Content uploaded by Mehmet Aydar
Author content
All content in this area was uploaded by Mehmet Aydar on Jul 12, 2019
Content may be subject to copyright.
Private Key Encryption and Recovery in Blockchain
Mehmet Aydara,b, Salih Cemil C¸ etina, Serkan Ayvazc, Bet¨ul Ayg¨una
aTechnology Introduction Department, Huawei Turkey Research and Development
Center. ˙
Istanbul, T¨urkiye
bDepartment of Computer Science, Kent State University, Kent, OH, USA
cDepartment of Software Engineering, Bahcesehir University, Besiktas, Istanbul, Turkey
Abstract
The disruptive technology of blockchain can deliver secure solutions without
the need for a central authority. In blockchain, assets that belong to a partic-
ipant are controlled through the private key of an asymmetric key pair that
is owned by the participant. Although, this lets blockchain network partici-
pants to have sovereignty on their assets, it comes with the responsibility of
managing their own keys. Currently, there exists two major bottlenecks in
managing keys; a) users don’t have an efficient and secure way to store their
keys, b) no efficient recovery mechanism exists in case the keys are lost. In
this study, we propose secure methods to efficiently store and recover keys.
For the first, we introduce an efficient encryption mechanism to securely en-
crypt and decrypt the private key using the owner’s biometric signature. For
the later, we introduce an efficient recovery mechanism using biometrics and
secret sharing scheme. By applying the proposed key encryption and recov-
ery mechanism, asset owners are able to securely store their keys on their
devices and recover the keys in case they are lost.
Keywords: Distributed ledger technology, Blockchain, Cryptography, Key
encryption, Biometric encryption, Key recovery
1. Introduction
In a blockchain network, trust is embedded in the network itself. There-
fore, blockchain reduces the cost of “trust” by eliminating the third parties
traditionally needed for providing trust. This is achieved through the cryp-
tographic linking structure of the blocks, distribution of the ledger and a
consensus algorithm. Many initiatives exist aiming to replace centralized
Preprint submitted to Elsevier July 10, 2019
arXiv:1907.04156v1 [cs.CR] 9 Jul 2019
solutions with blockchain based decentralized solutions. As a result, when
centralized authorities are removed as the provider of “trust”, individuals
have more sovereignty on their assets while cost associated with trust is re-
duced. However this imposes more responsibility on the network participants
on managing their own keys.
Asymmetric keys play a vital role in identifying network participants
and controlling the assets in a blockchain network. An asymmetric key pair
consists of a public key which can be shared with anyone and a corresponding
private key which must be stored hidden. In blockchain, an asymmetric
key pair is assigned to a network participant, and participants are identified
by the public key of the asymmetric key pair, while assets ownership and
transfers are managed through self-controlling of the private key.
Despite the ever-growing adoption of the blockchain technology, major
problems persist in storing and recovering private keys, which have negative
impact on usability of the blockchain technology, and the security of assets in
the network. Traditional private key storing mechanism includes key mem-
orization, cold storage, keeping the key digitally in plain form, keeping the
key remotely through a wallet provider, and keeping the key in a symmet-
rically encrypted digital wallet. Memorization is challenging as the private
keys are too long for humans to memorize. For instance, in Bitcoin system,
private keys’ length are 256 bits in hexadecimal which can be represented
in 64 characters in the range 0-9 or A-F. Cold storage is as secure as the
physical material where the private key is stored on, and has inefficiencies in
terms of usability as the key retrieval is challenging from the cold storage.
While digital key keeping in plain form has more usability, it is the least
secure option as the digital devices could be open and susceptible to hacking
and security breaches.
Wallets are usually responsible for the process of private and public key
pair creation. In web wallet services, private keys that belong to the clients
are encrypted and kept on related server machines. Web wallets provide users
to control their assets from any web browser or mobile platforms. Despite
the usability advantages, storing the key remotely through a digital wallet
provider is a centralized solution, and is only as secure as the remote party
which you trust your private keys with. In desktop wallets like Electrum [1],
each user locally keep their private key with the encryption option. Regular
symmetrically encrypted digital wallets provide more security. However, the
user must remember the password used in the encryption for the key retrieval.
If forgotten, it would be impossible to retrieve the private key.
2
As a matter of the fact, it is crucial to move away from traditional key
storage mechanisms towards a more user-friendly and secure key storage
approach, which incorporates the biometrics of the key owner along with
a distributed key recovery mechanism. This paper focuses on secure and
user-friendly storage of private keys, and keys recovery methods. Section 2
briefly describes blockchain technology, specifically concentrating the usage
of keys and describes what key owners’ control by securely managing their
keys, and what is compromised if the keys are lost. In section 3, we describe
our solution. In section 4, we review the existing work in the domain, and
we follow by conclusion.
