Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #43

Secure Non-Interactive User Re-Enrollment in Biometrics-Based Identification and Authentication Systems

Ivan De Oliveira Nunes, Karim Eldefrawy, and Tancrède Lepoint

2018 · 2nd International Symposium on Cyber Security, Cryptography and Machine Learning (CSCML)

  • Theory
  • Applied
  • protocol

What does the paper try to establish?

Can a large biometric-authentication deployment replace lost, revoked, or policy-dependent helper data without bringing every user back and without storing a complete reusable biometric template at any backend?

What is the proposed answer?

SNUSE secret-shares each biometric template among re-enrollment servers and uses MPC to generate fresh fuzzy-vault helper data. A prototype for fingerprints and irises shows non-interactive re-enrollment at scale, subject to honest-but-curious MPC, secure channels, threshold non-collusion, fuzzy-vault reuse, and online-compromise limitations.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The full manuscript provides protocols, security analysis, a working two-modality prototype, named datasets, accuracy tests, timings, scaling, and storage analysis, with explicit limits.

Non-interactive re-enrollment and MPC helper-data generation Fingerprint and iris datasets, GAR/FAR method, and results Execution, scale, and storage evaluation Stored/execution confidentiality, collusion boundary, and fuzzy-vault reuse
Auditability High

A complete checked-in author manuscript with hash, page count, detailed appendices, precise anchors, and DOI makes the represented evidence directly inspectable.

Re-enrollment problem, SNUSE contribution, and headline results Official conference publication identity
Production provenance Medium

Named authorship, venue, DOI, protocols, libraries, datasets, and environment are documented; roles, revision history, exact source revision, and raw experiment lineage are not.

Official conference publication identity NTL prototype, finite-field parameters, TCP processes, fingerprint and iris extraction
External scrutiny Medium

CSCML publication establishes venue review, but public reports, artifact review, and independent reproduction were not located.

Official conference publication identity
Reception Low

OpenAlex reported 2 citations on 2026-07-11; under the author-defined rule, 0 through 8 located citations is Low. The later journal version is counted separately.

Dated citation-count snapshot
Contribution significance Medium

The work presents a concrete first claimed solution to a deployment-scale re-enrollment problem and validates feasibility, while retaining important collusion, reusability, and adversary-model limits.

Re-enrollment problem, SNUSE contribution, and headline results Stored/execution confidentiality, collusion boundary, and fuzzy-vault reuse Conclusion and future malicious/covert-security work

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

SNUSE conference paper

A protocol and prototype for refreshing fuzzy-vault authentication material from threshold-shared biometric templates without user participation.

Re-enrollment problem, SNUSE contribution, and headline results
  1. protocol group SNUSE lifecycle specified and implemented

    Three protocols separate one-time enrollment, routine authentication, and occasional server-side re-enrollment.

    Initial enrollment protocol Local authentication protocol Non-interactive re-enrollment and MPC helper-data generation
    1. protocol

      Initial enrollment

      implemented

      The reader samples and shares the template; RESs agree on a secret and MPC-compute shares of the vault; AS reconstructs and stores only helper data.

      Initial enrollment protocol
    2. protocol

      Routine authentication

      implemented

      AS returns the user's helper data, and the reader applies fuzzy-vault opening to a fresh biometric sample; RESs are offline and uninvolved.

      Local authentication protocol
  2. claim group Main claims mixed

    SNUSE separates biometric storage across servers, preserves the underlying matching procedure, and makes bulk re-enrollment computationally feasible in the tested setting.

    Stored/execution confidentiality, collusion boundary, and fuzzy-vault reuse Fingerprint and iris datasets, GAR/FAR method, and results Execution, scale, and storage evaluation
    1. claim

      Fast bulk refresh

      experimentally supported

      A single re-enrollment averages 13.2 ms in the reported setup; scaling is approximately linear, and the extrapolation places 100,000 users under five minutes with nine RESs.

      Execution, scale, and storage evaluation
    2. claim

      Matching accuracy is governed by biometric/vault parameters

      dataset supported

      On the tested data, fingerprint degree 7 gives about 90% GAR and 3% FAR, while the simple iris encoding at degree 5 gives about 75% GAR and 5% FAR; SNUSE does not itself change vault opening.

      Fingerprint and iris datasets, GAR/FAR method, and results
  3. evidence group

    Evidence stack

    prototype and security analysis

    Protocol pseudocode and confidentiality arguments are paired with public biometric datasets, cross-pair GAR/FAR tests, 100-run timing measurements, scale tests, and storage calculations.

    NTL prototype, finite-field parameters, TCP processes, fingerprint and iris extraction Fingerprint and iris datasets, GAR/FAR method, and results Execution, scale, and storage evaluation Stored/execution confidentiality, collusion boundary, and fuzzy-vault reuse
  4. scrutiny

    External scrutiny

    venue reviewed

    The conference publication establishes CSCML review exposure; review reports and artifact evaluation are not represented.

    Official conference publication identity

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Re-enrollment problem, SNUSE contribution, and headline results Abstract and Section 1, PDF pages 1-4
  2. BIA, Shamir sharing, honest-but-curious MPC, and fuzzy-vault background Section 2, PDF pages 4-8
  3. Parties, data placement, and SNUSE lifecycle Section 3, PDF pages 8-9
  4. Initial enrollment protocol Section 3.1 and Figure 2, PDF pages 9-11
  5. Local authentication protocol Section 3.2 and Figure 3, PDF page 11
  6. Non-interactive re-enrollment and MPC helper-data generation Sections 3.3-3.4 and Figure 4, PDF pages 11-15
  7. NTL prototype, finite-field parameters, TCP processes, fingerprint and iris extraction Appendix A, PDF pages 19-22
  8. Fingerprint and iris datasets, GAR/FAR method, and results Appendix B and Figure 6, PDF pages 22-23
  9. Execution, scale, and storage evaluation Appendix C, Tables/Figures 1, 7, and 8, PDF pages 23-26
  10. Stored/execution confidentiality, collusion boundary, and fuzzy-vault reuse Appendix D, PDF pages 26-27
  11. Conclusion and future malicious/covert-security work Section 4, PDF page 16
  12. Official conference publication identity CSCML 2018, DOI 10.1007/978-3-319-94147-9_13
  13. Dated citation-count snapshot OpenAlex reported 2 citing works on 2026-07-11