Asymmetric Enroll-Verify Structure

Updated 19 December 2025

The paper demonstrates that asymmetric enroll-verify structure decouples heavy enrollment from lightweight verification, optimizing resource use without sacrificing accuracy.
It utilizes detailed joint training and embedding alignment techniques to bridge the gap between complex server-side computations and real-time on-device processing.
Applications span speaker verification, match-on-card biometrics, image retrieval, and quantum cryptography, with empirical results showing up to a 25% reduction in error rates.

An asymmetric enroll-verify structure is a system architecture in which enrollment (template or reference generation) and verification (probe matching) are implemented using different models, algorithms, or computational resources. This paradigm addresses constraints in modern authentication, verification, and retrieval systems, enabling computational efficiency during high-frequency verification while leveraging high-accuracy or resource-intensive techniques during the infrequent enrollment phase. This structure applies across modalities including speaker verification (Lin et al., 2021), biometric match-on-card (Ganmati et al., 17 Oct 2025), image retrieval (Wu et al., 1 Mar 2024), and position-based quantum cryptography (Nadeem, 2014).

1. Conceptual Principles and Motivation

Traditional (symmetric) enroll-verify systems apply identical models for both enrollment and verification. This symmetry produces a computational trade-off: the desire for device efficiency suggests smaller models, yet these degrade overall system accuracy or security (Lin et al., 2021). Asymmetric architectures address this by decoupling the two phases:

Enrollment (Enroll): Performed infrequently and often on servers or provisioning infrastructure with relaxed latency and ample computation. A large, accurate model or algorithm computes the reference template.
Verification (Verify): Performed frequently, commonly on resource-constrained devices requiring fast, lightweight operations. A compact model or algorithm computes the probe representation, which is compared to the stored reference.

By selective assignment of computational burden, asymmetric structures can maintain strong accuracy or security guarantees at verify-time device budgets, without system-wide computational inflation.

2. Asymmetric Enroll-Verify Realizations

Speaker Verification

In speaker verification (Lin et al., 2021), the asymmetric framework uses a large-scale ECAPA-TDNN (“L-Model”) for enrollment embedding extraction, and a small-scale ECAPA-TDNNLite (“S-Model”) for verification. Let $x$ be an input utterance:

Enrollment mapping: $e = f_e(x_\text{enroll})$ (L-Model)
Verification mapping: $v = f_v(x_\text{verify})$ (S-Model)

The two models are joint-trained with a space-alignment (AP) loss:

$L_{AP} = -\frac{1}{B}\sum_{i=1}^B \log \frac{\exp\big(w\cos\theta_{i,i}\big)} {\sum_{j=1}^B \exp\big(w\cos\theta_{i,j}\big)} \ \ \ (w=32)$

where $\cos\theta_{i,j}$ measures similarity between enrollment embedding $e_i$ and verification embedding $v_j$ .

ISO/IEC-Compliant Match-on-Card

An asymmetric structure underpins modern match-on-card biometric systems (Ganmati et al., 17 Oct 2025). Off-card, powerful float-embedding compressions combine PCA projection and ITQ rotation to generate compact 64/128-bit binary templates ( $b_\text{enr}$ ). These are then enrolled to the smart card—on-card, only a constant-time Hamming distance is computed between $b_\text{prb}$ and $b_\text{enr}$ , subject to a privacy-safe, fixed-length APDU protocol:

$D_H = \sum_{k=1}^L (b_\text{prb}[k] \oplus b_\text{enr}[k])\,, ~~~~ \text{Accept if}~ D_H \leq \tau$

Asymmetric Image Retrieval

Modern image retrieval applies a large, server-side gallery model ( $\phi_g$ ) for enrollment (IVFADC, Faiss), producing gallery features, and a lightweight query model ( $\phi_q$ ) at verification (Wu et al., 1 Mar 2024). Structure similarity preservation (SSP) aligns $\phi_q$ ’s space to $\phi_g$ using a product quantizer trained on $\{\phi_g(x_i)\}$ ; compatibility is ensured by minimizing, for $M$ subspaces, the KL divergence between anchor-assignment probabilities:

$\mathcal{L}_{SSP} = \sum_{j=1}^M \sum_{k=1}^K p^g_{j,k} \log\frac{p^g_{j,k}}{p^q_{j,k}}$

where $p^g_{j,k}$ and $p^q_{j,k}$ are (softmax) similarities to centroids $C^j_k$ in the $j$ -th subspace for gallery and query features, respectively.

Quantum Cryptography

In asymmetric position-based quantum cryptography (Nadeem, 2014), the following mapping is applied:

Enrollment (public-key state generation): Prover $P$ prepares quantum state $\ket{pk}=\otimes_{i=1}^T R_y^{(i)}(s_i\theta_t)\ket{0_z}$ , distributing copies to verifiers.
Verification: Each verifier applies a query unitary $U_j$ (dependent on random message $m^{(j)}$ ). Only the prover, holding the trapdoor $(t,S)$ , can efficiently invert these rotations and recover $m^{(j)}$ .