2. Blockchain Overview
World met blockchain with bitcoin which is popular for its proven solid
functionality of decentralized peer-to-peer digital asset transfer [2]. Blockchain
protocol gets its form with blocks which are chained with hashes. This chain
of blocks structure provides tamper-proofness and doesn’t permit any change
on historical records. On the other hand, each block consist of transactions
and some unique information about the block. In this section, we emphasize
the key points of blockchain protocols.
2.1. Transactions and Blocks
Transactions are asset transfers in a blockchain network. Depending on
the protocol, transactions may contain any kind of assets such as a financial
value, health data, log record, identity information etc. Blocks are bundle
of transactions. With these transactions, there are some more block specific
information in each block like the number of the block, previous block’s hash,
transactions’ merkle root [3], a timestamp and a nonce value.
Chained blocks include cryptographic chain mechanism which uses hash
functions. Every block has a hash output of previous block in the ledger.
Hash functions are deterministic and one way functions which always gener-
ates the same output value for the same input. When hash function outputs
are very characteristic and unique for any input, they also does not contain
any meaningful information about the inputs. For each different input, hash
functions generate a completely different output, being very strict against
any disparity.
Hash outputs can be assumed as abstract or fingerprint of a piece of
information. In a chain of blocks, every block header includes hash value of
3
Block Hash
Prevous Block Hash
Time Information
Transaction1
Transaction2
Transaction3
Transaction4
Block Hash
Prevous Block Hash
Time Information
Transaction1
Transaction2
Transaction3
Transaction4
Block Hash
Prevous Block Hash
Time Information
Transaction1
Transaction2
Transaction3
Transaction4
Figure 1: A chain of blocks scheme
the previous block, constituting a chain of blocks. This mechanism provides
immutability of the data stored in the ledger. When data in a block changes,
the block hash also changes. Consequently, the next block’s hash output
also change in the chain. If any data changes in block number a, the chain
is broken after block aas it can be seen in Figure 1.
2.2. Public and Private Keys in Blockchain
In blockchain protocols, public keys are commonly used as address, ac-
count number, id etc. Therefore, naturally it can be shared with other users
in the ecosystem. Private keys are used for signing transactions by its owner
[4]. In common, a participant’s asset balance means the value of assets which
can be signed and used as input in transactions by the participant.
As it’s described in Satoshi’s bitcoin white paper [2], when a client sends
a coin to another one, the owner actually does not send any asset to anyone.
Instead sending a digital coin, the wallet reassigns an amount of coin and
declares to the network that to create and assign new coins to the receiver.
In order to reassign, each transaction is signed by transaction owner’s private
key and is verified using owner’s public key. Figure 2shows transaction veri-
fications in bitcoin transaction scheme. In public-permissionless blockchains
like bitcoin, transactions are declared publicly.
4
Owner 1's
Public Key
Transaction
Hash
Owner 0's
Signature
Owner 1's
Private Key
Owner 2's
Public Key
Transaction
Hash
Owner 1's
Signature
Owner 2's
Private Key
Owner 3's
Public Key
Transaction
Hash
Owner 2's
Signature
Owner 3's
Private Key
Verify
Sign
Sign
Verify
Figure 2: Bitcoin transaction scheme [2]
2.2.1. What is Managed with Private Key
In financial applications like bitcoin or ripple, users sign their transac-
tions with private keys. Each coin (asset) in transactions has a public key
on it. Since private key is associated with public key, private key holder is
the owner of the coin. Similarly in health care projects, people manage their
sensitive health information. In decentralized digital identity projects, sensi-
tive identity information is managed. In supply chain projects asset owners
manage critical tracking records, and in real estate projects ownership of real
estate properties is managed. Since various kind of assets are bound up with
private keys in blockchain projects, the safety of keys is vital. In any case of
key compromise, the attacker will be able to spend money or reach/share/sell
sensitive information, or create fraudulent records, or own and take the ini-
tiative of private properties. The possible compromise scenarios and their
possible consequences force blockchain developers to build more secure key
preservation and more secure protocols.
2.3. Transaction
Transactions are basic units or atomic events of blockchain protocols.
Blockchain protocols usually has their own type of assets, which are trans-
ferred through transactions. As an example in bitcoin system, transactions
5
include coin transfers, while in sovrin [5], verifiable credentials and identity
management information are processed through transactions. Since transac-
tions are atomic events of blockchain applications, the ownership of trans-
action is critically important. In each transaction, depending on protocol’s
transaction architecture, there is one or more addresses as related to user
endpoint. These addresses are generally public keys of users. Public key or
its derivatives are used as address or endpoint. In blockchain applications,
personal information is never used to provide anonymity. As an example,
there must be at least two public keys in a normal bitcoin transaction to
manifest the transaction which is processed between two users.
