Secret key-based Identification and Authentication with a Privacy Constraint

Abstract: We consider the problem of identification and authentication based on secret key generation from some user-generated source data (e.g., a biometric source). The goal is to reliably identify users pre-enrolled in a database as well as authenticate them based on the estimated secret key while preserving the privacy of the enrolled data and of the generated keys. We characterize the optimal tradeoff between the identification rate, the compression rate of the users' source data, information leakage rate, and secret key rate. In particular, we provide a coding strategy based on layered random binning which is shown to be optimal. In addition, we study a related secure identification/authentication problem where an adversary tries to deceive the system using its own data. Here the optimal tradeoff between the identification rate, compression rate, leakage rate, and exponent of the maximum false acceptance probability is provided. The results reveal a close connection between the optimal secret key rate and the false acceptance exponent of the identification/authentication system.