jeong, “Securing biometric authentication system using blockchain,” ICT Express, vol. 7, no. 3, pp. 322–326, 2021

    work page 2021

  25. [25]

    Privacy preserving biometric authentication on the blockchain for smart healthcare,

    N. D. Sarier, “Privacy preserving biometric authentication on the blockchain for smart healthcare,” Pervasive and Mobile Computing , vol. 86, p. 101683, 2022

    work page 2022

  26. [26]

    Biometric and password two-factor cross domain authentication scheme based on blockchain technology,

    Z. ZHOU, L. LI, S. GUO, and Z. LI, “Biometric and password two-factor cross domain authentication scheme based on blockchain technology,”Journal of Computer Applications, vol. 38, no. 6, pp. 1620– 1627, 2018

    work page 2018

  27. [27]

    Smartdid: a novel privacy-preserving identity based on blockchain for iot,

    J. Yin, Y . Xiao, Q. Pei, Y . Ju, L. Liu, M. Xiao, and C. Wu, “Smartdid: a novel privacy-preserving identity based on blockchain for iot,” IEEE Internet of Things Journal , vol. 10, no. 8, pp. 6718–6732, 2022

    work page 2022

  28. [28]

    Candid: Can-do decen- tralized identity with legacy compatibility, sybil-resistance, and account- ability,

    D. Maram, H. Malvai, F. Zhang, N. Jean-Louis, A. Frolov, T. Kell, T. Lobban, C. Moy, A. Juels, and A. Miller, “Candid: Can-do decen- tralized identity with legacy compatibility, sybil-resistance, and account- ability,” in2021 IEEE Symposium on Security and Privacy (SP) . IEEE, 2021, pp. 1348–1366

    work page 2021