Since there is no central authority, each user is responsible for creation of
their own transactions. A transaction is firstly created by the owner within
validation rules. This transaction will later be checked by protocol’s autho-
rized nodes and will be processed if valid.
In Figure 3, a basic transaction between two users is shown. As seen in the
figure, the transaction is between 04f246181692c7ffd0... and 048370bfcc36bef0b6...
addresses. Each address represents a real world user without revealing any
personal information. Therefore, transactions are generally transparent in
blockchain protocols. When a transaction is generated, it must also be dig-
itally signed by its owner. Transactions transparency only can be handled
with user anonymity and digital signatures.
2.4. Digital Signatures
Digital signatures are mathematical techniques that verify authenticity
and ensure integrity of digital contents [6]. A valid digital signature shows
that the content is original as sent, and the sender is known. These features
basically points out authentication and integrity issues. In Figure 4, it can
be seen that if a user needs to digitally sign a document, private key will be
enough to sign data. On the other side, in order to verify data authenticity
or integrity, the user only needs digitally signed data with signature and
signer’s public key. From this point of view, a transaction owner will just
sign the transaction using its secret private key. Then other users are able
to verify the owner and integrity of transaction by using just public key of
the sender of transaction. That’s why public keys can be shared explicitly
between users and private keys should be kept hidden and safe.
In blockchain protocol applications, generally elliptic curve digital signa-
ture algorithm (ECDSA) [7] or similar algorithms are used to create public
and private key pair set. Assets must be related with owner’s public key
6
Transaction
04f246181692c7ffd0...
048370bfcc36bef0b6...
Interaction/Operation
The Owner of Transaction
Other User
24cea7382b2d282b8...
Private Key
04f246181692c7ffd0...
Public Key
Digital Signature
Figure 3: Simplified scheme of a blockchain transaction
Figure 4: Digital signature signing and verification
7
which represent the owner digitally and anonymously in DLT environment.
Also transactions must be digitally signed before it was published to network.
Digital signatures provide two substances in blockchain protocols:
•everyone is able to verify transaction sender and transaction integrity,
and
•sender is not able to deny the transaction.
3. Methodology
In general, there are three different approaches for keeping security of
holding private keys for users. In the first approach, adding additional secu-
rity layer to reach the private keys stored on the device. To open a private
key, biometric authentication is used. In the second approach, stored private
keys are also encrypted with the biometric data. Instead of encrypting ma-
chine holding security keys, the encryption of the private keys is performed.
In the last approach, private keys are generated by implementing biometric
data into known prominent cryptography algorithms including DES, RSA.
In this study, we use second approach for private key encryption, and we
utilize a distributed key recovery mechanism for private key recovery.
3.1. Encryption and Decryption of Private Keys Using Fingerprint
Symmetric encryption and decryption is straightforward using conven-
tional symmetric encryption methods such as Data Encryption Standard
(DES), in which encryption and decryption is done using the same and a
single key. In our approach, we use symmetric encryption to encrypt and de-
crypt private keys, and we automatically generate the key used in symmetric
encryption using owner’s fingerprint. Fingerprints, as a biometric trait, is
unique and offers usability advantages over traditionally selected pass codes.
However, certain concerns regarding privacy, security, and applicability have
to be dealt with when using fingerprints.
In fingerprint systems, there exists two main phases: registration and
matching. Registration step includes registering the original fingerprint im-
age, while matching step includes matching the candidate fingerprint image
against the registered image. In both phases, the fingerprint image is pre-
processed, transformed, and hashed. Since it is probabilistically hard for two
fingerprints taken at different times to have the same hash value (even if they
match), an efficient error correction mechanism is utilized.
8
3.1.1. Preprocessing
Preprocessing includes image enhancement (filtering, binarization and
thinning), minutiae points extraction, core points detection, and minutiae
alignment according to the core points. Purpose of enhancement step is to
compensate for scratches and noises, and end up with a binary fingerprint
image to accurately detect its structure. We apply Gabor filter [8] method,
in which each pixel is filtered according to estimated ridge frequency and
ridge orientation. Enhancement step is proceeded with binarization using a
threshold variable, and thinned that fixes the ridge lines width to one pixel.
The minutiae detection algorithm traverses the enhanced image to de-
tect whether a pixel represents a minutiae by checking its surrounding 8-
neighboring pixels. If the pixel is on a ridge and has 1 neighboring ridge
pixel then the pixel represents a ridge ending type of minutiae, on the other
hand, if the pixel is on a ridge and has 3 neighboring ridge pixel then the
pixel represents a bifurcation type of minutiae.
Core points’ position and orientation is needed in order to reliably align
the minutiae points with respect to these points as reference. The core points
(poincare index) of a fingerprint are special pixels that represents the centers.