3. Model and Pipeline Details

System Domain	Enrollment (Reference Generation)	Verification (Probe/Query)
Speaker Verification (Lin et al., 2021)	ECAPA-TDNN, 5.8M params, $\approx$ 0.9G FLOPS	ECAPA-TDNNLite, 318K params, 11.6M FLOPS
Match-on-Card (Ganmati et al., 17 Oct 2025)	Off-card: float→PCA-ITQ→64/128b template	On-card Hamming, APDU decision only
Image Retrieval (Wu et al., 1 Mar 2024)	$\phi_g$ : Deep CNN (ResNet101+GeM/DELG) + PQ	$\phi_q$ : mobile CNN + structure similarity
Quantum Cryptography (Nadeem, 2014)	Quantum public-key state ( $\ket{pk}$ ), trapdoor generation	Local rotation, trapdoor inversion

In verification, latency and compute constraints dictate architecture: ECAPA-TDNNLite delivers 1.8×10⁻³ real-time factor (2s utterance on single Xeon core); match-on-card Hamming computation and communication are sub-50 ms for contact rates as low as 9.6 kbps per APDU, compliant with ISO/IEC 7816-4/14443-4.
In all settings, enrollment is a one-time or rarely repeated event, enabling far greater computational and/or quantum resource allocation.

4. Joint Training and Embedding Alignment

A central challenge is compatibility between enrollment and verification reference spaces. Joint training mechanisms address this by aligning the different embedding distributions:

Speaker verification: Loss $L = L_{S-AAM} + L_{L-AAM} + \lambda \cdot L_{AP}$ , with $L_{AP}$ enforcing angular proximity of L-Model and S-Model representations ( $\lambda=10$ ).
Image retrieval: KL loss across product-quantized anchor assignments induces geometric compatibility without class labels; all elements can be scaled using only unlabeled data.
Cryptography: Compatibility and one-wayness derive from quantum trapdoor constructions and the mathematical indistinguishability of rotated quantum bases.

In biometric systems, template transformations (PCA, ITQ) generate irreversible representations; APDU protocols and constant-time logic prevent side-channel leakage, enforcing cryptographic equivalence (Ganmati et al., 17 Oct 2025).

5. Evaluation Metrics, Performance, and Tradeoffs

System efficiency and accuracy are empirically benchmarked, with trade-offs explicit in published results.

Experiment	Enroll Model	Verify Model	EER (%) Vox1-O	MinDCF Vox1-O
1	ECAPA-TDNN (L)	ECAPA-TDNN (L)	0.99	0.113
2	ECAPA-TDNNLite (S)	ECAPA-TDNNLite(S)	3.07	0.296
4	ECAPA-TDNN (joint)	ECAPA-TDNNLite	2.31	0.251

Asymmetric structure (Experiment 4) reduces EER by 25% relative to a purely small symmetric system, with unchanged per-verification FLOPS (11.6M) (Lin et al., 2021). In image retrieval, asymmetric SSP narrows the mAP gap to ≤3–5% of fully symmetric heavy models at a fraction (5.8%) of computational cost (Wu et al., 1 Mar 2024). Match-on-card latency is $<$ 14ms at 38.4kbps for either 64b or 128b templates; ROC analysis on CelebA yields EER=0.103 (64b) and 0.084 (128b), TPR at FAR=1% reaches 0.836 (Ganmati et al., 17 Oct 2025).

6. Security and Privacy Implications

Asymmetric cryptographic protocols such as those in position-based quantum cryptography (Nadeem, 2014) achieve information-theoretic security unattainable with symmetric architectures. The private key $(t,S)$ is never exposed outside the prover; the public quantum state $\ket{pk}$ leaks at most $T$ bits (Holevo bound), insufficient for inversion. Similarly, match-on-card architectures restrict leakage with strict APDU field lengths, one-way transformations (PCA+ITQ), rotation-based unlinkability, and decision-only status words, aligning with ISO/IEC 24745 privacy targets.

7. Applications and Practical Recommendations

Asymmetric enroll-verify structures are applicable wherever enrollment is infrequent and verification is subject to stringent operational constraints. Notable settings include:

Mobile and IoT speaker verification: Edge devices preserve low-latency validation with server-side high-accuracy enrollments (Lin et al., 2021).
Match-on-card biometrics: ISO/IEC-compliant smartcards conduct all verification in constant time, without biometric score leakage (Ganmati et al., 17 Oct 2025).
Large-scale image retrieval: Mobile query models interact in real-time with a server gallery built via heavy models; retrieval fidelity is preserved via SSP and PQ alignment (Wu et al., 1 Mar 2024).
Position-based quantum authentication: Provers retain exclusive decrypting capability, establishing both identity and location security (Nadeem, 2014).

Enrollment can be performed off-line, on server, or during one-time provisioning, allowing use of models or algorithms infeasible for repeated verification. Verification is tunable to device, privacy, and latency constraints, with best practices including joint embedding space alignment, one-way transformation, and strict protocol enforcement on constrained devices.

References:

(Lin et al., 2021) "Towards Lightweight Applications: Asymmetric Enroll-Verify Structure for Speaker Verification"
(Ganmati et al., 17 Oct 2025) "ISO/IEC-Compliant Match-on-Card Face Verification with Short Binary Templates"
(Wu et al., 1 Mar 2024) "Structure Similarity Preservation Learning for Asymmetric Image Retrieval"
(Nadeem, 2014) "Asymmetric Position-Based Quantum Cryptography"