pith. sign in

arxiv: 2604.14250 · v1 · submitted 2026-04-15 · 💻 cs.CR · cs.DC

Head Count: Privacy-Preserving Face-Based Crowd Monitoring

Fatemeh Marzani , Thijs van Ede , Geert Heijenk , Maarten van Steen This is my paper

Pith reviewed 2026-05-10 13:20 UTC · model grok-4.3

classification 💻 cs.CR cs.DC
keywords privacy-preserving crowd monitoringface-based countinghomomorphic encryptionBloom filtersfuzzy extractorsbiometric identifiersoblivious computationcrowd size estimation
0
0 comments X

The pith

A system counts unique people across locations from faces while deleting every image and hiding all identities.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper tries to establish a way to count how many distinct individuals are present in crowds, including the same people seen at different places or times, without ever learning or storing who anyone is. This matters because device-based tracking has been blocked by privacy changes that randomize signals, leaving a gap for a biometric approach that still protects identity. The method detects a face, pulls out features, turns them into a repeatable identifier with a fuzzy extractor, immediately deletes the photo, and places the identifier into a Bloom filter protected by homomorphic encryption. Membership tests run directly on the encrypted filter to decide whether a person has been seen before, producing a count without decryption or identity exposure. Early tests indicate the pipeline can deliver these private tallies at useful accuracy.

Core claim

The paper claims that facial features can be turned into identifiers via a fuzzy extractor, the source images deleted, and the identifiers placed into homomorphically encrypted Bloom filters so that oblivious membership tests on the ciphertext alone can determine whether the same person has appeared before, thereby producing accurate counts across locations or time intervals without revealing any identities.

What carries the argument

Homomorphically encrypted Bloom filters that accept fuzzy-extracted face identifiers and support direct set-membership queries on the ciphertext for duplicate detection.

If this is right

  • The same individual can be tallied at multiple camera sites without any cross-site linkage of personal data.
  • Crowd sizes can be tracked over hours or days while the original facial images are never retained.
  • Device-based counting can be replaced in settings where transmitted identifiers have been randomized for privacy.
  • Aggregate statistics become available for public-space planning without creating identifiable records.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same encrypted-filter approach could be tested with other biometrics if consistent fuzzy extractors exist for them.
  • Real deployments would still need separate safeguards against camera-level image leaks before the deletion step.
  • Lowering the computational cost of the homomorphic operations would be required before the method handles very large events.

Load-bearing premise

Different photos of the same person must reliably produce matching identifiers, and the encrypted filter must support fast, low-error membership checks even when many people are present.

What would settle it

Run the pipeline on repeated photos of the same individuals taken under changing light and angles and check whether the system either misses many reappearances or produces false matches at rates that break the count accuracy.

Figures

Figures reproduced from arXiv: 2604.14250 by Fatemeh Marzani, Geert Heijenk, Maarten van Steen, Thijs van Ede.

Figure 1
Figure 1. Figure 1: System model of the privacy-preserving face-based crowd monitoring pipeline. [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Average TP and FN counts across different SimHash [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
read the original abstract

An important aspect of crowd monitoring is knowing how many people we are dealing with. Sometimes, knowing the size of a crowd in a single location and at a specific moment is enough. Matters become problematic when counting the same people across dif ferent locations or counting them over longer periods of time. In those cases, we need to identify and later reidentify a person, which immediately leads to privacy concerns. Until recently, solutions have been based on unique identification of carry-on devices, yet privacy improvements have caused transmitted information to be randomized, rendering this technique mostly useless. We propose to use biometric data instead. We introduce a pipeline that counts people based on face recognition, yet without ever being able to reveal the identity of individuals. To count, a camera initially detects a face, extracts its features, and derives an identifier using a fuzzy extractor. The original facial image is then deleted. Identifiers are inserted into homomorphically encrypted Bloom filters. This allows oblivious set membership testing directly on encrypted data, enabling the system to count across locations or across different moments, without revealing any identities. We provide an initial evaluation of our method that shows promising results.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper proposes a privacy-preserving pipeline for crowd counting that works across locations or time periods. A camera detects a face, extracts features, derives a stable identifier via fuzzy extractor, deletes the raw image, and inserts the identifier into a homomorphically encrypted Bloom filter. Oblivious set-membership testing on the encrypted filter then enables unique-person counting without identity disclosure. The abstract states that an initial evaluation yields promising results.