Loop, delta and whorl are types of core points. We use fingerprint core
detection method suggested by Kawagoe et. al. [9], which divides the image
into sub-regions, obtains direction patterns and computes core points over a
closed curve. For a pixel(x, y), it sums the difference between adjacent local
ridge orientation angles in its 8-neighborhood. Based on the result of the
calculation with a small threshold:
•(x, y) is not a core point if result is 0,
•(x, y) represents a whorl type core point if result is 2π,
•(x, y) represents a loop type core point if result is π, and
•(x, y) represents a delta type core point if result is −π.
In the minutiae alignment step, each minutiae point is rotated using the
rotation of axes in two dimensions. A minutiae point (x, y) is rotated coun-
terclockwise with respect to a core point (cx, cy) with an orientation angle θ
9
using the matrix multiplication as below:
x0
y0=cosθ sinθ
−sinθ cosθ x−cx
y−cy
3.1.2. Cartesian Transformation
An efficient implementation of a biometric system needs to be revocable,
since revocability is a must have feature for password systems for privacy
and security purposes. Fingerprints as a biometric signature are perma-
nently associated with the owner, and if stolen, all systems previously used
with the fingerprint signature are in danger. Therefore, we apply cartesian
transformation to transform the minutiae points using a one-way, irreversible
function to make the fingerprint system cancellable. Instead of storing the
original fingerprint image, we store the transformed version along with the
transformation parameters.
In cartesian block transformation, the 2D coordinate system on which the
minutiae points are represented is divided into blocks of regular size. Initially,
minutiae points are placed in the blocks based on their locality, such that
closer minutiae points are placed in the same or neighboring blocks. Later,
the transformation is achieved by shuffling the blocks using matrix multipli-
cation, and arranging minutiae points based on the new block locations.
In our implementation, 2D coordinate system is divided into a HxW size
of blocks. Initial cartesian blocks are numbered from 1 to |H xW |which is
represented by a matrix Cof size 1x|HxW |, and a transformation matrix M
of size |H xW |x|HxW |is randomly generated having values of either 0 or 1.
As an example, let H= 2 and W= 2, then C= [1,2,3,4]. Then the matrix
multiplication with the randomly generated matrix of Mis shown below:
C0=1 2 3 4
0 0 0 0
0 1 0 0
1 0 0 1
0 0 1 0
=3 2 4 3
which means the minutiae points previously placed in cartesian block 1 are
mapped to 3, 2 are mapped to 2 again, 3 are mapped to 4, and 4 are mapped
to 3 in the transformed space, as demonstrated in figure 5. It is also possible
for multiple cartesian blocks to be mapped to the same cartesian block in
the transformed space. Cartesian blocks are numbered per their locations in
the 2D coordinate system.
10
Figure 5: Cartesian blocks transformation
In the registration phase, instead of saving minutiae points’ original lo-
cations, their transformed locations are saved along with the transformation
parameters. The transformation parameters include the boundaries of the
original fingerprint image and the transformation matrix. It is important to
note that, the original cartesian block for a given minutiae point is not saved
during the registration phase. However, during matching, for candidate fin-
gerprint template, minutiae points’ original cartesian blocks are kept to be
utilized in recovery process of the reed-solomon error erasure coding.
3.1.3. Reed-solomon Error Correction
Reed-solomon [10] is an error correction mechanism (erasure coding.) For
a given input, it produces parity data, in a way that it can reproduce original
input even if some parts are missing. Many modern storage systems, such
as Linux RAID and Facebook’s cold-storage utilize reed-solomon. Reed-
solomon breaks the message into nequal pieces and constructs an input
matrix, where nis the height of the matrix. Then, it generates a coding
matrix of size n+k,kis being the number parity rows. First nrows of
coding matrix has 1s in the diagonal and 0s for the rest of the matrix cells.
The coded data is created by multiplying the coding matrix with the origi-
nal matrix. Because of the diagonal 1s in the coding matrix, the first nrows
of the coded data is the same as the original message, and the last krows
are parity. Thus, one row of the coding matrix generates a corresponding
row of original data. Therefore, when some rows in the original message is
missing, the corresponding rows in the coding matrix and the coded matrix
are removed, and the matrix multiplication equation with the original data
on the left side still remains valid. Later, inverse matrix of the new coding
matrix is generated, and multiplied with the each side of the new equation.
In the end, the original data matrix is produced on the left side of the equa-
tion. Figure 6depicts an example of reed-solomon encoding of a given input
11
Figure 6: Example of reed-solomon encoding and decoding (adapted from [11].)
data of “ABCDEFGHIJKLMNOP”, and the reed-solomon decoding when
“IJKLMNOP” is missing from the input data.
