Biometrics as private key?

[seoincorporation]

Since some weeks ago i have been thinking about this topic, and couldn't find anything about it. So, lets start a discussion here.

What do you think about the idea of using biometrics as private key? A lot of laptops have a fingerprint reader, and it would be an interesting project to use it to sign transactions.

On the technical side i have some doubts because i don't think a finger reader will always return the same result. And this way is complex to make from our finger print a private key.

If some how we could always get the same result from the finger reader we could make from that result a brain wallet. That how it should work.

And the main problem is that we can lose the finger and in that scenario our cryptos will be gone.

So, what do you think about this idea?

[PawGo]

Since some weeks ago i have been thinking about this topic, and couldn't find anything about it. So, lets start a discussion here.

It is interesting concept, but it moves discussion into completely different direction. First, we should answer the question if private key (and/or access to it) should be personal or should it be transferrable. And another question is if current technology is secure enough. For example, read that article:
https://medium.com/hackernoon/demystifying-apples-touch-id-4883d5121b77
It describes how Touch ID is designed. You may ask question - what you really want to rely on: do you want hardware/software from a given producer to tell you if you have access to the private key or do you want to have reliable solution which produce always the same result for a given fingerprint. I assume that each time you scan (add) your fingerprint into system you must be sure the generated hash will be the same - otherwise you cannot access your "wallet" on the new device (or after factory reset).

[o_e_l_e_o]

So, what do you think about this idea?

Bad idea for a variety of reasons.

The first reason has been touched on above. Biometric scanners, be they fingerprint scanners, face scanners, eye/iris/retinal scanners, etc., do not produce the exact same image each time. They compare what they scan to the initial scan when you first set it up, and if similar enough, will unlock. "Similar enough" is not good enough for a private key. Even the slightest difference results in a different wallet and lost coins. Even if you managed to overcome this, then the second issue is that biometrics are not secure. They are not secure enough to protect a phone or a laptop; they are definitely not secure enough to protect your private key. You leave your fingerprints on everything that you touch, and they can be lifted and cloned without much difficulty. Face and eye scanners can be fooled with pictures, or with 3D prints made from pictures.

So the end result is either a private key it is near impossible to recover, or a private key which can be easily attacked.

[hZti]

The only thing that I can think of is a hardware wallet that can be unlocked with your fingerprint. The wallet must still contain the private key that is not based on your fingerprint, since you can loose your finger or the reader gives a slightly different reading. For other applications I can't really see a fingerprint as a good option. Maybe you could scan your eye to get a private key, since that can not be easily done in public by an attacker (I think at least).

[Mkelgodson]

Fingerprint can always return same result 99% since it does not change throughout life. The main consideration is it safety for the purpose. As already pointed out, using biometrics for private key would mean when the person dies, there is no access to assets because it can't be passed to a beneficiary. Additionally, as noted already, we touch surfaces of furnitures and walls which leaves fingerprints that can be reproduced and used to gain access to wallet.

[NotATether]

So the end result is either a private key it is near impossible to recover, or a private key which can be easily attacked.

I generally discourage people from using brainwallets and their derivatives because it has a secret that can be compromised much more quickly than if it was generated using random bytes.

[bittraffic]

Since some weeks ago i have been thinking about this topic, and couldn't find anything about it. So, lets start a discussion here.

What do you think about the idea of using biometrics as private key? A lot of laptops have a fingerprint reader, and it would be an interesting project to use it to sign transactions.

On the technical side i have some doubts because i don't think a finger reader will always return the same result. And this way is complex to make from our finger print a private key.

If some how we could always get the same result from the finger reader we could make from that result a brain wallet. That how it should work.

And the main problem is that we can lose the finger and in that scenario our cryptos will be gone.

So, what do you think about this idea?

You already pointed out one of the problems when it comes to biometrics. Losing a finger like a criminal cut it off because he wants to open your account? Terrible scenario.

Security is always been an issue but at the same time, people also want to give access to thier family members whenever they end up dead one morning which biometrics I guess can solve this. The private key however is just unprecedented.  Until no one ever has seen your private key, everything is safe.

