Privacy Preserving Biometric Authentication on the blockchain for smart healthcare

Privacy Preserving Biometric Authentication (PPBA) schemes are designed for anonymous authentication of patients to protect patient's privacy in accessing healthcare services. Recently, blockchain technology in healthcare has emerged as a new research area to provide tamper-resistance and non-repudiation in e-health systems. One aspect of this research could lead to blockchain-based secure biometric identification for smart healthcare, which may face the paradox of anonymous biometric authentication on public blockchains. In this paper, we describe an efficient, fully anonymous and GDPR-compliant PPBA protocol built into the blockchain of any privacy coin such as Monero. The new protocol provides encrypted offline storage and processing in the encrypted domain. The infrastructure necessary for the online authentication is outsourced to the public blockchain that provides integrity of its data. In addition to auditing capabilities for misbehaving entities, the new system reduces the number of transactions necessary for authentication and enables revocation of biometric identities. We provide new PPBA schemes both for set difference/overlap and Euclidean distance metrics without using bilinear pairings, where the former leads to an efficient solution to the compatibility for organ transplant. We limit the generation of encrypted templates for public testing even if biometric/health data is of low min-entropy. Due to the anonymity of the cryptocurrency, we break the link between the stealth address of an authenticating user and its biometrics. We describe the user and identity privacy notions independent of the underlying privacy coin and guarantee the security of our proposal in the framework of those generic notions. Finally, we simulate the new proposal on Monero blockchain and analyze the transaction fees required for hill climbing attacks. The results show that our design leads to a natural hindrance against these attacks that could be successful even if the templates are stored as encrypted. To the best of our knowledge, this is the first efficient blockchain-based PPBA scheme that exhibits a punishment against hill climbing attacks through transaction fees. (C) 2022 Elsevier B.V. All rights reserved.