In our implementation, the hashes of the minutiae points is the input
data. We perform reed-solomon mechanism per each of the pre-transformed
cartesian blocks, having the hashes of the minutiae points as input data in-
side the blocks. By using the hashes of the minutiae points original minutiae
points of original template are never revealed, a mechanism which preserves
the privacy of the fingerprint owner. We also perform an overall reed-solomon
implementation for all of the pre-transformed rectangular, having the result-
ing hash of each cartesian block as input data. This way we can recover the
missing hashes of the minutiae points for each of the cartisian blocks. Con-
sequently, we are able to calculate an overall hash of the fingerprint system
that we utilize in the matching process. Overall hash is the symmetric key to
be utilized in the symmetric encryption of owner’s private key. Our goal is
to regenerate the same key for the same person during the matching phase.
12
3.1.4. Matching
In the matching phase, we follow a number of steps to determine whether
a given candidate fingerprint image produces the same overall hash value as
with the original fingerprint image. The candidate fingerprint image goes
through the same preprocessing and transformation steps as the original fin-
gerprint image, as described in sections 3.1.1 and 3.1.2. In the cartesian
transformation, the same transformation parameters (boundaries and trans-
formation matrix) are used as in the registration of the original fingerprint
image. Moreover, in contrast to the registration phase, the original pre-
transformed cartesian block numbers are kept for the candidate fingerprint
image.
The matching algorithm compares the transformed minutiae points of
candidate fingerprint template with the transformed minutiae points of orig-
inal fingerprint template. The comparison is done separately for each of
the cartesian blocks. Geometrically closer minutiae points would be trans-
formed to the same cartesian block in both original and candidate finger-
print template. Therefore, the minutiae points in cartesian block number x
in the transformed candidate fingerprint template are only compared with
the minutiae points in cartesian block number xin the transformed original
fingerprint template. The comparison is done using the equality check of the
minutiae point types, and the euclidean distance with a reasonable thresh-
old. If a match found, the original cartesian block number of the minutiae
point that belong to the candidate fingerprint template is used to reverse the
transformation of the minutiae point that belong to the original fingerprint
template. In this way, the original minutiae locations are recovered for the
matched minutiae points.
The recovered minutiae points for each of the cartesian blocks are gone
into the reed-solomon decoding process as explained in section 3.1.3, and a
resulting hash is generated. If the generated hash is the same as the hash
generated in the registration phase, then the fingerprint images match. Using
this hash value and the same symmetric algorithm used in the encryption,
encrypted private key is decrypted. Implementation code described in our
method is available for research purposes 1.
1http://bit.ly/cancellable-fingerprint-encryption
13
Figure 7: Key Recovery
3.2. Private Key Recovery
Cryptography in blockchain protocols are heavily based on public and pri-
vate key pairs. Since public key is open to public, key recovery in distributed
ledger technologies generally is about to private key recovery. Private key
theft and lost are one of the major problems exist in blockchain systems. As
explained in section 2.2.1, compromise of private key leads to losing owner-
ship of the assets associated with the private key.
3.2.1. Recovery using Shamir’s Secret Sharing Scheme
According to Shamir’s Secret Sharing (SSS) Scheme, data Dis divided
into npieces, and kpieces of Dcan reconstruct D, but even k−1 pieces
reveals no information about D[12]. By using this method, owners can
divide their secret into npieces and distribute them to ndifferent location.
Even if some pieces are lost, any kpieces will be sufficient to recover the
secret. SSS can be applied to recover a private key. In distributed digital
identity systems, there are actors named as stewards. They are trusted nodes
in network. Stewards’ services can be used as distributed pieces’ locations.
In our approach, we first create a symmetric key utilizing fingerprint data
of owner, and we encrypt private key with the symmetric key as detailed in
section 3.1. After encryption process, the encrypted output is split into n
pieces, and each of the pieces are distributed to different and secure locations
such as steward services. For recovery, any kof npieces will be sufficient
to recover the encrypted private key. After the encrypted private key was
recovered, the same symmetric key is regenerated using fingerprint and used
to decrypt the encrypted private key. The steps are depicted in Figure 7.
14
4. Related Work
Selecting appropriate biometric data to create key pairs in decentral-
ized digital blockchain identity is another issue that must be considered.
Researchers have investigated several biometric features in biometric based
cryptographic key generations [13].
There are very few studies that integrate biometric traits into RSA keys.
In his study, Je-Gyeong proposed a method for generating keys of digital
signature (public and private key) from biometric. Some others investigated
Iris texture as a biometric feature for generating cryptographic key. Rathgeb
and Andreas proposed an approach using bits of the iris code for deriving
biometric cryptographic key [14]. Janbandhu et.al derives signature keys
from the code generated by using the 512 byte iris biometric data invented
by the work done by J. Daugman [15]. Similarly, study by Boyen et al. also
considers the iris texture as biometric trait [16]. In the study by Sarkar et.
al, biometric authentication was used for obtaining asymmetric cryptography
keys [17].
