Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces
IntroductionHomomorphic encryption (HE) enables privacy-preserving face recognition by allowing encrypted facial embeddings to be compared without decryption. While efficient, these systems often reveal comparison scores in plaintext, introducing a security risk. Revealing these scores can potential...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Frontiers Media S.A.
2025-05-01
|
| Series: | Frontiers in Imaging |
| Subjects: | |
| Online Access: | https://www.frontiersin.org/articles/10.3389/fimag.2025.1476377/full |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850189773743849472 |
|---|---|
| author | Amina Bassit Amina Bassit Florian Hahn Zohra Rezgui Hatef Otroshi Shahreza Hatef Otroshi Shahreza Raymond Veldhuis Raymond Veldhuis Andreas Peter Andreas Peter |
| author_facet | Amina Bassit Amina Bassit Florian Hahn Zohra Rezgui Hatef Otroshi Shahreza Hatef Otroshi Shahreza Raymond Veldhuis Raymond Veldhuis Andreas Peter Andreas Peter |
| author_sort | Amina Bassit |
| collection | DOAJ |
| description | IntroductionHomomorphic encryption (HE) enables privacy-preserving face recognition by allowing encrypted facial embeddings to be compared without decryption. While efficient, these systems often reveal comparison scores in plaintext, introducing a security risk. Revealing these scores can potentially allow adversaries to reconstruct sensitive facial embeddings and infer demographic attributes, thus compromising user privacy.MethodsThis work proposes a training-less face template recovery attack leveraging the Lagrange multiplier optimization method. The attack requires only a small set of randomly generated synthetic facial images and their associated comparison scores with a target template. The method assumes attackers use spoofed synthetic faces and lack direct access to the face recognition system, aligning with real-world threat models.ResultsExperimental evaluation demonstrates the feasibility and effectiveness of the proposed attack. It shows that between 50 and 192 comparison scores and synthetic images are sufficient to recover the target face template with 100% success under strict system thresholds. The recovered templates closely resemble the original and retain identifiable soft biometric traits.DiscussionThe findings reveal a critical vulnerability in face recognition systems employing inner product similarity measures under homomorphic encryption. Even without system access or training data, attackers can exploit leaked comparison scores to compromise facial privacy. The study underscores the need to reassess how score leakage is handled in encrypted recognition systems and explore stronger protection mechanisms against template reconstruction. |
| format | Article |
| id | doaj-art-c1e5dacc0f3c4a95acda8990430d3e26 |
| institution | OA Journals |
| issn | 2813-3315 |
| language | English |
| publishDate | 2025-05-01 |
| publisher | Frontiers Media S.A. |
| record_format | Article |
| series | Frontiers in Imaging |
| spelling | doaj-art-c1e5dacc0f3c4a95acda8990430d3e262025-08-20T02:15:32ZengFrontiers Media S.A.Frontiers in Imaging2813-33152025-05-01410.3389/fimag.2025.14763771476377Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic facesAmina Bassit0Amina Bassit1Florian Hahn2Zohra Rezgui3Hatef Otroshi Shahreza4Hatef Otroshi Shahreza5Raymond Veldhuis6Raymond Veldhuis7Andreas Peter8Andreas Peter9Department of Computer Science and Engineering, Michigan State University, East Lansing, MI, United StatesData Management & Biometrics and Semantics, Cybersecurity & Services, University of Twente, Enschede, NetherlandsData Management & Biometrics and Semantics, Cybersecurity & Services, University of Twente, Enschede, NetherlandsData Management & Biometrics and Semantics, Cybersecurity & Services, University of Twente, Enschede, NetherlandsBiometrics Security & Privacy Group, Idiap Research Institute, Martigny, SwitzerlandSchool of Engineering, Ecole Polytechnique Fédérale de Lausanne (EPFL), Lausanne, SwitzerlandData Management & Biometrics and Semantics, Cybersecurity & Services, University of Twente, Enschede, NetherlandsDepartment of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, NorwayData Management & Biometrics and Semantics, Cybersecurity & Services, University of Twente, Enschede, NetherlandsSafety-Security-Interaction Group, Carl von Ossietzky Universität Oldenburg, Oldenburg, GermanyIntroductionHomomorphic encryption (HE) enables privacy-preserving face recognition by allowing encrypted facial embeddings to be compared without decryption. While efficient, these systems often reveal comparison scores in plaintext, introducing a security risk. Revealing these scores can potentially allow adversaries to reconstruct sensitive facial embeddings and infer demographic attributes, thus compromising user privacy.MethodsThis work proposes a training-less face template recovery attack leveraging the Lagrange multiplier optimization method. The attack requires only a small set of randomly generated synthetic facial images and their associated comparison scores with a target template. The method assumes attackers use spoofed synthetic faces and lack direct access to the face recognition system, aligning with real-world threat models.ResultsExperimental evaluation demonstrates the feasibility and effectiveness of the proposed attack. It shows that between 50 and 192 comparison scores and synthetic images are sufficient to recover the target face template with 100% success under strict system thresholds. The recovered templates closely resemble the original and retain identifiable soft biometric traits.DiscussionThe findings reveal a critical vulnerability in face recognition systems employing inner product similarity measures under homomorphic encryption. Even without system access or training data, attackers can exploit leaked comparison scores to compromise facial privacy. The study underscores the need to reassess how score leakage is handled in encrypted recognition systems and explore stronger protection mechanisms against template reconstruction.https://www.frontiersin.org/articles/10.3389/fimag.2025.1476377/fullhomomorphic encryptiontemplate recoverybiometric template protectioninner product-based scorebiometric recognitionsynthetic facial images |
| spellingShingle | Amina Bassit Amina Bassit Florian Hahn Zohra Rezgui Hatef Otroshi Shahreza Hatef Otroshi Shahreza Raymond Veldhuis Raymond Veldhuis Andreas Peter Andreas Peter Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces Frontiers in Imaging homomorphic encryption template recovery biometric template protection inner product-based score biometric recognition synthetic facial images |
| title | Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces |
| title_full | Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces |
| title_fullStr | Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces |
| title_full_unstemmed | Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces |
| title_short | Template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces |
| title_sort | template recovery attack on encrypted face recognition systems with unprotected decision using synthetic faces |
| topic | homomorphic encryption template recovery biometric template protection inner product-based score biometric recognition synthetic facial images |
| url | https://www.frontiersin.org/articles/10.3389/fimag.2025.1476377/full |
| work_keys_str_mv | AT aminabassit templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT aminabassit templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT florianhahn templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT zohrarezgui templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT hatefotroshishahreza templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT hatefotroshishahreza templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT raymondveldhuis templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT raymondveldhuis templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT andreaspeter templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces AT andreaspeter templaterecoveryattackonencryptedfacerecognitionsystemswithunprotecteddecisionusingsyntheticfaces |