BioCanCrypto: An LDPC Coded Bio-Cryptosystem on Fingerprint Cancellable
Template
2021 IEEE International Joint Conference on Biometrics (IJCB) | 978-1-6654-3780-6/21/$31.00 ©2021 IEEE | DOI: 10.1109/IJCB52358.2021.9484391
Xingbo Dong and Zhe Jin
School of Information Technology
Monash University, Malaysia
[email protected]
{xingbo.dong, jin.zhe}@monash.edu
Zhenhua Guo
Shenzhen International Graduate School
Tsinghua University, Shenzhen
[email protected]
Abstract
Biometrics as a means of personal authentication has
demonstrated strong viability in the past decade. How-
ever, directly deriving a unique cryptographic key from bio-
metric data is a non-trivial task due to the fact that bio-
metric data is usually noisy and presents large intra-class
variations. Moreover, biometric data is permanently as-
sociated with the user, which leads to security and pri-
vacy issues. Cancellable biometrics and bio-cryptosystem
are two main branches to address those issues, yet both
approaches fall short in terms of accuracy performance,
security, and privacy. In this paper, we propose a Bio-
Crypto system on fingerprint Cancellable template (Bio-
CanCrypto), which bridges cancellable biometrics and bio-
cryptosystem to achieve a middle-ground for alleviating the
limitations of both. Specifically, a cancellable transforma-
tion is applied on a fixed-length fingerprint feature vector
to generate cancellable templates. Next, an LDPC cod-
ing mechanism is introduced into a reusable fuzzy extrac-
tor scheme and used to extract the stable cryptographic key
from the generated cancellable templates. The proposed
system can achieve both cancellability and reusability in
one scheme. Experiments are conducted on a public fin-
gerprint dataset, i.e., FVC2002. The results demonstrate
that the proposed LDPC coded reusable fuzzy extractor is
effective and promising.
1. Introduction
Personal authentication is mandatory by a wide variety
of applications such as bank counter and smartphone un-
locking. To validate the request, a user identifier (e.g., user-
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
Leshan Zhao
Chinese University of HongKong, Shenzhen
name, ID, and badge) and the associated proof method (e.g.,
MD5 based password) should be present to the system.
However, a physical card is easy to be lost, stolen, or forged.
The password is easy to be lapsed in memory [1], and may
suffer from illegal access risks in case of highly possible il-
legal key sharing. Hence, those conventional methods are
far from meeting the needs of reliability and safety.
One alternative way to alleviate the issues above is to
apply biometrics, i.e., identification based on who you are.
The human biological traits used for recognition systems
are generally unique, robust, collectible, natural, and re-
liable. The system can be accessed in a non-repudiation
manner by utilizing biometric data without presenting the
ID and password. Unfortunately, directly applying biomet-
rics as a key is a challenging task due to: 1) the noisy and
fuzzy characteristics of biometrics. For example, the iris
code, which is proposed to represent human iris features
[2], was found that most iris codes generated from human
iris contain 10%-30% error [3]. The fingerprint is proved
to be user-unique according to Pankanti et al. [4], but also
suffers from intra-class variations due to the sensor noise
and unstable acquisition process (e.g., placement of the fin-
ger on the sensor) [5]; 2) biometric data is strongly linked
with the user, the compromise of biometric data will lead to
security and privacy concerns.
Hence, biometric template protection (BTP) schemes are
proposed to tackle the above issues [6–9]. Among exist-
ing BTP schemes, biometric cryptosystem (BC) [10, 11] is
a prominent BTP technique devised for key management,
which can be divided into two categories, namely key bind-
ing and key generation. For the former, the biometric data
is bound to a key (secret) to generate the Helper Data (HD)
during enrollment. The secret generated during enrollment
 can be deemed as an identifier of the user. The HD should
neither leak information about biometric nor secrets, and
it is stored as public information. When a genuine query
biometric is present, the secret would be retrieved but in-
feasible for an adversary. For the key generation scheme,
the HD is generated directly from biometric data. A ran-
dom key or identifier would be generated on the fly based
on the query biometric and the HD at the query time. Those
BC schemes combine biometrics with a cryptographic key.
Hence, it could be the best option to replace conventional
passwords and gain advantages of both biometrics and cryp-
tosystems.
Fuzzy Extractor [12] is a typical case of key generation
category. However, the original fuzzy extractor can only
generate one key from one biometric input, limiting the de-
ployment of the fuzzy extractor. For example, users may
want to create multiple keys from their same fingerprint and
use those unique keys in different applications. To solve this
issue, Boyen et al. proposed a reusable fuzzy extractor con-
cept in 2004 [13]. A fuzzy extractor is reusable if it remains
secure even when a user enrolls the same or correlated bio-
metric data multiple times. Later in 2016, Canetti et al.
proposed a reusable fuzzy extractor (rFE) based on “digi-
tal locker” and it made no assumptions about how multiple
biometric data are correlated [14]. Readers are directed to
[13, 14] for the details of the reusable fuzzy extractor.
However, the reusable fuzzy extractor still has some lim-
itations. Firstly, like most existing fuzzy extractors, binary
or integer format biometric features are required. In case
of non-binary format features, such fuzzy extractor will be
not suitable anymore. On the other hand, the cancellable
property is usually missing in the reusable fuzzy extractor
scheme. What is worth highlighting is the difference be-
tween reusability and cancellability. The former focuses on
generating a unique security key from the same biometric
input, while the latter focuses on generating a revocable, un-
linkable, and non-invertible template based on cancellable
transformation.