[fxsniper]

I think Biometrics it does not work for now
my experience with chean finger scan time attendance
it is an possible to duplicate Biometrics
I copy database finger scan to new one finger scan found someone is duplicating with other people

[NeuroticFish]

And the main problem is that we can lose the finger and in that scenario our cryptos will be gone.

Even burning your finger can get your funds inaccessible for a while.
Even more, fingerprints and other biometrics can be copied as well. Also there were already stories about people getting their funds stolen after taking drugs.

Also keep in mind that the private key is after all only a number (from an overly big interval). It could be implemented to get from your fingerprint to a private key, in a way or another (just look at Weird Bitcoin wallets, for example). But it's far from safe.

[fxsniper]

burning finger or can not scan finger scan is happening often, HR department know
finger accident from work and someone's fingerprint is thin can not scan

problem is no algorithm that can convert Biometrics to mathematics or vectors for use with a digital print that is stable and correct 100%
Biometrics still unstable
Another problem is devices for scanning no standard or use what device for standard like finger scan in iPhone and android is difference

maybe it will very large privatekey over 100000bit can store data
and it dangerous if hackers can copy it, privatekey still can change to use another one key never use but Biometrics can not change it

[witcher_sense]

Bad idea for a variety of reasons.

The first reason has been touched on above. Biometric scanners, be they fingerprint scanners, face scanners, eye/iris/retinal scanners, etc., do not produce the exact same image each time. They compare what they scan to the initial scan when you first set it up, and if similar enough, will unlock. "Similar enough" is not good enough for a private key. Even the slightest difference results in a different wallet and lost coins. Even if you managed to overcome this, then the second issue is that biometrics are not secure. They are not secure enough to protect a phone or a laptop; they are definitely not secure enough to protect your private key. You leave your fingerprints on everything that you touch, and they can be lifted and cloned without much difficulty. Face and eye scanners can be fooled with pictures, or with 3D prints made from pictures.

So the end result is either a private key it is near impossible to recover, or a private key which can be easily attacked.

I agree with what you have said: using fingerprints or other biometric traits is, at best, a highly insecure approach to generating private keys, let alone the fact that biometric scanners differ significantly in functionality and reliability, which may result in different interpretations of the same biometric data and thus loss of funds, or may cause mental or emotional disorders in cryptocurrency users relying on such devices and questionable cryptographic schemes. But the authors of the following paper Two-factor-based RSA key generation from fingerprint biometrics and password for secure communication claim they have found a solution to the problems you outlined. Although it focuses on RSA, the same principles can be applied to ECDSA, I will quote from "Abstract" section here:

Abstract

In an asymmetric-key cryptosystem, the secure storage of private keys is a challenging task. This paper proposes a novel approach for generating the same public and private key pair on a need basis. Hence, the need for secure storage of the private key is done away with. The proposed approach for generating the key pair is based on two factors: fingerprint biometrics and password. A stable binary string is generated from the distances among pairs of minutiae points in a fingerprint using a gray code-based method. Experiments show that gray code representation significantly reduces the number of inconsistencies between the generated bit strings from two instances of the same fingerprint as against the binary code representation. Hence, the Reed–Solomon error correction code successfully corrects errors due to variations in multiple instances of the same fingerprint to induce stability in the generated string. Hash of the stable string generated from the fingerprint and the string generated from hashed password are XORed to derive a stable seed value. The proposed approach uses this seed value to generate two large prime numbers. These prime numbers are used to generate the public and private key pair using the RSA key generation method. This seed value ensures the generation of the same key pair every time. The experimental results show that the proposed approach can ensure a stable generation of the key. It is not required to store either the fingerprint template or the password. Moreover, the generated private key is also not stored. It can be regenerated on a need basis.

[o_e_l_e_o]

But the authors of the following paper Two-factor-based RSA key generation from fingerprint biometrics and password for secure communication claim they have found a solution to the problems you outlined.

I've had a quick read of the paper, and while I am no expert on the subject by any means, I remain unconvinced.

The basis for their method is to detect various minutiae points on your fingerprint, calculate the Euclidean distance between these points, sort the distances in ascending order, and then concatenate them all. I don't know if I'm missing something, but arranging a set of numerical strings in ascending order does not exactly provide a good source of entropy. They also say their Reed-Solomon correction code can correct up to 20 bits of error, which sounds great except it also means an attacker can be far less accurate than they need to be the Reed-Solomon code will correct their inaccuracies to a significant degree. And their whole system still requires a memorized password (brain wallet) to XOR the fingerprint derived string with, since fingerprints are easily obtained by an attacker.

