Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


BETA: Biometric Enabled Threshold Authentication

November 4, 2020


Saikrishna Badrinarayanan - Visa Research


Abstract: Due to security and usability challenges with passwords, the industry is gradually moving to biometric-based authentication. While biometrics are user-friendly, a server-side breach of biometric data is more damaging because, unlike passwords, changing biometric information is difficult. FIDO Alliance, an industry-wide effort to enable biometric authentication, uses an approach where biometric templates and measurements are stored and matched on the client device. A successful match transmits a digital signature (on a fresh challenge) to the server which can verify this. Thus, a server-side breach does not lead to a loss of sensitve user data. We introduce a new framework for Distributing FIDO that securely distributes both the biometric template and signing key among multiple devices, who can collectively perform biometric matching and signature generation without reconstructing the template or signing key on any device. We model security via a real-ideal world UC definition and design several protocols that realize this. 

Presented at

NIST Workshop on Multi-Party Threshold Schemes (MPTS) 2020.

Based on joint work with Shashank Agrawal, Payman Mohassel, Pratyay Mukherjee and Sikhar Patranabis.

Event Details



Related Topics

Security and Privacy: cryptography

Created May 04, 2021, Updated June 07, 2021