From eugen@leitl.org Wed Sep 11 15:37:41 2013
From: Eugen Leitl <eugen@leitl.org>
To: cypherpunks@lists.cpunks.org
Subject: Re: [liberationtech] iPhone5S Fingerprint and 5th amendment
Date: Wed, 11 Sep 2013 21:37:37 +0200
Message-ID: <20130911193737.GU10405@leitl.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5915530299292060296=="

--===============5915530299292060296==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

----- Forwarded message from Joseph Lorenzo Hall <joe(a)cdt.org> -----

Date: Wed, 11 Sep 2013 13:27:42 -0400
From: Joseph Lorenzo Hall <joe(a)cdt.org>
To: liberationtech <liberationtech(a)lists.stanford.edu>
CC: Eugen Leitl <eugen(a)leitl.org>
Subject: Re: [liberationtech] iPhone5S Fingerprint and 5th amendment
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130=
801 Thunderbird/17.0.8



On 9/11/13 12:08 PM, Eugen Leitl wrote:
> On Wed, Sep 11, 2013 at 11:04:44AM -0500, Matt Mackall wrote:
>=20
>> Similarly, any other sort of one-way algorithm that prevents you from
>> reconstructing a valid input from the stored data is not going to work.
>=20
> Typical fingerprint matching uses classification, recognizing and
> encoding multiple features into a vector. You could use a one-way
> hash on that vector. This is likely subject to a precompiled hash
> lookup table attack, as the number of all possible fingerprints,
> quantized via a classification vector is not that large.

There's a good deal of existing research out there on using symmeteric
hashes -- a hash that can accept discrete inputs in arbitrary order and
always calculate to the same value -- for secure biometric template
storage and matching.

Here is a paper I point people to that many of you will find absolutely
fascinating (although it's been some years so do check citations
pointing to this for further work):

Sergey Tulyakov, Faisal Farooq, Praveer Mansukhani, & Venu Govindaraju.
(2007). Symmetric hash functions for secure fingerprint biometric
systems. Pattern Recognition Letters, 28(16), 2427=E2=80=932436. Retrieved fr=
om
http://www.researchgate.net/publication/222570842_Symmetric_hash_functions_fo=
r_secure_fingerprint_biometric_systems/file/79e4150d06419e02ec.pdf


--=20
Joseph Lorenzo Hall
Senior Staff Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe(a)cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: BE7E A889 7742 8773 301B 4FA1 C0E2 6D90 F257 77F8



----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

--===============5915530299292060296==--