[seoincorporation]

One security concern that haven't mentioned yet is more government and workplace demand your biometric data. There could be serious damage damage if there's data breach or malicious insider.

You i right in this point, i forget that Govermnet, Banks and Tax Department already has our Biometrics. And that would compromise our private keys.

So, while more i read your answers i realize how bad was this idea, the concept is really cool, even cyberpunk, but is totally insecure.

Now we can use Biometrics to unlock a wallet, that's should be an easy task, we only need to activate the finger print to access for X user, then assign the wallet to that user (On linux). But that is totally different than use the finger to sign a transaction 

[witcher_sense]

I've had a quick read of the paper, and while I am no expert on the subject by any means, I remain unconvinced.

The basis for their method is to detect various minutiae points on your fingerprint, calculate the Euclidean distance between these points, sort the distances in ascending order, and then concatenate them all. I don't know if I'm missing something, but arranging a set of numerical strings in ascending order does not exactly provide a good source of entropy. They also say their Reed-Solomon correction code can correct up to 20 bits of error, which sounds great except it also means an attacker can be far less accurate than they need to be the Reed-Solomon code will correct their inaccuracies to a significant degree. And their whole system still requires a memorized password (brain wallet) to XOR the fingerprint derived string with, since fingerprints are easily obtained by an attacker.

I am also not an expert in this field, but I think you got right the idea proposed in the mentioned research paper. They state literally that "obtaining a stable key string from fingerprint biometrics is the main objective of this proposed work" and "a consistent set of minutiae points must be used for key string generation," and, in my view, "stable" in this case means "deterministic" or "recalculation-friendly" rather than "random". This stable key is essentially an output of the SHA256 function to which a specific argument is sent, namely a binary string generated from your fingerprint using some sophisticated techniques aimed at making a string more friendly to error correction. Given that the resulting string is neither random nor secure, there needs to be added some random factor, which in this case is a user-generated password. To generate a second string (the first was a "stable" string from fingerprint), you calculate the SHA256 hash of your password and salt (salt is derived from the password itself using iterative hashing for 10000 times) and then XOR these two strings (hash of the password and salt) to calculate final hash of the password. Further, you XOR the string from the fingerprint and the final hash of the password to calculate the seed. Your seed is as secure as the password you used as an input because the whole process is deterministic and the fingerprint is relatively easily obtainable by a potential attacker. Yeah, this is basically a very sophisticated method to create a brain wallet.

[ABCbits]

One security concern that haven't mentioned yet is more government and workplace demand your biometric data. There could be serious damage damage if there's data breach or malicious insider.

You i right in this point, i forget that Govermnet, Banks and Tax Department already has our Biometrics. And that would compromise our private keys.

But in such case, you should worry more about identity theft which could be more harmful than losing your Bitcoin.

So, while more i read your answers i realize how bad was this idea, the concept is really cool, even cyberpunk, but is totally insecure.

Don't forget term "cyberpunk" usually associated with bad / dystopian future .

Given that the resulting string is neither random nor secure, there needs to be added some random factor, which in this case is a user-generated password.

At this point, people should consider using regular Bitcoin wallet which is easier to create, backup and restore.

[aysg76]

Bad idea for a variety of reasons.

The first reason has been touched on above. Biometric scanners, be they fingerprint scanners, face scanners, eye/iris/retinal scanners, etc., do not produce the exact same image each time. They compare what they scan to the initial scan when you first set it up, and if similar enough, will unlock. "Similar enough" is not good enough for a private key. Even the slightest difference results in a different wallet and lost coins. Even if you managed to overcome this, then the second issue is that biometrics are not secure. They are not secure enough to protect a phone or a laptop; they are definitely not secure enough to protect your private key. You leave your fingerprints on everything that you touch, and they can be lifted and cloned without much difficulty. Face and eye scanners can be fooled with pictures, or with 3D prints made from pictures.

So the end result is either a private key it is near impossible to recover, or a private key which can be easily attacked.