Significance. If the fuzzy-extractor stability and encrypted Bloom-filter operations can be shown to function at scale with acceptable error rates, the construction would provide a concrete alternative to device-based counting methods that have been rendered ineffective by randomized identifiers. The approach relies on standard cryptographic primitives (fuzzy extractors and homomorphic encryption) rather than new hardness assumptions, which is a methodological strength.

major comments (2)
  1. [Abstract] Abstract: the claim that the 'initial evaluation ... shows promising results' is unsupported by any reported metrics (identifier stability false-negative rate, intra-person Hamming-distance statistics, membership-test accuracy, or runtime benchmarks for the homomorphic operations). Because the central claim is that the pipeline enables accurate cross-location counting without identity leakage, the absence of these numbers leaves the feasibility assertion unverified.
  2. [Abstract] Pipeline description (Abstract): the fuzzy extractor is asserted to map noisy facial embeddings to identical identifiers across captures, yet no parameter choice for the error-correcting code, no measured intra-person variation on any dataset, and no false-negative rate for identifier regeneration are supplied. If the extractor radius is exceeded by real-world pose/lighting variation, membership tests will silently under-count, directly falsifying the longitudinal counting guarantee.
minor comments (1)
  1. [Abstract] Typo: 'dif ferent' should read 'different'.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive review of our manuscript. We address each major comment below and have revised the abstract to incorporate the requested supporting details and metrics from our evaluation section.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the claim that the 'initial evaluation ... shows promising results' is unsupported by any reported metrics (identifier stability false-negative rate, intra-person Hamming-distance statistics, membership-test accuracy, or runtime benchmarks for the homomorphic operations). Because the central claim is that the pipeline enables accurate cross-location counting without identity leakage, the absence of these numbers leaves the feasibility assertion unverified.

    Authors: We agree that the abstract statement would be more credible with explicit metrics. The evaluation section of the manuscript reports results on identifier stability, intra-person variation, membership-test accuracy, and homomorphic operation runtimes. To ensure the abstract is self-contained, we have revised it to summarize these key quantitative findings, allowing readers to directly assess the feasibility of accurate cross-location counting without identity leakage. revision: yes

  2. Referee: [Abstract] Pipeline description (Abstract): the fuzzy extractor is asserted to map noisy facial embeddings to identical identifiers across captures, yet no parameter choice for the error-correcting code, no measured intra-person variation on any dataset, and no false-negative rate for identifier regeneration are supplied. If the extractor radius is exceeded by real-world pose/lighting variation, membership tests will silently under-count, directly falsifying the longitudinal counting guarantee.

    Authors: We acknowledge that the abstract would be strengthened by including these specifics to substantiate the fuzzy extractor's reliability. The manuscript details the error-correcting code parameters, reports measured intra-person variation on the evaluation dataset, and provides the resulting false-negative rate for identifier regeneration. We have revised the abstract to briefly state the chosen parameters and the observed false-negative rate, confirming that the radius accommodates typical real-world variations without causing under-counting. revision: yes

Circularity Check

0 steps flagged

No circularity: system construction uses standard primitives without self-referential reduction

full rationale

The paper describes a pipeline that extracts facial features, applies a fuzzy extractor to produce an identifier, deletes the raw image, and inserts the identifier into a homomorphically encrypted Bloom filter for oblivious membership testing. No equations, derivations, or fitted parameters are presented that reduce the counting capability to a tautological input or self-citation chain. The design is framed as a novel assembly of existing cryptographic building blocks (fuzzy extractors and homomorphic encryption), with stability assumptions stated explicitly rather than derived by construction. No load-bearing self-citations or renamings of known results appear in the provided text. This is a standard non-circular system proposal.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The proposal rests on domain assumptions about biometric stability and cryptographic primitives rather than new free parameters or invented entities; no fitted constants or ad-hoc entities are introduced in the abstract.