Monrose et al. proposed a method using users’ voice as biometric trait
[18]. Their system regenerates the key from the user’s voice by asking the
user to repeat the same pass phrase. In the study by Chen and Chandran,
the image of user’s face was used in biometric key generation [19]. The same
face image is required for regeneration of the key in the future.
In the paper of Perera et. al, they propose a new technique that combines
digital signature with public key cryptography [20]. This new technique was
implemented for RSA and ECC algorithms. In the study of Lan et al., the
proposed algorithm was developed utilizing inner productions computation
with error correction mechanism [21].
In the study of Mjaaland et.al, public keys are extracted from users’ fin-
gerprints [22]. Another fingerprint that belong to the same user is processed
to generate private keys. The method is resilient to the variations in the
samples to generate the same resulting key.
Trotter proposes a fingerprint matching approach utilizing cartesian block
transformation with reed-solomon erasure coding [23]. In his study, reed-
solomon algorithm is performed on the entire original fingerprint template.
Also, in the reed-solomon decoding process exact locations of the original
minutiae points are recovered in contrast to our system in which we recover
only the hash of the original minutiae points.
In the study of Kwon et al, they also propose a digital signature based
15
on biometric data without holding them in hardware devices [24]. Studies
that are done on biometric creation were underway many years due to the
difficulties in achieving the uniformity of the biometric data from the noise.
In the study [25], they process biometric image first to provide the uniformity
of the unstable biometric traits. In biometric cryptosystems, images of the
biometric trait are taken and it is preprocessed. Then, using the preprocessed
image, minutiae of the biometric are extracted. Later, the image minutiae
points are transformed into a 1024 prime number generator to generate 2048
cryptographic key used in RSA chipper algorithm.
In the study of Kayva et. al, they claimed that if the face recognition
system for biometric affirmation is considered, then AES gives more sub-
lime security than RSA and DES [26]. To avoid problems from occurring
due to the certification authorities, identity based public key cryptography
and certificate-less PKI was also proposed [27]. The communication phase
between two peers has two phases. In the first phase (initialization phase),
users produce public keys from biometric data. In the second phase (au-
thentication and key agreement), they authenticates identities. Due to the
nature of the blockchain, there are no authorities to keep the certification.
Security and privacy are major concerns in biometric based cryptography.
Due to irrevocable nature of biometric traits, these systems must provide re-
vocability [28]. As biometric data are inherent, they cannot be changed if
compromised. Thus, in order to satisfy revocability of a generated key, bio-
metric data must not be directly associated with the biometric properties. As
shown in Figure 8, Ratha et al. proposed a fingerprint image surface folding
transformation approach that extract minutiae positions from fingerprint im-
age and generates cancelable biometric templates. Since biometric templates
are transformed, even when the data compromised, the original biometric
data cannot cross-matched with biometric databases. Similarly, Barman et
al. offered an approach using session-based biometric keys, meaning that
another unique key should be generated in a new session using the same
biometric data [29].
In some studies, researchers explored applying more than one biometric
traits instead of using only one biometric trait. Jagadeesan et al. proposed
multimodal biometric system that generates a 256-bit secure cryptographic
key using a combination of features from iris texture and minutiae points from
the user’s finger prints [13]. In the study of Manjunath et al., they propose
multimodal approach of biometric. For instance they use Iris and Fingerprint,
Speech and Signature, Face and Voice etc. In the study, Iris&fingerprint
16
Figure 8: Fingerprint image surface folding transformation [30]
modalities are used and evaluated under FAR, FRR and accuracy [31]. Also,
the study conducted by Yik-Herng proposes multi modal biometric systems
that combine iris and fingerprint with IFO hash fusion method [32]. Iris trait
is unique for each individual even for identical twins. Also, false acceptance
rate (FAR), the rate of invalid matches, is lower than all other biometric
traits like fingerprint and face. Voice trait is a composite of both behavioral
and physical biometrics. Behavioral part differentiates in time due to the
factors like medical conditions and age. In contrast to token or password-
based systems, biometric matching does not work well every time due to the
false matching or false mismatching.
Bhattacharyya et al. provided a review on biometric authentication tech-
nologies [33]. They found that fingerprint based systems had 2% FAR and
2% false reject rate (FRR). On the other hand, face recognition system re-
sulted in 1% FAR and 10% FRR. According to their study, Iris technologies
achieved the best accuracy score in both FAR and FRR with 0.94% and
0.99%, respectively. Similarly, when the comparison between the biomet-
ric traits are gone through the study of Deborah et al., they claimed that
iris recognition is the most suitable for mobile locking followed by finger-
print and face biometric data [34]. The results of the study of Yik-Herng
et al.showed that although the proposed method yields better results than
unimodal fingerprint biometric system, it does not perform as well as iris
recognition system [31]. However, the proposed method contributes to the
security aspect.
