Information leakage in fuzzy commitment schemes

T. Ignatenko, F.M.J. Willems

Research output: Contribution to journalArticleAcademicpeer-review

99 Citations (Scopus)
529 Downloads (Pure)


In 1999, Juels and Wattenberg introduced the fuzzy commitment scheme. This scheme is a particular realization of a binary biometric secrecy system with chosen secret keys. It became a popular technique for designing biometric secrecy systems, since it is convenient and easy to implement using standard error-correcting codes. This paper investigates privacy- and secrecy-leakage in fuzzy commitment schemes. The analysis is carried out for four cases of biometric data statistics, i.e., memoryless totally symmetric, memoryless input-symmetric, memoryless, and stationary ergodic. First, the achievable regions are determined for the cases when data statistics are memoryless totally symmetric and memoryless input-symmetric. For the general memoryless and stationary ergodic cases, only outer bounds for the achievable rate-leakage regions are provided. These bounds, however, are sharpened for systematic parity-check codes. Given the achievable regions (bounds), the optimality of fuzzy commitment is assessed. The analysis shows that fuzzy commitment is only optimal for the memoryless totally symmetric case if the scheme operates at the maximum secret-key rate. Moreover, it is demonstrated that for the general memoryless and stationary ergodic cases, the scheme leaks information on both the secret and biometric data.
Original languageEnglish
Pages (from-to)337-348
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Issue number2
Publication statusPublished - 2010


Dive into the research topics of 'Information leakage in fuzzy commitment schemes'. Together they form a unique fingerprint.

Cite this