We proposed a biometric cryptosystem to generate a
cryptographic key from a cancellable fingerprint template
to address the above issues. The system consists of
two stages, namely the fixed-length fingerprint cancellable
template generation stage and the key extraction stage.
Specifically, to generate fixed-length fingerprint features,
Minutiae-Cylinder-Code (MCC) fingerprint descriptor [15]
is firstly generated from fingerprint minutia points, then
transformed into a fixed-length vector according to the
method proposed by Jin et al. [16]; Subsequently, the fixed-
length fingerprint feature is hashed into integer vectors by
a cancellable ranking based hashing function [17]. To gen-
erate the cryptography key, a reusable fuzzy extractor with
Low-density Parity-check (LDPC) encoding, denoted as a
coded reusable fuzzy extractor (crFE), is proposed. To fur-
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
ther strengthen the performance of crFE, a key redundancy
mechanism and a most consistent hash code extraction are
introduced into the crFE.
The main contribution of this work can be summarized
as:
• A fingerprint bio-cryptosystem on the cancellable tem-
plate is proposed in this paper to generate a stable cryp-
tographic key. Since the proposed bio-cryptosystem is
working on the cancellable template generated by can-
cellable hashing, the system can achieve both cancella-
bility and reusability.
• A variant of reusable fuzzy extractor, namely coded
reusable fuzzy extractor (crFE), is devised. Specifi-
cally, with the novel usage of LDPC, the most consis-
tent hash codes extraction and a key redundancy mech-
anism, the performance of crFE outperforms the state-
of-the-arts bio-cryptosystems.
• The performance of the proposed scheme is evaluated
on the public fingerprint dataset FVC2002. The results
suggest that the proposed framework is effective and
applicable.
2. Related Work
2.1. Fuzzy extractor
Generally, a biometric cryptosystem encrypts the orig-
inal templates to helper data, and error-correcting coding
methods are used to handle the intra-class variance. The
input of most biometric cryptosystems requires input in fi-
nite fields. A biometric cryptosystem either binds a key
to a biometric or generates a key from the biometric and
stores the helper data in the database instead of the bio-
metric data. Retrieving the key or the original biometric
data should be computationally hard based on the helper
data, which means there is no or limited information leak-
age about the key and biometrics from the helper data. In a
biometric cryptosystem, the key is released or reconstructed
only if the genuine’s biometric data is presented for veri-
fication. Several popular biometric cryptosystem schemes
are proposed in the literature, such as fuzzy vault[18] and
fuzzy commitment[19] under the key binding group, secure
sketch and fuzzy extractor [12] under the key generation
group.
Fuzzy Extractor is a typical scheme for key generation.
Dodis et al. proposed the concept of fuzzy extractor first in
[12]. Fuzzy extractor consists of a pair of randomized pro-
cedures, “generate” (Gen) and “reproduce” (Rep). Specifi-
cally,
• Gen(w) −→ (P, R): Take a biometric input w ∈ W
(where W can be regarded as the distribution on cer-
tain biometric modality). Then, extract a random string
 r ∈ {0, 1}` and a public helper string P . Based on
[20], P is termed as Aux Data (AD), and Key is termed
as pseudonymous identifier (PI).
• Rep(w0 ∈ W, P ) −→ R0 : Take a biometric query
w0 ∈ W 0 (where W 0 can be regarded as another cap-
ture of previous biometric modality). If the distance
between w and w0 is within a tolerance distance t, then
Rep(w0 , P ) = r with probability 1 − γ, where γ > 0
is the error.
The correctness of fuzzy extractor requires that r can be
reproduced when w ∈ W and w0 ∈ W are close enough in
distance. The fuzzy extractor’s security requires that R is
random when W has enough entropy.
However, original fuzzy extractor can only generate one
key from one biometric input, which limits the deploy-
ment of the fuzzy extractor. For example, users may want
to generate multiple keys from his same fingerprint, and
use those distinct keys in different applications. To solve
this issue, Boyen et al. proposed a reusable fuzzy extrac-
tor in 2004 [13]. A fuzzy extractor is reusable if it re-
mains secure even when a user enrolls the same or cor-
related values multiple times. Specifically, assuming that
w, w1 , . . . , wρ are fingerprint features from the same fin-
ger, (P, R) = {Pi , Ri }i∈{1,2,...,ρ} can be generated from
Gen (wi ) → (Pi , Ri ), and given the public helper data and
key, i.e., {Pi , Ri }i∈[ρ] , [ρ] := {1, 2, . . . , ρ} and P , R still
meet the security requirement.
