信息网络安全 ›› 2018, Vol. 18 ›› Issue (12): 15-22.doi: 10.3969/j.issn.1671-1122.2018.12.003

• 技术研究 • 上一篇    下一篇

基于SEAL的虹膜特征密文认证系统

宋新霞1,2, 马佳敏2, 陈智罡1,2(), 陈克非3   

  1. 1.中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
    2.浙江万里学院,浙江宁波 315100
    3.杭州师范大学理学院,浙江杭州 311121
  • 收稿日期:2018-08-15 出版日期:2018-12-20 发布日期:2020-05-11
  • 作者简介:

    作者简介:宋新霞(1973—),女,陕西,副教授,硕士,主要研究方向为代数密码;马佳敏(1994—),男,江苏,硕士研究生,主要研究方向为全同态加密与区块链;陈智罡(1972—),男,四川,教授,博士研究生,主要研究方向为全同态加密、格公钥密码学;陈克非(1959—),男,四川,教授,博士,主要研究方向为密码理论与应用。

  • 基金资助:
    国家重点研发计划[2017YFB0802000];浙江省自然科学基金 [LY17F020002];宁波市自然科学基金[2017A610120, 2018A610159];浙江省科技厅公益性技术科研项目[2017C33079, LGG18F020001];信息安全国家重点实验室开放课题[2017-MS-18]

Iris Ciphertext Authentication System Based on SEAL

Xinxia SONG1,2, Jiamin MA2, Zhigang CHEN1,2(), Kefei CHEN3   

  1. 1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
    2. Zhejiang Wanli University, Ningbo Zhejiang 315100, China
    3. Department of Mathematics, Hangzhou Normal University, Hangzhou Zhejiang 311121, China
  • Received:2018-08-15 Online:2018-12-20 Published:2020-05-11

摘要:

随着生物识别技术的应用和推广,生物特征对身份认证的影响愈加显著。为了保证用户的隐私,生物特征不能以明文形式进行存储或操作。针对此问题,文章对现有的生物特征认证系统的方案、性能做了分析和总结,采用FV方案构建并设计了一个基于全同态加密的虹膜特征密文认证系统。实现部分借助了微软的SEAL(Simple Encrypted Arithmetic Library)库。整个系统可在不对虹膜特征模板解密的情况下完成虹膜认证,且数据库中保存的是虹膜特征模板的同态密文,所以无需担心虹膜特征模板的泄露。同时该系统无需可信中心进行验证,直接通过一次性MAC认证方法在服务器端完成认证。测试表明,当系统采用海明距离比对算法等计算电路深度不高的虹膜算法时,有着不错的性能,基本满足了真实应用场景的需求。

关键词: 生物特征, 全同态加密, SEAL, 虹膜认证, 一次性MAC认证

Abstract:

With the application and promotion of biometric technology, biometrics has become more and more important to identity authentication. In order to ensure the privacy of the user, the biometrics cannot be stored or manipulated in clear text. Aiming at this problem, this paper analyzes and summarizes the scheme and performance of the existing biometric authentication system, and proposes to construct and design an iris-like ciphertext authentication system based on full homomorphic encryption using FV scheme. SEAL (Simple Encrypted Arithmetic Library) library. The entire system can complete iris authentication without decrypting the iris feature template, and the database stores the homomorphic ciphertext of the iris feature template, so there is no need to worry about the leakage of the iris feature template. At the same time, the system does not require a trusted center for authentication, and the authentication is completed on the server side directly through the one-time MAC authentication method. Tests have shown that when the system adopts an iris algorithm with a low depth of calculation circuit such as the Hamming distance comparison algorithm, it has good performance, which basically meets the requirements of real application scenarios.

Key words: biometrics, fully homomorphic encryption, SEAL, iris authentication, one-time MAC authentication

中图分类号: