Fans of ‘Where’s Waldo?’ can simply hide in the masses. But hiding your data needs cryptography. | Photo: William Murphy / Wikimedia Commons

Whether we’re shopping online or logging in for work, every day we have to prove to some server or other that we’re really the person we claim to be. It has to check whether we’re the true owner of the bank account we claim to have, or whether we have the right to access confidential information. Biometric authentication is a popular means of achieving this: your thumbprint on a smartphone, for example, can suffice to make a payment or display your payslip.

It’s practical. You can’t simply forget your thumbprint like you can a password. And stealing it isn’t easy either. “The sensors involved have ‘liveness detection’ as it’s called, otherwise you could just stick a copied print onto your thumb”, says Julia Hesse. She works at IBM Research Zurich and is researching into how biometric authentication can be enabled without the other party receiving personal information: ‘zero-knowledge proof’, as it’s called by the experts.

The goal is to be able to check a fingerprint without knowing the fingerprint. “Let’s play a game”, says Hesse. “I’ll provide evidence, and you have to check it”, at which she pulls out a picture from the ‘Where’s Waldo?’ series. In these picture books, you have to find the guy with the red-and-white striped jumper among a huge number of other figures. “I’ll prove to you that I know where Waldo is without having to tell you his location”. The trick is simple: Hesse covers the picture with a large piece of cardboard with a hole in it. Waldo can be recognised clearly through the hole, but his actual location in the picture remains hidden behind the cardboard.

Biometric authentication isn’t yet that advanced. Information is stored in a so-called Trusted Execution Environment (TEE), which is a particularly secure area of your smartphone. If it’s ever hacked, the thumbprint stored there will be unusable as a password for the rest of your life.

Various methods are currently being tested with the aim of making it unnecessary for us to reveal our thumbprint even to our own smartphone. For example, an image of it could be changed so that it looks random – this is called ‘hashing’. These techniques are now standard procedure for passwords. But unlike a password, “a fingerprint can look slightly different, depending on the health of the person, their location, the weather and so on”, says Serge Vaudenay, a cryptographer at EPFL. So further research is needed into this. According to Vaudenay, however, there is always a residual risk that a person might be confused with another, or that the right person won’t be recognised. Another challenge is how to protect hashing against attacks from quantum computers. In contrast, passwords today are already quantum-safe.

Boarding a plane without a passport

But let’s get back to Hesse and her team. They have now developed a completely different method for protecting our privacy. This can be useful when boarding an aeroplane, for example, when the authorities have to check whether we are really the owner of the ticket we’re holding. Today, we need a passport containing both our photo and information such as our name, date of birth and height. Hesse’s team wants to replace passports with a smart card that contains only a photo and a number. An algorithm can then check whether the smartcard and the ticket belong together. Staff at the airport can use the photo to verify the rightful owner.

“We’ve found an efficient solution”, says Hesse, who is quite convinced of their discovery. Her team is busy every day, observing what thousands of cryptographers around the world are developing. They hold weekly video conferences in which they themselves tinker with new ideas that they later have to prove mathematically. “I recommend waiting a while after publication before implementing a method in practice”, says Hesse. During this time, the cryptography community may find weaknesses in it. This is why secrecy is not a security feature for a cryptographic method. Vaudenay generally approves of Hesse’s research approach, though he has a caveat: “All these methods have their advantages and disadvantages, and security is never 100 percent guaranteed”.