In 2016, Canetti et al. constructed a reusable fuzzy ex-
tractor (rFE) in [14] based on “digital locker” [21], and it
made no assumptions about how multiple biometric data
are correlated. Besides, it achieved computational security
under the existence of digital lockers. Specifically, at enroll
stage in Canetti’s reusable fuzzy extractor scheme, three pa-
rameters, i.e., the key k, the nonce c and random mask w,
are generated randomly. The biometric input x is firstly fil-
tered by the mask w based on AND operation denoted as
v = x AN D w. Then vector v is hashed by SHA256 with
salting parameter t, hence
the L L a cipher can be generated
by the SHA256(v, t), is the exclusive or (XOR). Fi-
nally, the k is output as a cryptography key, while the tuple
(cipher, w, c) is stored in the system as the help data. At
query stage, the same mask is applied on the biometric in-
put x0 , i.e., v 0 = x0 AN D w. SHA256 is used to hash the v 0
with the same parameter t, and then XORed with the stored
cipher, to reproduce the final key k. It is worth highlighting
that the original rFE from [14] locks up the generated ran-
dom k using parts of w in an error-tolerant way, instead of
applying a secure sketch on w. However, a reusable fuzzy
extractor normally requires the binary input, which limits
the utilization of such schemes. On the other hand, a per-
formance drop is usually expected when applying the fuzzy
extractor in case of poor discriminative features.
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
2.2. Bio-cryptosystem Based on Cancellable Tem-
plates
Few works have been done on the fingerprint to combine
bio-cryptosystem with cancellable templates. In this sub-
section, the latest related works, which are not limited to
fingerprints, are reviewed.
In [22], a finger-vein cancellable bio-cryptosystem was
proposed for healthcare application authentication and data
encryption. Specifically, the healthcare data is encrypted by
a secret key; then, a cancelable biometrics scheme is applied
on the finger-vein features to generate the cancellable tem-
plate. Subsequently, a fuzzy commitment scheme is used
to bind with the secret key, and the final generated help
data is stored on the smart card. To decrypt the data, query
finger-vein features are transformed by the same cancelable
biometrics scheme, then the secret is released based on the
cancelable template and stored help data.
In [23], a cancelable fuzzy vault system was proposed on
Delaunay triangle group-based fingerprint features. Specif-
ically, a cancellable polar transformation is applied to each
Delaunay triangle group. The non-invertible polar transfor-
mation unit is a triangle instead of a single minutia. Hence it
can avoid non-linear distortion. In [24], another cancellable
fuzzy vault was proposed. A non-invertible template is gen-
erated by applying a periodic transformation on the biomet-
ric template. The generated template is then used as the
fuzzy vault input, strengthening the fuzzy vault with the
cancellability property. In [25], to adopt fuzzy commitment
on fingerprint, a binary length-fixed feature generation was
proposed. Minutiae triplets are used in the scheme. Hence
the alignment of fingerprint minutiae is avoided. Besides,
various error correction codes were explored in this scheme.
In [26], a biometric cryptosystem based on cancelable
templates generated by discrete Fourier transform (DFT)
and random projection was proposed. In the proposed sys-
tem, polar grid-based fingerprint features are transformed
using the DFT and random projection, creating a non-
invertible template. A bit-toggling strategy is also uti-
lized to further inject noise into the generated template to
strengthen template security.
In [27], a bio-cryptosystem on cancelable fingerprint
templates was proposed. Firstly, cancellable templates are
generated from fingerprints, then a combined template is
created, and finally, the cryptographic key is generated from
the combined template based on a thresholding mechanism.
In [28], a cancelable multi-biometric authentication based
on a bit-wise encryption transform and fuzzy extractor was
proposed on iris and face. In this scheme, the first biometric
template is used to generate a random string as a secret key
s by a fuzzy extractor. Subsequently, the second biometric
template is transformed into a protected template by a can-
cellable bit-wise encryption transform which uses the s as
the encryption key. The transformed template is stored in
 User Device
MCC Fixed-length LDPC Fuzzy
Representation Features Extractor
Enroll Template Stored in System
Help Data
Query
MCC
Representation
Fixed-length
Features
LDPC Fuzzy
Extractor
Figure 1. Block diagram of the proposed framework.
the database for matching.
Generally, those methods utilized cancellable transfor-
mation to generate a binary template, and then a bio-
cryptosystem is established on those templates. It is noted
that only a few related works have been done on finger-
prints. Besides, the performance drop is usually observed;
for instance, the FRR can be 6.43% with FAR=2% in [26],
there is still a lot of room to improve.
3. Proposed method
It is inevitable to experience a performance drop when
applying a BTP algorithm in a biometric system. The situ-
ation becomes worse when both cancellable transform and
bio-cryptosystem are integrated into one system. We pro-
pose an LDPC coded bio-cryptosystem on cancellable fin-
gerprint template, which bridges cancellable biometrics and
bio-cryptosystem together to achieve a middle-ground with
benefits from both sides. The LDPC coding scheme is also
utilized to preserve the performance of the fuzzy extractor.
An overview of the system is shown in Figure 1. The pro-
posed scheme is composed of a fixed-length fingerprint bi-
nary template generation stage and key extractor stage. We
first briefly describe fixed-length fingerprint template gen-
eration and then the LDPC coded reusable fuzzy extractor.
3.1. Fixed-length fingerprint vector generation
The method from [17] is adopted to generate the fixed-
length fingerprint cancellable templates. This is because
the method in [17] is one of the latest state-of-the-art can-
cellable transformations, which can lead to compact integer
hash codes with high accuracy performance. It consists of
the minutiae descriptor MCC extraction stage [15], fixed-
length feature generation stage based on kernel transforma-
tion [16], and the cancellable transformation stage based on
index-of-max hashing[17]. Specifically:
1. MCC extraction stage. Minutia Cylinder Code de-
scriptors Ω are generated from extracted minutiae
points.
