Select Page

Homomorphic encryption in biometrics

by | Technology

cifrado homomórfico en biometría

When a system recognises you by your face or voice, you are not simply showing it something. You are handing over personal data. Data that you cannot change or revoke, and which, by its very nature, should never be available in readable format, even for an instant.

Nevertheless, many current biometric systems continue to decrypt this information in order to process it. In that brief moment when the data is exposed, even for milliseconds, its confidentiality is put at risk. And that is where privacy becomes vulnerable.

If we want biometrics to be truly secure, it is not enough to encrypt data at rest or during transmission. A more robust approach is needed, one that preserves its integrity even while it is being used. And for that, homomorphic encryption is not just reserved for academic papers; it is one of the most coherent paths.

Yes, it is a complex technology. But it is also precise, elegant, and reliable.

What is homomorphic encryption?

Homomorphic encryption is an advanced cryptographic technique that enables mathematical operations to be performed directly on encrypted data, without requiring decryption at any point. In other words, protected values can be compared, and the final result, once decrypted, is equivalent to that which would be obtained by working on the original data.

This makes it a unique tool for protecting sensitive information throughout its entire lifecycle: at rest, in transit, and, most importantly, during use.

There are different types of homomorphic encryption, depending on their level of complexity and computing power:

  • PHE (Partially Homomorphic Encryption): allows only one operation (e.g. addition or multiplication).
  • SHE (Somewhat Homomorphic Encryption): allows a limited number of combined operations.
  • FHE (Fully Homomorphic Encryption): allows arbitrary operations to be performed on encrypted data, with no theoretical limit.

Fully homomorphic encryption (FHE) is particularly relevant in biometrics, as it enables identities to be validated or compared without revealing the original biometric templates. Although its implementation is resource-intensive, it is becoming increasingly viable thanks to advances in algorithms and compression.

What if you could operate on data without seeing it?

Today, most biometric systems encrypt data at rest or during transmission, as previously mentioned. Nevertheless, they do not encrypt data during the most sensitive moment: processing or use. That is where the spell is broken. To perform a verification, many engines compare templates in memory that have been previously decrypted. That gap, however small, is a security crack.

Homomorphic encryption offers something different. There is no need to break the encryption to process the data. You do not have to open the box to see what is inside. You can perform matching, apply calculations, and validate an identity without ever exposing the original data.

This is not just a technical advance. It is a change in mindset. It means that we can decentralise processes, perform verifications in the cloud, and comply with data protection regulations in a much more natural way.

Why homomorphic encryption is important in biometrics

Discussing homomorphic encryption in biometrics is not about a single possible solution or an absolute truth. Nevertheless, it is discussing a technical and ethical direction that aligns with the challenges we face today in terms of identity protection.

Homomorphic encryption does not promise perfection, but it does go one step further: it allows data to be operated on without exposing it. It keeps the information encrypted from start to finish. And that changes the rules of the game.

Will it be the standard of the future? It is difficult to answer with a resounding yes. Technology continues to evolve, and other alternatives may emerge. However, what is clear is that moving towards systems where even the server cannot see the original data is not only technically possible, but also powerful.

Frictionless security? The challenge of making it viable

The idea behind homomorphic encryption is to protect data at all times. But like anything that sounds too good to be true, there is a downside: performance.

Processing encrypted data takes longer, requires more resources and, in many cases, involves adapting systems that were not designed for this purpose. It’s not magic. It’s heavy mathematics. Today, this translates into a significant computational load.

But to say that it is not viable would be an oversimplification.

Because alongside this complexity, some very interesting things are happening:

  • Some libraries are bringing this technology closer to the real world.
  • Some schemes allow you to work directly with real numbers, which is essential for biometric vectors.
  • And the possibilities for acceleration are growing.

It is not about every system adopting homomorphic encryption tomorrow, but about starting to think about which contexts it makes sense in, which parts of the flow could benefit, and how we can integrate advanced security without sacrificing the user experience.

Where it makes sense to apply homomorphic encryption in biometrics

Like all technology, homomorphic encryption is not a universal solution. It is not necessary, nor does it make sense, to apply it in all cases, but there are contexts in which it fits very well. Some of these environments may involve shared or unreliable infrastructure, verification processes that involve multiple actors, and systems that work with particularly sensitive data or that, by their nature, should not leave a trace.

Some examples:

  • Remote identity verification, where data travels outside the perimeter of control.
  • Biometric processing in the cloud, where confidentiality depends on external providers.
  • Collaboration between entities (cross-matching) that do not want to and should not share templates.

Biometrics and privacy with principles

Some technologies solve problems, and there are technologies that, in addition to solving them, ask better questions.

Homomorphic encryption is one of them. This type of encryption is not limited to protecting data, but proposes a new approach: building systems that do not require visibility to function. They do not ask you to trust them, because they are designed not to betray that trust.

In biometrics, where what is protected is part of you, it matters, and it matters a lot.

It may not be the only option, as we have already mentioned, nor the simplest. Still, it does represent a way to move forward with purpose in an environment where privacy cannot be negotiable.

Contact us if you are interested in applying homomorphic encryption or strengthening biometric data protection in your systems.

PRODUCT BROCHURE

Discover our identity verification solution

Verify your customers’ identities in seconds through ID document scanning and validation, and facial biometric matching with liveness detection.

Download
mobbeel
Cookies policy summary

We use first-party and third-party cookies to make our website work, analyse how users use the website in order to improve our services and create a profile of your browsing and content viewed in order to show you personalised advertising. Find out more by reading our Cookies policy.

Reject cookies

What is a cookie?

Cookies are files sent from a web server that obtain information from users’ devices, for example, about their preferences and browsing patterns.

Cookies are essential for the functioning of the Internet, as they offer technical solutions that allow the user to browse the different websites; they cannot damage the user’s equipment/device and can be used to identify and resolve possible errors in the functioning of the Website. They may also be used for advertising or analytical purposes.

Use of cookies by Mobbeel

Specifically, MOBBEEL uses its own cookies generated directly by this domain and third-party cookies generated from other websites outside MOBBEEL, belonging to third party companies, for the specific purposes described below. If in the future MOBBEEL uses other cookies for the purpose of providing more and better services, the user will be informed of this.