Explainer: What is biometric hashing?

The quest to make biometric data private and secure has led to the development of biometric hashing.  Hashing is a one-way process in which an algorithm called a cryptographic hash function takes an input of any size and converts it to a fixed-size alphanumeric output, called a hash value or hash – a distinct string of random characters. For example:

9cfa1e69f507d007a516eb3e9f5074e2

Hashing can be used to protect passwords, documents, digital signatures and other sensitive information. In the case of a biometric hash, the source input is biometric data such as a face, fingerprint, iris or palm scan.

Unlike a biometric template, which is an encrypted but decodable representation of biometric features, a biometric hash can’t be reverse-engineered to recover the source data. Reversing a biometric hash is computationally impractical, at least for now. As such, a breach of biometric hashes would be practically useless to a fraudster looking to commit identity theft.

To authenticate with hashed biometrics, a system compares the hash of a provided biometric to the stored hash. There are no stored biometrics involved in the authentication.

A paper published in Science Direct by researchers at the South China University of Technology’s School of Computer Science and Engineering in Guangzhou says that “in order to achieve high recognition accuracy, most hashing methods align the similarities between hash codes in the hash space with the similarities between biometric samples in the original space through matrix mapping or learning-based methods, which we call relation preserving.”

Hash functions are meant to be fast, with low computational costs and high storage efficiency.  Good ones should never produce the same hash from two different inputs – called a “collision.”

There are a variety of cryptographic hashing algorithms. Popular ones include MD5 (a 128-bit hash function); the SHA-2 family including SHA-56 (which produces a 256 bit hash); SHA-3, an update to SHA-2; BLAKE 2, designed to be faster than MD5 and SHA-2; and Whirlpool, which based on the advanced encryption standard (AES) and produces a 512-bit hash.

Article Topics

biometric data  |  biometric hash  |  biometrics  |  data privacy  |  data protection