2. Fixed-length feature generation. Given a set of MCC
training samples Ωt = {Ω(i) | i = 1, . . . , Nt } where
Nt is the total number of Ωt , a kernel matrix K ∈
RNt ×Nt is computed with a kernel function f (·). Then
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
the projection matrix P ∈ RNt ×d is generated as the
Key Sign(Key) eigen-vectors of K, where d is the output dimensions.
Given one MCC descriptor query instance Ωq , match-
Matching ing scores vi = sim (Ωq , Ωt (i)) is computed for all
training samples Ωt (i) where 1 ≤ i ≤ Nt . Then
rKey Sign(rKey) v is transformed with the same kernel function into
v = f (v). The fixed-length fingerprint vector x can
be generated by x = vP ∈ Rd , where v ∈ RNt . In
this paper, we fixed the fingerprint vector x with length
299, i. e., d = 299, as the default parameter settings
from [16].
3. Cancellable hashing. To protect the generated fixed-
length fingerprint vector x, and generate binary tem-
plate, a cancellable transformation function, i.e.,
index-of-max hashing, proposed in [17] is adopted.
Specifically, the index-of-max hashing of one hash
code is defined as: h(x; W ) = arg max wiT x ∈ R,
1≤i≤q
where wi ∈ Rd ∼ N (0, Id ) , i = 1, 2...q, and W =
[w1 , w2 , . . . , wq ]T ∈ Rd×q . Thus, the cancellable tem-
plate is generated as h = {hi |i = i, . . . , m}, where
hi ∈ {1, 2, · · · , q} by repeating above steps m times.
The template is in integer format, which fits the subse-
quent fuzzy extractor input requirement.
To be noted that the cancellable transformation and fuzzy
extractor mandates a fixed-length feature vector that re-
quires high discriminative power to preserve the perfor-
mance. Hence m = 512, q = 16 is applied as the default
parameters in the cancellable hashing.
3.2. LDPC coded reusable fuzzy extractor
After the fixed-length cancellable templates are ob-
tained, the next task is to construct a biometric cryptosystem
to generate a stable cryptography key. A Low-Density Par-
ity Check (LDPC) coded reusable fuzzy extractor, crFE, is
proposed based on existing reusable fuzzy extractor (rFE)
from [14], which is designed based on “digital locker” and
it makes no assumptions about how multiple biometric data
are correlated.
We noticed that the fuzzy extractor would lead to a sig-
nificant performance drop. Generally, error correction code
(ECC) is applied in fuzzy commitment scheme to handle
the intra-class variations; hence, introducing error correc-
tion code (ECC) shall improve the performance. Among
different ECCs, LDPC is adopted as it brings several ad-
vantages as suggested from [29]: 1) index-of-max hashing
reduces the amount of stored data, which can benefit the
utilization of LDPC; 2) LDPC codes have greater error cor-
rection capabilities than classical algebraic codes, and the
relative error-correcting capability is almost constant as the
code length increases for a fixed rate; 3) LDPC codes allow
to reduce the size of the code representation, by exploiting
the sparse nature of parity check matrix H in LDPC.
 Algorithm 1 Key Generation utilized in our scheme.
Input: Firstly, the most consistent hash codes are extracted
Biometric template x, from the generated cancellable template to minimize the
LDPC encoder Φ. hash codes intra-class variation. Specifically, J templates
Output: per user are generated, denotes as {hji |j = 1, · · · , J, i =
key k, help data HD = {cipher, w, t} 1, · · · , m}, the consistent hash codes index is identified
1: k = rand(), t = rand(), w = rand() if the hash code value of the corresponding index have
2: ek = Φ(k) aPsubstantial probability to be the same, i.e., H(i) =
3: v = x AND w −p(hji ) log(p(hji )) for a given i, top-k index will be col-
4: digest = sha256(v, t) lected as the mask to extract the most consistent hash codes
ĥ ∈ {1, 2, · · · , q}k for each user, where k ≤ m.
L
5: cipher = digest ek
Next, the generated hash codes ĥ is divided into c-blocks
k
where c = K , K is the input length of the crFE. To fur-
Algorithm 2 Key Reproduce
ther improve the performance, r different non-overlapping
Input: blocks will be utilized to extract the identical key, hence
Biometric query x0, obtain the key redundancy. We denote r as the redundancy
HD = {cipher, w, t}, factor. Finally, rc keys are extracted in total and concate-
LDPC decoder Ψ. nated together to form the final key.
Output:
Reproduced k0 3.4. Summary of the proposed framework
1: v0 = x0 AND w
To wrap up this section, we highlight the main character-
2: digest0 = sha256(v0, t)
L istics of the proposed scheme as below:
3: plains = digest0 cipher
4: k0 = Ψ(plains) 1. In our proposed scheme, the extracted key can be can-
celed by using the newly generated random projection
matrix W in the index-of-max hashing, in case of the
An LDPC code is specified by a parity-check matrix H compromising of the key. The proposed scheme also
containing mostly 0s and a low density of 1s. The rows of inherits the unlinkability, invertibility from the index-
the H represent the equations while columns represent the of-max hashing. The reader can refer to [17] for the
bits in the codeword, i.e., code symbols. LDPC is accompa- detailed description of the cancellable characteristics.
