Applied research from the Worldcoin Foundation and TACEO, a team of cryptography engineers, has advanced the biometric template protection and enabled the secure deletion of Worldcoin’s previous iris code system.
Working within a field of cryptography “known as secure multi-party computation (SMPC), Worldcoin and TACEO have applied recent advances in SMPC for Machine Learning to iris codes, which enable Worldcoin to determine an individual’s uniqueness.”
This new approach, which is “open source and available in a Github repository, allows the iris codes to be individually encrypted into multiple different secret shares held by multiple parties.”
These parties can then work together “to compute results over the secret information without learning anything about the secret itself.”
With this, World ID has reportedly “achieved a level of privacy protection for deduplication (verification of uniqueness) of biometric templates.”
After the migration of iris codes to the new SMPC system, “the previous uniqueness-checking system, including old iris codes, was securely deleted.”
Verified World ID users can prove “that they are a unique human being without revealing who they are, unlocking new abilities in the digital realm such as collective protection from impersonation, deep fakes and influence campaigns.”
To achieve this, the system makes sure “the user has not signed up before during sign up by applying the Daugman iris code method, which relies on the inherent uniqueness of irises.”
Iris codes are unique and must “be handled with the utmost care. Until recently, this meant using hardware security modules, encrypted drives and networks, identity and access management, etc.”
On top of this, World ID went much further “through its additional layer of zero-knowledge proofs that allows an individual to use their World ID without revealing which World ID was used or who the user is.”
The best method to safely store critical data “is a secret sharing scheme in which the secret is encrypted to a set of numbers called shares.”
These numbers individually “are random and reveal nothing, but together their correlation contains the secret.”
The secret can only be recovered if “all the shares are combined[2]—any fewer and nothing can be learned about the secret.”
You can imagine it as “a combination safe with multiple dials where each participant only knows one of the combinations, or as the Horcruxes from the Harry Potter novels.”
Secret sharing is like a safe “with multiple dials where each participant only knows one code. Only if the participants work together can they open the safe and reveal the secret.”
By distributing the shares “over multiple trusted parties (participants), fault tolerance of security can be achieved. Even a complete security breach of some participants would not leak the secret, as long as at least one of the participants is still secure.”
Furthermore, this is one of the few results “in cryptography that provides perfect secrecy, meaning it will always be secure regardless of which advances happen in, say, prime factorization and quantum computers.”
Secret sharing is powerful, but “on its own can only be used to store information. Often, we also want to do something with the information (i.e., run a computation over it). This is where Secure Multi-Party Computation (SMPC) comes in.”
It allows the participants in a secret sharing scheme “to work together and do a computation on secret information, while keeping that information secret. For example, suppose you and your colleagues want to know the average salary of your group, but none of you wants to reveal their own salary.”
To do this, each person “creates secret shares of their salary and distributes the shares to their colleagues.”
Remember, these shares appear to “be random numbers and do not reveal anything. Everyone then computes the average of the shares, which may seem nonsensical at first. But due to the so-called homomorphic property of the secret shares, the average of the shares is the same as a share of the average. Now that everyone has a share of the average, they can proceed to combine their shares to reveal the actual average value.”