[Paper] Ciphera: A Decentralised Biometric Identity Framework

Source: arXiv - 2605.29868v1

Overview

Ciphera proposes a decentralised biometric identity framework that blends privacy‑preserving facial recognition with the emerging standards of Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs). By moving enrollment, verification, and revocation off a single trusted server, the authors aim to eliminate the classic single‑point‑of‑failure and opaque verification problems that plague today’s centralised biometric systems.

Key Contributions

• Hybrid Architecture: Combines on‑device facial feature extraction, IPFS‑hosted credential metadata, and a blockchain anchor for revocation lists.
• Multi‑Node Verification: Authentication requests are simultaneously validated by a configurable set of independent verifier nodes, providing distributed consensus on identity claims.
• Privacy‑First Design: Uses homomorphic‑friendly embeddings and zero‑knowledge proof sketches so that raw biometric data never leaves the user’s device.
• Performance Benchmarking: Real‑world tests show a 95th‑percentile verification latency of ~820 ms even under concurrent multi‑node loads.
• Security & Consistency Evaluation: Formal threat modeling, audit‑log integrity checks, and consistency tests across nodes highlight both strengths (confidentiality, integrity) and gaps (liveness detection, revocation propagation delays).

Methodology

1. Enrollment – A user’s device captures a face image, runs a lightweight CNN to generate a fixed‑length embedding, and encrypts it with a user‑controlled key. The encrypted embedding is stored on IPFS, while a DID document points to the IPFS hash and includes a public verification key.
2. Credential Issuance – An issuer (e.g., a government agency) signs a Verifiable Credential containing the DID and a hash of the encrypted embedding. The VC is stored off‑chain; only its hash is anchored on a public blockchain for tamper‑evidence.
3. Authentication – The prover sends a zero‑knowledge proof that their live embedding matches the stored encrypted embedding without revealing the embedding itself. Multiple verifier nodes independently check the proof, the VC signature, and the blockchain‑anchored revocation status. Consensus (e.g., majority vote) decides acceptance.
4. Revocation – When a credential must be revoked, the issuer posts a revocation transaction to the blockchain. Verifier nodes periodically pull the revocation list; the authors measured a propagation delay of a few seconds to a minute.
5. Evaluation – The authors built a prototype with three verifier nodes, deployed on AWS, and ran functional, performance, security, and distributed‑consistency test suites (including simulated network partitions and replay attacks).

Results & Findings

Overall, the study demonstrates that a fully decentralised biometric identity flow is technically viable, with sub‑second user experience and strong cryptographic guarantees, but still requires engineering refinements for production readiness.

Practical Implications

• Zero‑Trust Identity Platforms – Enterprises can replace password‑based SSO with a biometric VC that is verifiable without exposing raw face data, fitting neatly into existing DID/VC ecosystems.
• Regulatory Compliance – By keeping biometric templates encrypted and off‑chain, Ciphera aligns with GDPR‑style data minimisation and can provide auditable revocation trails required by privacy regulators.
• Edge‑Centric Applications – Mobile apps, IoT devices, or AR/VR headsets can perform on‑device enrollment and proof generation, enabling frictionless log‑ins for high‑frequency services (e.g., contactless payments, secure facility access).
• Inter‑Operability – Because the framework adheres to W3C DID and VC specs, it can be integrated with existing decentralized identity wallets (e.g., Veramo, Trinsic) without custom protocol stacks.
• Cost Model – Leveraging IPFS for storage and a public blockchain only for revocation hashes keeps on‑chain transaction fees low, making the solution economically attractive for large‑scale rollouts.

Limitations & Future Work

• Liveness & Anti‑Spoofing – The current prototype lacks robust liveness detection, making it susceptible to replay or deep‑fake attacks. Future versions should integrate challenge‑response video or multi‑modal biometrics (e.g., voice, iris).
• Revocation Latency – Propagation delays could be problematic for high‑security contexts where immediate revocation is mandatory. Exploring faster side‑chains or push‑based revocation notifications is a next step.
• Scalability of Audit Logs – Inconsistent audit‑log ordering under heavy churn suggests a need for stronger consensus mechanisms or log‑compression techniques.
• Usability Studies – The paper focuses on technical metrics; user‑experience research (e.g., enrollment friction, privacy perception) would help gauge real‑world adoption barriers.

Ciphera opens a promising path toward truly decentralised, privacy‑preserving biometric identity. With the highlighted engineering refinements, it could become a cornerstone of next‑generation secure authentication ecosystems.

Authors

• Ankit Kanaiyalal Prajapati
• Shahzad Memon
• Mohammed Mahir Rahman
• Ameer Al-Nemrat

Paper Information

• arXiv ID: 2605.29868v1
• Categories: cs.CR, cs.CV, cs.DC
• Published: May 28, 2026
• PDF: Download PDF