nied with three parameters (n, dc, dr), where n is the code-
word length, dc is the the number of 1’s in each column, and 2. In our proposed scheme, different and uncorrelated
dr is the number of 1’s in each row, where dr > dc > 3. keys can be generated by utilizing the reusable prop-
In our crFE scheme, LDPC coding is introduced to the erty of rFE. Meanwhile, this can also be done by gener-
original reusable fuzzy extractor to achieve better perfor- ating a new random projection matrix W . This brings
mance. The main difference between LDPC coded fuzzy more flexibility to the system.
extractor and the original reusable fuzzy extractor is the 3. Since our proposed bio-cryptosystem is established on
LDPC encoding/decoding of the key k. At enroll stage, the cancellable template; it provides extra layer protec-
the randomly generated key is encoded by LDPC, and tion to the biometric template, i.e., the original biomet-
then AND with the same random mask w, followed by ric data is protected by cancellable transformation and
the sha256 hashing to generate the digital locker. Subse- bio-cryptosystem. As suggested by [30–32], ranking-
quently, an XOR operation is performed with the encoded based hashing irreversibility is overestimated, which
key to generate the final cipher, and the help data consists may incur risks. While in our scheme, the cancellable
of cipher, random mask w and salt t is stored in the sys- template is not stored in the system but used to gen-
tem, denoted as HD = {cipher, w, t}. The LDPC coded erate the key, which can avoid such a threat. Besides,
reusable fuzzy extractor is shown in Algorithm 1 and Algo- the compromising of key and help data will not lead to
rithm 2. direct disclosure of raw biometric data.
3.3. Key Generation from cancellable template by
4. Experiments and Results
crFE
4.1. Datasets and protocol
To make full use of the rich information from the gen-
erated cancellable template h ∈ {1, 2, · · · , q}m , and the In this experiment, public fingerprint datasets, i.e.,
error correction capability of LDPC, several strategies are FVC2002 (DB1, DB2, and DB3) [33] are used. Because

Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
 most well-known bio-cryptosystems adopted this dataset, Table 1. Verification performance on FVC2002 (%).
EER FRR/zeroFAR
hence a consistent performance comparison can be made Methods
DB1 DB2 DB3 DB1 DB2 DB3
in Section 4.5. For FVC2002, each sub-dataset consists of Fixed-length feat. 0.12 0.59 2.71 0.8 1.0 9.5
100 users and 8 samples per user. The minutiae template Cancellable Hashing 0.94 1.45 5.41 1.6 7.3 19.3
is extracted according to the ISO-compliant format by Ver-
iFinger SDK1 . Official MCC SDK2 is used to generate the Table 2. Key retrieval performance of rFE on FVC2002 datasets
MCC descriptor. with different r (k = 512, c = 32,(%)).
key DB1 DB2 DB3
To generate fixed-length fingerprint features, as de- r # keys
length (bits) FRR FAR FRR FAR FRR FAR
scribed in [16], 1st to 3rd samples of each identity are used 1 32 4096 98 0 93 0 99 0
as training samples to generate the projection matrix P, the 2 16 2048 50 0 50 0 75 0
rest of the samples (i.e., 4th –8th , 100*5 samples in total) 4 8 1024 12 0 16 0 33 0
8 4 512 0 0 5 0 12 0
of each identity are used to generate the fixed-length finger-
print vectors, as well as the subsequent hash codes. Within
this subset of data, the fixed-length fingerprint vector’s ac-
(128 bits) to achieve the best processing efficiency. Corre-
curacy performance and the following hash codes are mea-
sponding to the crFE 128bits input, the LDPC parameters
sured by Equal Error Rate (EER) based on the FVC2002
(n, dc, dr) is fixed as n = 128, dc = 3, dr = 16, under this
testing protocol [17, 33].
setting, the corresponding key length is 106 bits instead of
To extract consistent hash codes from the cancellable
128 bits in rFE. As for the index-of-max hashing, the de-
templates, 4th –6th samples (J = 3) are utilized to extract
fault parameter, i.e., m = 512, q = 16, suggested by [17] is
the consistent hash code location masks for each user as
adopted.
aforementioned. To simulate the key generation and key
In the evaluation experiment, k = {64, 128, 256, 512} is
reproduction processes in the crFE, the 7th sample is used
adopted as the consistent hash codes length (top-k), hence
as the enroll sample, and a key is generated for each user
number of blocks is determined correspondingly as c =
according to algorithm 1. The 8th sample is used as a k
query sample to reproduce the key by algorithm 2. The 16 = {4, 8, 16, 32}. Subsequently, r = {1, 2, 4} is adopted
as the the redundancy factor settings.
performance of the proposed overall biometric cryptosys-
To explore the effect of different r value on the key re-
tem is evaluated by False Reject Rate (FRR) with respect to
trieval performance, we fix other parameters as k = 512 and
False Accept Rate (FAR). FAR and FRR are determined by
c = 512
16 = 32, and the specific FRR and FAR of rFE under
checksum comparison between k and k0. For a key retrieval
r = {1, 2, 4} is shown in Table 2. As a result, suggests,
system, zero FAR and lower FRR are expected.
larger r will certainly achieve better performance. In detail,
4.2. Fingerprint fixed-length features verification the FRR drops from 98% to 0% when r increases from 1
performance to 8. This is due to the redundancy of the key generated
from the hash blocks, which can better avoid information
In this subsection, we first evaluate the accuracy of distortion.