17
The study of Naser et al. also stated that indexing structure of iris surpass
indexing structure of fingerprint. According to their study, in multi-modal
approach, the hit rate was improved up to 99.8% from 97.0% and 98.3%
respectively for fingerprint and indexing [35]. We can conclude that the iris
biometric system appears to be slightly better in terms of accuracy than
the other biometric systems in which the fingerprint comes close the most.
Since asymmetric encryption (public key cryptography) is newer and more
secure than symmetric encryption techniques, during this study asymmetric
encryption techniques are used.
Smart card based biometric user authentication schemes have also been
proposed [36]. The biometric data and keys are stored in a smart card for
regeneration of keys in the future. However, smart card based approaches
have portability issues as carrying physical card is an additional burden. Also
if compromised, they pose security threats for biometric data. Fingerprint
technology provides very accurate results [30]. Also, Jain et. al claimed
that no biometric data is better than the other traits because all have own
strengths and weaknesses, and performance of biometric data selection re-
lated with the type of application [37]. However, the matching accuracy of
the fingerprint has been shown to be very high [38].
5. Conclusion
Through blockchain implementations, the dominance of central author-
ities are reduced. While this is positive for reducing the cost of providing
“trust” in the system, it increases the responsibility of the network partici-
pants on managing their keys. In blockchain, assets are locked to the public
key of the asset owner, and can only be unlocked for spending with associ-
ated private key (asymmetric cryptography.) In this study, we focused on
laying a foundation for securely encrypting and decrypting private keys used
in controlling asset ownership in blockchain using a symmetric key generated
from owner’s fingerprint, and a distributed private key recovery system uti-
lizing secret sharing scheme supported by biometric. We reviewed existing
solutions in this domain, and described problems persists in traditional pri-
vate key storage and recovery mechanisms in terms of security, usability and
privacy. Our methodology includes the concepts of revocable fingerprints
and erasure codes for key encryption, and distributed secret sharing scheme
for key recovery. As for future work, we aim to integrate proposed solution
on mobile applications with white-box cryptography.
18
References
[1] M. Turuani, T. Voegtlin, M. Rusinowitch, Automated verification of
electrum wallet, in: International Conference on Financial Cryptogra-
phy and Data Security, Springer, 2016, pp. 27–42.
[2] S. Nakamoto, et al., Bitcoin: A peer-to-peer electronic cash system.
[3] R. C. Merkle, Protocols for public key cryptosystems, in: Security and
Privacy, 1980 IEEE Symposium on, IEEE, 1980, pp. 122–122.
[4] A. Loera, Method of making, securing, and using a cryptocurrency wal-
let, uS Patent App. 14/178,234 (Aug. 13 2015).
[5] S. Foundation, Sovrin: What goes on the ledger?, Tech. rep., Sovrin
Foundation (2017).
[6] R. L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital
signatures and public-key cryptosystems, Communications of the ACM
21 (2) (1978) 120–126.
[7] D. Johnson, A. Menezes, S. Vanstone, The elliptic curve digital signature
algorithm (ecdsa), International journal of information security 1 (1)
(2001) 36–63.
[8] L. Hong, Y. Wan, A. Jain, Fingerprint image enhancement: algorithm
and performance evaluation, IEEE transactions on pattern analysis and
machine intelligence 20 (8) (1998) 777–789.
[9] M. Kawagoe, A. Tojo, Fingerprint pattern classification, Pattern recog-
nition 17 (3) (1984) 295–303.
[10] I. S. Reed, G. Solomon, Polynomial codes over certain finite fields, Jour-
nal of the society for industrial and applied mathematics 8 (2) (1960)
300–304.
[11] B. Beach, Backblaze open sources reed-solomon erasure coding source
code (2015).
[12] A. Shamir, How to share a secret, Communications of the ACM 22 (11)
(1979) 612–613.
19
[13] A. Jagadeesan, K. Duraiswamy, Secured cryptographic key generation
from multimodal biometrics: feature level fusion of fingerprint and iris,
arXiv preprint arXiv:1003.1458.
[14] C. Rathgeb, A. Uhl, Context-based biometric key generation for iris,
IET computer vision 5 (6) (2011) 389–397.
[15] P. K. Janbandhu, M. Y. Siyal, Novel biometric digital signatures for
internet-based applications, Information Management & Computer Se-
curity 9 (5) (2001) 205–212.
[16] X. Boyen, Y. Dodis, J. Katz, R. Ostrovsky, A. Smith, Secure remote
authentication using biometric data, in: annual international conference
on the theory and applications of cryptographic techniques, Springer,
2005, pp. 147–163.
