Reconstructing Protected Biometric Templates from Binary Authentication Results

• URL: http://arxiv.org/abs/2601.17620v1
• Date: Sat, 24 Jan 2026 22:52:40 GMT
• Title: Reconstructing Protected Biometric Templates from Binary Authentication Results
• Authors: Eliron Rahimi, Margarita Osadchy, Orr Dunkelman,
• Abstract summary: We show that it is possible to reconstruct the biometric template by just observing the success/failure of the authentication attempt.<n>Our attack achieves negligible template reconstruction loss and enables full recovery of facial images.
• Score: 4.72057141286429
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Biometric data is considered to be very private and highly sensitive. As such, many methods for biometric template protection were considered over the years -- from biohashing and specially crafted feature extraction procedures, to the use of cryptographic solutions such as Fuzzy Commitments or the use of Fully Homomorphic Encryption (FHE). A key question that arises is how much protection these solutions can offer when the adversary can inject samples, and observe the outputs of the system. While for systems that return the similarity score, one can use attacks such as hill-climbing, for systems where the adversary can only learn whether the authentication attempt was successful, this question remained open. In this paper, we show that it is indeed possible to reconstruct the biometric template by just observing the success/failure of the authentication attempt (given the ability to inject a sufficient amount of templates). Our attack achieves negligible template reconstruction loss and enables full recovery of facial images through a generative inversion method, forming a pipeline from binary scores to high-resolution facial images that successfully pass the system more than 98\% of the time. Our results, of course, are applicable for any protection mechanism that maintains the accuracy of the recognition.

Related papers

• Adapter Shield: A Unified Framework with Built-in Authentication for Preventing Unauthorized Zero-Shot Image-to-Image Generation [74.5813283875938]
  Zero-shot image-to-image generation poses substantial risks related to intellectual property violations.<n>This work presents Adapter Shield, the first universal and authentication-integrated solution aimed at defending personal images from misuse.<n>Our method surpasses existing state-of-the-art defenses in blocking unauthorized zero-shot image synthesis.
  arXiv  Detail & Related papers  (2025-11-25T04:49:16Z)
• Deep Learning Models for Robust Facial Liveness Detection [56.08694048252482]
  This study introduces a robust solution through novel deep learning models addressing the deficiencies in contemporary anti-spoofing techniques.<n>By innovatively integrating texture analysis and reflective properties associated with genuine human traits, our models distinguish authentic presence from replicas with remarkable precision.
  arXiv  Detail & Related papers  (2025-08-12T17:19:20Z)
• From Detection to Correction: Backdoor-Resilient Face Recognition via Vision-Language Trigger Detection and Noise-Based Neutralization [2.661968537236039]
  Backdoor attacks can subvert face recognition systems powered by deep neural networks (DNNs)<n>We propose TrueBiometric: Trustworthy Biometrics, which accurately detects poisoned images using a majority voting mechanism.<n>Our empirical results demonstrate that TrueBiometric detects and corrects poisoned images with 100% accuracy without compromising accuracy on clean images.
  arXiv  Detail & Related papers  (2025-08-07T14:02:34Z)
• Lazy Layers to Make Fine-Tuned Diffusion Models More Traceable [70.77600345240867]
  A novel arbitrary-in-arbitrary-out (AIAO) strategy makes watermarks resilient to fine-tuning-based removal. Unlike the existing methods of designing a backdoor for the input/output space of diffusion models, in our method, we propose to embed the backdoor into the feature space of sampled subpaths. Our empirical studies on the MS-COCO, AFHQ, LSUN, CUB-200, and DreamBooth datasets confirm the robustness of AIAO.
  arXiv  Detail & Related papers  (2024-05-01T12:03:39Z)
• Enhancing Privacy in Face Analytics Using Fully Homomorphic Encryption [8.742970921484371]
  We propose a novel technique that combines Fully Homomorphic Encryption (FHE) with an existing template protection scheme known as PolyProtect. Our proposed approach ensures irreversibility and unlinkability, effectively preventing the leakage of soft biometric embeddings.
  arXiv  Detail & Related papers  (2024-04-24T23:56:03Z)
• A secure and private ensemble matcher using multi-vault obfuscated templates [1.3518297878940662]
  Generative AI has revolutionized modern machine learning by providing unprecedented realism, diversity, and efficiency in data generation. Biometric template security and secure matching are among the most sought-after features of modern biometric systems. This paper proposes a novel obfuscation method using Generative AI to enhance biometric template security.
  arXiv  Detail & Related papers  (2024-04-08T05:18:39Z)
• Mask and Restore: Blind Backdoor Defense at Test Time with Masked Autoencoder [50.1394620328318]
  Existing backdoor defense methods often require accessing a few validation data and model parameters.<n>We propose blind backdoor defense with Masked AutoEncoder (BDMAE)<n>BDMAE detects possible local triggers using image structural similarity and label consistency between the test image and MAE restorations.
  arXiv  Detail & Related papers  (2023-03-27T19:23:33Z)
• OTB-morph: One-Time Biometrics via Morphing applied to Face Templates [8.623680649444212]
  This paper introduces a new scheme for cancelable biometrics aimed at protecting the templates against potential attacks. An experimental implementation of the proposed scheme is given for face biometrics.
  arXiv  Detail & Related papers  (2021-11-25T18:35:34Z)
• Authentication Attacks on Projection-based Cancelable Biometric Schemes [0.6499759302108924]
  Cancelable biometric schemes aim at generating secure biometric templates by combining user specific tokens, such as password, stored secret or salt, along with biometric data. The security requirements of cancelable biometric schemes concern the irreversibility, unlinkability and revocability of templates, without losing in accuracy of comparison. In this paper, we formalize these attacks for a traditional cancelable scheme with the help of integer linear programming (ILP) and quadratically constrained quadratic programming (QCQP)
  arXiv  Detail & Related papers  (2021-10-28T14:39:35Z)
• Aurora Guard: Reliable Face Anti-Spoofing via Mobile Lighting System [103.5604680001633]
  Anti-spoofing against high-resolution rendering replay of paper photos or digital videos remains an open problem. We propose a simple yet effective face anti-spoofing system, termed Aurora Guard (AG)
  arXiv  Detail & Related papers  (2021-02-01T09:17:18Z)
• Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
  We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks. TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
  arXiv  Detail & Related papers  (2020-03-15T12:45:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.