the fixed-length representation and then the cancellable Besides the redundancy factor r, the consistent hash code
hash codes. The specific accuracy in terms of EER and length k is also explored on rFE and crFE. The key retrieval
FRR/zeroFAR is shown in Table 1. Based on the results, performance with different k is shown in Table 3.
the EER of the fixed-length features can achieve 0.12% on
When r = 4, as observed from the Table 3, k = 128, c =
FVC2002 DB1. However, after the cancellable transforma-
8 can achieve a overall good performance on both rFE and
tion, the performance drops to 0.94%. This is unavoidable
crFE. A larger k will certainly lead to a smaller FAR, but
due to the random hashing projection. The FRR under zero
will increase FRR as longer hash codes will contain more
FAR also shows similar performance degradation. The in-
noise information. When r = 8, Table 3 suggests that k =
consistency of FARs over different datasets is not supervis-
512, c = 32 achieves the best accuracy. It is also consistent
ing. This is due to multiple factors impacted such as the
with the result from r = 4 that larger k leads to smaller
natural characteristics of dataset e.g. distributions, the al-
FAR but higher FRR.
gorithm of cancellable biometrics, and fixed-length feature
Regarding the performance obtained by crFE, the result
vectors and so on so forth.
from Table 3 suggests that crFE can achieve better accuracy
4.3. Key retrieval performance of crFE compared with rFE. In detail, crFE can achieve FRR=2%
with zero FAR on DB1, FRR=4% with 1% FAR on DB2,
In this subsection, the accuracy of crFE is evaluated. As and FRR=15% with 0% FAR on DB3. The counterpart rFE
for the crFE, the input length is fixed as K = 16 bytes achieves FRR=2% with 0% FAR, FRR=7% with 1% FAR
1 https://www.neurotechnology.com/ on DB2, and FRR=14% with zero% FAR on DB3 respec-
2 http://biolab.csr.unibo.it/research.asp?selObj=82 tively. However, the performance gain is not observed from

Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
 Table 3. Key retrieval performance of rFE/crFE on FVC2002 datasets with different k and r (%).
rFE crFE
k c # keys r key length DB1 DB2 DB3 key length DB1 DB2 DB3
(bits) FRR FAR FRR FAR FRR FAR (bits) FRR FAR FRR FAR FRR FAR
64 4 1 128 0 8 4 9 8 10 106 1 10 4 11 8 8
128 8 2 256 2 0 7 1 14 0 212 2 0 4 1 15 0
4
256 16 4 512 2 0 8 0 22 0 424 5 0 10 0 23 0
512 32 8 1024 12 0 16 0 33 0 848 11 0 17 0 33 0
128 8 1 128 0 12 2 11 5 14 106 0 15 1 12 8 19
256 16 2 8 256 0 2 3 2 4 2 212 0 4 2 3 6 2
512 32 4 512 0 0 5 0 12 0 424 2 0 5 0 14 0

Table 4. Time cost per query in seconds under different settings Table 5. Comparison with other biometric cryptosystems.
(r = 8). Database type Key length Accuracy Performance
Only Bio-cryptosystem
k c # keys Time Cost per Query Li et al. [34] FVC02 DB2 8 coefficients FRR@zeroFAR= 7
128 8 1 1.0520s Li et al. [25] FVC02 DB2 50 bits FRR@zeroFAR=4.85
256 16 2 2.0004s FVC02 DB1 DB1:FRR@zeroFAR=8.6
Liu et al. [35] 3 coefficients
FVC02 DB2 DB2:FRR@zeroFAR=16
512 32 4 4.0396s Bio-cryptosystem and cancellable biometrics Combined
FVC02 DB1 DB1:FRR@zeroFAR=34
Yang et al. [23] 7 coefficients
FVC02 DB2 DB2:FRR=23,FAR=0.02
Best accuracy ( 16bits):
the result in Table 3, the possible reason is that the larger FVC02 DB1
Alam et al. [26] 16 - 128 bits DB1:FRR=6.43,FAR=2.06
FVC02 DB2
redundancy will cause some noise to lead to poor perfor- DB2:FRR=7.71,FAR=3.15
Proposed BioCanCrypto scheme
mance. rFE FVC02 DB1 DB1:FRR@zeroFAR=2
256 bits
(k = 128, r = 4) FVC02 DB2 DB2:FRR=7,FAR=1
4.4. Time cost evaluation crFE FVC02 DB1
212 bits
DB1:FRR@zeroFAR=2
(k = 128, r = 4) FVC02 DB2 DB2:FRR=4,FAR=1
To evaluate the time efficiency of the crFE driven HD rFE FVC02 DB1
512 bits
DB1:FRR@zeroFAR=0
wallet system, the crFE driven HD wallet system is imple- (k = 512, r = 8) FVC02 DB2 DB2:FRR@zeroFAR=5
crFE FVC02 DB1 DB1:FRR@zeroFAR=2
mented with Python 3.0, and the time cost under different 424 bits
(k = 512, r = 8) FVC02 DB2 DB2:FRR@zeroFAR=5
settings is evaluated based on a cloud Ubuntu server with
Intel Xeon CPU (3.2GHz, 128 core), 256GB RAM. The ex-
periment is carried out on FVC2002 DB1. The time cost is both can lead to a higher level protection mechanism and
tabulated in Table 4. extra protection layer. In this paper, a bio-cryptosystem
The data from Table 4 suggests that more time is needed is established on the cancellable template. Specifically,
for crFE as the consistent hash code length k increases. to generate a cryptographic key from fingerprints by the
crFE takes a longer time than expected to complete the key fuzzy extractor, the state-of-the-art fingerprint descriptor,
retrieval; this is because LDPC needs extra time to decode i.e., MCC, is firstly generated from the fingerprint minu-
the key, and hence prolongs the process. However, the pro- tiae points and then transformed into fixed-length by a ker-
cessing time is still acceptable under k = 128, r = 8, as nelized function, followed by a cancellable hashing. The
it can complete the process within around 1s. Besides, the final generated template is in integer format, which can be
processing time can still be optimized by tuning the LDPC directly used in the fuzzy extractor.
parameter or using specifically designed hardware.