[17] A. Sarkar, A. L. Abbott, Z. Doerzaph, Biometric authentication using
photoplethysmography signals, in: 2016 IEEE 8th International Con-
ference on Biometrics Theory, Applications and Systems (BTAS), 2016,
pp. 1–7. doi:10.1109/BTAS.2016.7791193.
[18] F. Monrose, M. K. Reiter, Q. Li, S. Wetzel, Cryptographic key genera-
tion from voice, in: Proceedings 2001 IEEE Symposium on Security and
Privacy. S&P 2001, IEEE, 2001, pp. 202–213.
[19] B. Chen, V. Chandran, Biometric based cryptographic key generation
from faces, in: 9th Biennial Conference of the Australian Pattern Recog-
nition Society on Digital Image Computing Techniques and Applications
(DICTA 2007), IEEE, 2007, pp. 394–401.
[20] K. Perera, H. Weerasinghe, Biometric signatures and elliptic curve cryp-
tography for internet based applications.
[21] N. T. H. Lan, T. Q. Duc, N. T. Hoan, A biometrics encryption key
algorithm to protect private key in biopki based security system, in:
2009 7th International Conference on Information, Communications and
Signal Processing (ICICS), IEEE, 2009, pp. 1–5.
[22] D. Gligoroski, S. J. Knapskog, Biocryptics: Towards robust biometric
public/private key generation bendik b. mjaaland.
20
[23] I. M. Trotter, Mapping fingerprints to unique numbers, Master’s thesis
(2007).
[24] T. Kwon, J.-i. Lee, Practical digital signature generation using biomet-
rics, in: International Conference on Computational Science and Its
Applications, Springer, 2004, pp. 728–737.
[25] N. Bansal, Enhanced rsa key generation using fingerprint biometric,
Ph.D. thesis, NIT, Jamshedpur (2018).
[26] R. Kavya, A. George, Survey on encryption approaches for secure face
biometrics, in: IOP Conference Series: Materials Science and Engineer-
ing, Vol. 396, IOP Publishing, 2018, p. 012028.
[27] X. Liu, W.-B. Lee, Q.-A. Bui, C.-C. Lin, H.-L. Wu, Biometrics-based
rsa cryptosystem for securing real-time communication, Sustainability
10 (10) (2018) 3588.
[28] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy, B. V. Kumar, Biometric
encryption, in: ICSA guide to Cryptography, Vol. 22, McGraw-Hill New
York, NY, 1999.
[29] S. Barman, D. Samanta, S. Chattopadhyay, Fingerprint-based crypto-
biometric system for network security, EURASIP Journal on Informa-
tion Security 2015 (1) (2015) 3.
[30] N. K. Ratha, J. H. Connell, R. M. Bolle, Enhancing security and privacy
in biometrics-based authentication systems, IBM systems Journal 40 (3)
(2001) 614–634.
[31] M. Manjunath, H. Kulkarni, Analysis of unimodal and multimodal bio-
metric system using iris and fingerprint, Perspectives in Communication,
Embedded-systems and Signal-processing-PiCES 2 (8) (2018) 333–337.
[32] Y.-H. Khoo, B.-M. Goi, T.-Y. Chai, Y.-L. Lai, Z. Jin, Multimodal bio-
metrics system using feature-level fusion of iris and fingerprint, in: Pro-
ceedings of the 2nd International Conference on Advances in Image Pro-
cessing, ACM, 2018, pp. 6–10.
[33] D. Bhattacharyya, R. Ranjan, F. Alisherov, M. Choi, et al., Biomet-
ric authentication: A review, International Journal of u-and e-Service,
Science and Technology 2 (3) (2009) 13–28.
21
[34] D. O. Y. Hui, K. K. Yuen, B. A. F. B. S. M. Zahor, K. L. C. Wei, Z. F.
Zaaba, An assessment of user authentication methods in mobile phones,
in: AIP Conference Proceedings, Vol. 2016, AIP Publishing, 2018, p.
020116.
[35] N. Damer, P. Terh¨orst, A. Braun, A. Kuijper, Fingerprint and iris multi-
biometric data indexing and retrieval, in: 2018 21st International Con-
ference on Information Fusion (FUSION), IEEE, 2018, pp. 2083–2090.
[36] T. C. Clancy, N. Kiyavash, D. J. Lin, Secure smartcardbased fingerprint
authentication, in: Proceedings of the 2003 ACM SIGMM workshop on
Biometrics methods and applications, ACM, 2003, pp. 45–52.
[37] A. K. Jain, A. Ross, S. Pankanti, Biometrics: a tool for information
security, IEEE transactions on information forensics and security 1 (2)
(2006) 125–143.
[38] D. Maltoni, D. Maio, A. K. Jain, S. Prabhakar, Handbook of fingerprint
recognition, Springer Science & Business Media, 2009.
22