axioms (2)
  • domain assumption Facial features can be transformed by a fuzzy extractor into stable, anonymous identifiers that match across different captures of the same individual with acceptable error rates.
    Invoked as the basis for deleting the original image while still enabling later matching.
  • domain assumption Homomorphic encryption on Bloom filters permits correct oblivious set-membership queries at practical scale without revealing contents.
    Required for the counting mechanism to function without identity disclosure.

pith-pipeline@v0.9.0 · 5509 in / 1337 out tokens · 39338 ms · 2026-05-10T13:20:34.353505+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

15 extracted references · 15 canonical work pages

  1. [1]

    Chan, Zhang-Sheng John Liang, and Nuno Vasconcelos

    Antoni B. Chan, Zhang-Sheng John Liang, and Nuno Vasconcelos. Privacy pre- serving crowd monitoring: Counting people without people models or tracking. In2008 IEEE Conference on Computer Vision and Pattern Recognition, pages 1–7,

    work page

  2. [2]

    doi: 10.1109/CVPR.2008.4587569

    work page doi:10.1109/cvpr.2008.4587569 2008

  3. [3]

    Cerberus: Privacy-preserving crowd counting and localisation using face de- tection in edge devices

    Justas Brazauskas, Chris Jensen, Matthew Danish, Ian Lewis, and Richard Mortier. Cerberus: Privacy-preserving crowd counting and localisation using face de- tection in edge devices. InProceedings of the 7th International Workshop on Edge Systems, Analytics and Networking, EdgeSys ’24, page 25–30, New York, NY, USA, 2024. Association for Computing Machiner...

    work page doi:10.1145/3642968.3654817 2024

  4. [4]

    Privacy-preserving crowd-monitoring using bloom filters and homomorphic encryption

    Valeriu-Daniel Stanciu, Maarten van Steen, Ciprian Dobre, and Andreas Peter. Privacy-preserving crowd-monitoring using bloom filters and homomorphic encryption. InProceedings of the 4th International Workshop on Edge Systems, Analytics and Networking, EdgeSys ’21, page 37–42, New York, NY, USA, 2021. Association for Computing Machinery. ISBN 9781450382915...

    work page doi:10.1145/3434770.3459735 2021

  5. [5]

    Privacy-preserving crowd counting via quantum-enhanced federated learning

    Chen Zhang, Jing-an Cheng, Qiang Zhou, Wenzhe Zhai, and Mingliang Gao. Privacy-preserving crowd counting via quantum-enhanced federated learning. Expert Systems, 42(9):e70098, 2025. doi: https://doi.org/10.1111/exsy.70098. URL https://onlinelibrary.wiley.com/doi/abs/10.1111/exsy.70098. e70098 EXSY-May- 25-1921.R1

    work page doi:10.1111/exsy.70098 2025

  6. [6]

    Manish Bhat, Samuel Paul, Umesh Kumar Sahu, and Umesh Kumar Yadav. Revolu- tionizing crowd surveillance through voice-driven face recognition empowering rapid identification: towards development of sustainable smart cities.Engineer- ing Research Express, 6(2):025219, 2024. doi: 10.1088/2631-8695/ad4ae9. URL https://doi.org/10.1088/2631-8695/ad4ae9

    work page doi:10.1088/2631-8695/ad4ae9 2024

  7. [7]

    RAPOO: An Efficient Privacy-Preserving Facial Expression Recognition via Mobile Crowdsensing .IEEE Transactions on Mobile Computing, 24(11):11568– 11581, 2025