To improve the fuzzy extractor’s accuracy performance,
4.5. Comparison with the state-of-the-art several measures are taken: 1) encoding the key by LDPC;
2) consistent hash code extraction; 3) key redundancy
Finally, a comparison between the proposed biometric mechanism. LDPC is a linear error-correcting block code
cryptosystem and the state-of-the-art is presented in Table suitable in our settings to correct errors in very noisy bio-
5. We can see from the comparison that the best accuracy metric data. Note that using of LDPC is optional and de-
on DB1 and DB2 is achieved by rFE(k = 512, r = 8) and pending on practical settings. The most consistent hash
crFE(k = 128, r = 4), respectively. The results suggest that codes are extracted to reduce intra-variations, which can
our proposed biometric cryptosystem outperforms others in further improve the performance. At last, the hash code vec-
terms of ZERO FAR and key length. tor is divided into sub-blocks, and a key redundancy mech-
anism is utilized to further boost the performance. Based on
5. Conclusion the experiment result, the time cost can be done in seconds.
Cancellable biometrics and bio-cryptosystem are two Meanwhile, better accuracy is achieved.
main branches to protect biometric data. A combination of The proposed scheme can be applied in the case of key

Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
 management scenarios such as the blockchain wallet pri-
vate key generation, which can provide effectiveness to the
user. The future direction is to adopt the proposed bio-
cryptosystem on other biometric modalities and optimize
the execution efficiency, accuracy and security further.
Acknowledgment
The work was partially supported by the Natural Science Founda-
tion of China (NSFC) (No. 61772296), Shenzhen Fundamental Research
Fund (No. JCYJ20170412170438636), and the Graduate Research Stu-
dent Global Research Experience (GRE) Travel Grant provided by School
of Information Technology, Monash University Malaysia.
References
[1] J. Yan, A. Blackwell, R. Anderson, and A. Grant. Password mem-
orability and security: Empirical results. IEEE Security & privacy,
2(5):25–31, 2004.
[2] J. Daugman. How iris recognition works. In The essential guide to
image processing, pages 715–739. Elsevier, 2009.
[3] S. Simhadri, J. Steel, and B. Fuller. Cryptographic authentication
from the iris. In International Conference on Information Security,
pages 465–485. Springer, 2019.
[4] S. Pankanti, S. Prabhakar, and A. K. Jain. On the individuality of
fingerprints. IEEE Transactions on pattern analysis and machine
intelligence, 24(8):1010–1025, 2002.
[5] U. Uludag, S. Pankanti, and A. K. Jain. Fuzzy vault for fingerprints.
In International Conference on Audio-and Video-Based Biometric
Person Authentication, pages 310–319. Springer, 2005.
[6] V. M. Patel, N. K. Ratha, and R. Chellappa. Cancelable Biometrics:
A review. IEEE Signal Processing Magazine, 32(5):54–65, Sept.
2015.
[7] M. Sandhya and M. V. N. K. Prasad. Biometric Template Protec-
tion: A Systematic Literature Review of Approaches and Modali-
ties. In R. Jiang, S. Al-maadeed, A. Bouridane, P. D. Crookes, and
A. Beghdadi, editors, Biometric Security and Privacy: Opportuni-
ties & Challenges in The Big Data Era, Signal Processing for Secu-
rity Technologies, pages 323–370. Springer International Publishing,
Cham, 2017.
[8] E. Chandra and K. Kanagalakshmi. Cancelable biometric template
generation and protection schemes: A review. In 2011 3rd Interna-
tional Conference on Electronics Computer Technology, volume 5,
pages 15–20, Apr. 2011.
[9] K. Nandakumar and A. K. Jain. Biometric Template Protection:
Bridging the performance gap between theory and practice. IEEE
Signal Processing Magazine, 32(5):88–100, Sept. 2015.
[10] C. Rathgeb and A. Uhl. A survey on biometric cryptosystems and
cancelable biometrics. EURASIP Journal on Information Security,
2011(1):3, 2011.
[11] K. Xi and J. Hu. Bio-cryptography. In Handbook of Information and
Communication Security, pages 129–157. Springer, 2010.
[12] Y. Dodis, L. Reyzin, and A. S. F. Extractors. How to generate strong
keys from biometrics and other noisy, data april 13. EUROCRYPT,
2004.
[13] X. Boyen. Reusable cryptographic fuzzy extractors. In Proceedings
of the 11th ACM conference on Computer and communications se-
curity, pages 82–91. ACM, 2004.