There are some risk associated with the biometrics as you have mentioned and you are right on the part that the current technology is still in advancement stage and complete recognition is not there and they scan almost near and if it matches you are good to go.There are other problems also like what if there's skin allergy that could slightly affect your skin part and damage it so how in that case you would overcome this problem and your wallet keys will be different? In old age the fingerprint remain the same but there are chances that there could be slight change in them which could restrict us from using the wallet.

Second case is if the technology is implemented then we know how many places our biometrics are in contact with and same thing will be known by the hackers and other also that you can generate keys with the fingerprint of one person and they have different ways of copying the same like with liquid silicon and many ways to make computerised fingerprint so I aslo think it's not safe this way and should be avoided.

[PawGo]

Honestly speaking I see no place where biometrics may be used in sensible way as a way to authenticate user.
As a source of entropy? Maybe. But then it cannot be the only parameter, as results would be (to some extend) repeatable.
As a additional phrase /extra password/ for previously generated seed? Then again, results are repeatable.
Using as a method of authorization - nothing new, it is just a one more layer on wallet level (for software, I am not aware of any hardware wallet with fingerprint reader), not on low-level (private key generation).

[PrivacyG]

What happens if you lose the finger you used to 'log in' to your Bitcoin wallet?  There are so many ways you could lose a finger.  In fact, it is enough that something happens to the tip of your finger and you are screwed.

Secondly.  If I had the information that you are holding Bitcoins, I could take you hostage and forcefully strip your wallet out of your coins.  Things can get worse.  You can never prove it was not you who moved the money from your wallet.

Third point.  If you are arrested, they could forcefully use your fingertip to gain access to your funds.  This is as bad as using fingerprint login for a phone containing sensitive information.  For example, I think it is an incredibly bad idea to have this kind of phone security as a journalist.  You could always be a target and if they want to see what is inside your phone, there are so many ways they could force you to open it without your consent.

Now going back to the things that could happen without a bad actor in the middle.  You could chop off a small part of your fingertip and there goes your entire wallet.  Or you could have an accident and your face will not get recognized anymore.  Or you could lose an eye.  And so many other things.  To me it is a big, big no.

There are so many things that could go wrong.  Imagine 70% of the world population had Bitcoin and login using biometrics became as popular as fingerprint lock became for today's Smartphones.  This could become a widely occurring crime.  Why would we give up security and safety for comfort?

-
Regards,
PrivacyG

[DaveF]

IMO the issue comes back to what amount.
The amount is going to vary based on person and location and a lot of other factors.
I don't care that I have a couple of hundred dollars in my hot wallet on my phone. The phone is worth more. So if I had a HW wallet that had a few hundred dollars in it that just used fingerprint ID then yes that would be fine by me. It's insecure BUT convenient. No pin, no nothing. Just plug it into the PC open electrum create a transaction and put my finder on the sensor to send would be fine.

Would I store 1000s of dollars on there? No.
$750? possibly depending on how long I think it would be there.
$500 most likely
$300, sure why not. It would suck to loose it, but I have missed deals because I had to get my HW wallet and access to another device for multisig so that is always a factor.

-Dave

[seoincorporation]

What happens if you lose the finger you used to 'log in' to your Bitcoin wallet?  There are so many ways you could lose a finger.  In fact, it is enough that something happens to the tip of your finger and you are screwed.

Secondly.  If I had the information that you are holding Bitcoins, I could take you hostage and forcefully strip your wallet out of your coins.  Things can get worse.  You can never prove it was not you who moved the money from your wallet.

Third point.  If you are arrested, they could forcefully use your fingertip to gain access to your funds.  This is as bad as using fingerprint login for a phone containing sensitive information. 

All this apply to the phone, and that doesn't stop people to hold their bitcoins in the phone. I know that's a terrible practice but people still doing it. And i have seen some worst scenarios where people lose their phones and the 2fa with it losing access to exchanges and wallets.

IMO the issue comes back to what amount.
...

Would I store 1000s of dollars on there? No.
$750? possibly depending on how long I think it would be there.
$500 most likely
$300, sure why not. It would suck to loose it, but I have missed deals because I had to get my HW wallet and access to another device for multisig so that is always a factor.

I like this point, we could use biometrics as a hot wallet without risking all our founds.