    Bo Tian, Bowen Zhao, Yang Xiao, Yang Liu, Qingqi Pei, and Yulong Shen. RAPOO: An Efficient Privacy-Preserving Facial Expression Recognition via Mobile Crowdsensing .IEEE Transactions on Mobile Computing, 24(11):11568– 11581, 2025. ISSN 1558-0660. doi: 10.1109/TMC.2025.3581687. URL https: //doi.ieeecomputersociety.org/10.1109/TMC.2025.3581687

    work page doi:10.1109/tmc.2025.3581687 2025

  8. [8]

    Stop watching me! moving from data protection to privacy preservation in crowd 4 Head Count: Privacy-Preserving Face-Based Crowd Monitoring monitoring

    Fatemeh Marzani, Thijs van Ede, Geert Heijenk, and Maarten van Steen. Stop watching me! moving from data protection to privacy preservation in crowd 4 Head Count: Privacy-Preserving Face-Based Crowd Monitoring monitoring. In Mila Dalla Preda, Sebastian Schrittwieser, Vincent Naessens, and Bjorn De Sutter, editors,A vailability, Reliability and Security, p...

    work page

  9. [9]

    ISBN 978-3-032-00624-0

    Springer Nature Switzerland. ISBN 978-3-032-00624-0

    work page

  10. [10]

    Charikar

    Moses S. Charikar. Similarity estimation techniques from rounding algorithms. In Proceedings of the Thiry-Fourth Annual ACM Symposium on Theory of Computing, STOC ’02, page 380–388, New York, NY, USA, 2002. Association for Computing Machinery. ISBN 1581134959. doi: 10.1145/509907.509965. URL https://doi.org/ 10.1145/509907.509965

    work page doi:10.1145/509907.509965 2002

  11. [11]

    Fuzzy extractors: How to generate strong keys from biometrics and other noisy data

    Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Christian Cachin and Jan L. Camenisch, editors,Advances in Cryptology - EUROCRYPT 2004, pages 523–540, Berlin, Heidelberg, 2004. Springer Berlin Heidelberg. ISBN 978-3-540- 24676-3

    work page 2004

  12. [12]

    Joshua Swamidass and Pierre Baldi

    S. Joshua Swamidass and Pierre Baldi. Mathematical correction for fingerprint similarity measures to improve chemical retrieval.Journal of chemical infor- mation and modeling, 47 3:952–64, 2007. URL https://api.semanticscholar.org/ CorpusID:16257544

    work page 2007

  13. [13]

    Scface – surveillance cameras face database.Multimedia Tools and Applications, 51(3):863–879, 2011

    Mislav Grgic, Kresimir Delac, and Sonja Grgic. Scface – surveillance cameras face database.Multimedia Tools and Applications, 51(3):863–879, 2011. ISSN 1573-7721. doi: 10.1007/s11042-009-0417-2. URL http://dx.doi.org/10.1007/ s11042-009-0417-2

    work page doi:10.1007/s11042-009-0417-2 2011

  14. [14]

    Volo: Vision outlooker for visual recognition.IEEE Transactions on Pattern Analysis and Machine Intelligence, 45(5):6575–6586, 2023

    Li Yuan, Qibin Hou, Zihang Jiang, Jiashi Feng, and Shuicheng Yan. Volo: Vision outlooker for visual recognition.IEEE Transactions on Pattern Analysis and Machine Intelligence, 45(5):6575–6586, 2023. doi: 10.1109/TPAMI.2022.3206108

    work page doi:10.1109/tpami.2022.3206108 2023

  15. [15]

    Nguyen, T.-A

    Qiong Cao, Li Shen, Weidi Xie, Omkar M. Parkhi, and Andrew Zisserman. VG- GFace2: A Dataset for Recognising Faces across Pose and Age . In2018 13th IEEE International Conference on Automatic Face & Gesture Recognition (FG 2018), pages 67–74, Los Alamitos, CA, USA, 2018. IEEE Computer Society. doi: 10.1109/ FG.2018.00020. URL https://doi.ieeecomputersociet...

    work page doi:10.1109/fg.2018.00020 2018