[14] R. Canetti, B. Fuller, O. Paneth, L. Reyzin, and A. Smith. Reusable
fuzzy extractors for low-entropy distributions. In Annual Interna-
tional Conference on the Theory and Applications of Cryptographic
Techniques, pages 117–146. Springer, 2016.
[15] R. Cappelli, M. Ferrara, and D. Maltoni. Minutia cylinder-code:
A new representation and matching technique for fingerprint recog-
nition. IEEE transactions on pattern analysis and machine intelli-
gence, 32(12):2128–2141, 2010.
[16] Z. Jin, M.-H. Lim, A. B. J. Teoh, B.-M. Goi, and Y. H. Tay. Generat-
Authorized licensed use limited to: Indian Institute of Information Technology Kottayam. Downloaded on February 04,2025 at 11:51:08 UTC from IEEE Xplore. Restrictions apply.
ing fixed-length representation from minutiae using kernel methods
for fingerprint authentication. IEEE Transactions on Systems, Man,
and Cybernetics: Systems, 46(10):1415–1428, 2016.
[17] Z. Jin, J. Y. Hwang, Y. Lai, S. Kim, and A. B. J. Teoh. Ranking-Based
Locality Sensitive Hashing-Enabled Cancelable Biometrics: Index-
of-Max Hashing. IEEE Transactions on Information Forensics and
Security, 13(2):393–407, Feb. 2018.
[18] A. Juels and M. Sudan. A fuzzy vault scheme. Designs, Codes and
Cryptography, 38(2):237–257, 2006.
[19] A. Juels and M. Wattenberg. A fuzzy commitment scheme. In Pro-
ceedings of the 6th ACM Conference on Computer and Communica-
tions Security, CCS ’99, pages 28–36, New York, NY, USA, 1999.
ACM.
[20] ISO/IEC 24745:2011 - Information technology – Security techniques
– Biometric information protection.
[21] R. Canetti and R. R. Dakdouk. Obfuscating point functions with
multibit output. In Annual International Conference on the The-
ory and Applications of Cryptographic Techniques, pages 489–508.
Springer, 2008.
[22] W. Yang, S. Wang, J. Hu, G. Zheng, J. Chaudhry, E. Adi, and
C. Valli. Securing mobile healthcare data: a smart card based can-
celable finger-vein bio-cryptosystem. IEEE Access, 6:36939–36947,
2018.
[23] W. Yang, J. Hu, and S. Wang. A delaunay triangle group based fuzzy
vault with cancellability. In 2013 6th International Congress on
Image and Signal Processing (CISP), volume 3, pages 1676–1681.
IEEE, 2013.
[24] T. K. Dang, Q. C. Truong, T. T. B. Le, and H. Truong. Cancellable
fuzzy vault with periodic transformation for biometric template pro-
tection. IET Biometrics, 5(3):229–235, 2016.
[25] P. Li, X. Yang, H. Qiao, K. Cao, E. Liu, and J. Tian. An effective
biometric cryptosystem combining fingerprints with error correction
codes. Expert Systems with Applications, 39(7):6562–6574, 2012.
[26] B. Alam, Z. Jin, W.-S. Yap, and B.-M. Goi. An alignment-free cance-
lable fingerprint template for bio-cryptosystems. Journal of Network
and Computer Applications, 115:20–32, 2018.
[27] A. Sarkar and B. K. Singh. Cryptographic key generation from can-
celable fingerprint templates. In 2018 4th International Conference
on Recent Advances in Information Technology (RAIT), pages 1–6.
IEEE, 2018.
[28] D. Chang, S. Garg, M. Hasan, and S. Mishra. Cancelable multi-
biometric approach using fuzzy extractor and novel bit-wise encryp-
tion. IEEE Transactions on Information Forensics and Security,
15:3152–3167, 2020.
[29] M. Baldi, M. Bianchi, F. Chiaraluce, J. Rosenthal, and D. Schipani.
On fuzzy syndrome hashing with ldpc coding. In Proceedings of the
4th International Symposium on Applied Sciences in Biomedical and
Communication Technologies, pages 1–5, 2011.
[30] X. Dong, Z. Jin, and A. T. B. Jin. A genetic algorithm enabled
similarity-based attack on cancellable biometrics. In 2019 IEEE
10th International Conference on Biometrics Theory, Applications
and Systems (BTAS), pages 1–8. IEEE, 2019.
[31] X. Dong, Z. Jin, A. B. J. Teoh, M. Tistarelli, and K. Wong.
On the security risk of cancelable biometrics. arXiv preprint
arXiv:1910.07770, 2019.
[32] H. Wang, X. Dong, Z. Jin, A. B. J. Teoh, and M. Tistarelli.
Interpretable security analysis of cancellable biometrics using
constrained-optimized similarity-based attack. In Proceedings of the
IEEE/CVF Winter Conference on Applications of Computer Vision,
pages 70–77.
[33] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar. Handbook of
fingerprint recognition, 2nd edition. Springer Science & Business
Media, 2009.
[34] P. Li, X. Yang, K. Cao, X. Tao, R. Wang, and J. Tian. An alignment-
free fingerprint cryptosystem based on fuzzy vault scheme. Journal
of network and computer applications, 33(3):207–220, 2010.
[35] E. Liu and Q. Zhao. Encrypted domain matching of fingerprint
minutia cylinder-code (mcc) with l1 minimization. Neurocomputing,
259:3–13, 2017.