-3

Number of biometric samples required to form an exhaustive set of fingerprint hashes?

Slight variations in the sample produce different hash values of the sample data. The answer linked below indicates that enough different samples might produce an exhaustive set of hash values.

The following fingerprint hash system was proposed: Fingerprint hash I am trying to determine whether or not the number of samples required is infeasibly large or small enough to be feasible.

Hashing mathematical models of a fingerprint patterns seems to provide a sufficient solution. A mathematical model of a fingerprint would focus only on the key distinguishing features of the fingerprint pattern and thus ignore other differences between a pair of images.

polcott
  • 93
  • 6
  • 1
    @polcott The number of hashes needed depends on the variability of human fingerprints, the hardware characteristics of the scanner and the ratio of false positive and false negatives allowed. It's impossible for us to make this estimate for you. Also, some humans do not have fingerprints. – A. Hersean May 19 '21 at 16:27
  • 2
    You've switched "enough" for "exhaustive", but it's the same problem: exhaustive *for what*? I think what you want to ask is "what is the minimum viable number of samples to positively identify someone?" – schroeder May 19 '21 at 17:57
  • The comment above still holds after your edit: no one can give you a general case. Different fingerprint readers read inputs differently. At best, someone might give you an answer about feasibility for a given reader. I've seen extremely high-resolution scanners that map out the patterns *on the ridges* of a fingerprint. You only need one sample from that reader. – schroeder May 19 '21 at 17:59
  • @A.Hersean So then it seems that a range estimate is the best that can be provided. I am going for possibly feasible, or definitely infeasible. If ten samples might be enough we have an answer. If less than a million will never be enough then we have an answer. – polcott May 19 '21 at 18:05
  • @schroeder It is simply a very obvious follow on the the linked answer. If people insist on not looking at the context then they will not understand the question. – polcott May 19 '21 at 18:13
  • 2
    We have, and you are dismissing our responses. Please consider that we know what we are talking about. The linked item talks about fingerprint identification as a *concept*. You are asking about *implementation*. Once you jump that gap, there are other issues to consider. So, as we've been saying all along, there can only be an answer, or even a range, ***for a given reader and reader algorithm***. – schroeder May 19 '21 at 18:19
  • @schroeder Does there exist any combination of readers / algorithms with a false positive rate less than 1% such that the number of samples required to make an exhaustive list of fingerprint hashes less than 1000? – polcott May 19 '21 at 18:22
  • If the answer to that is "yes" is that relevant to anything? – schroeder May 19 '21 at 18:22
  • If you accepted that answer, then your question is moot. – schroeder May 19 '21 at 18:23
  • @schroeder it is no longer moot now that I derived an algorithm that might work. – polcott May 19 '21 at 18:39
  • 2
    Any _readers_ -- no. Any _algorithms_ is one of the most unlimitedly-difficult questions one can ask. It's almost inevitable that one _exists_, but whether one is currently _known_ is unlikely. It would take a lot of man-hours to _find_ it, certainly (if even reasonably possible). – JamesTheAwesomeDude May 19 '21 at 18:39

2 Answers2

1

I am going for possibly feasible, or definitely infeasible. If ten samples might be enough we have an answer. If less than a million will never be enough then we have an answer.

Put this down as definitely infeasible, then (at least unless you come up with a very accurate, extremely lossy, very clever mathematical "flattening" of the fingerprint scans.)

Fingerprint scanning is an analog process: it's essentially a (potentially very poor quality) photograph; according to some website, these may reasonably be as low as 96×96 pixels.

If we take the coarse assumptions that each of these pixels can be reduced to a bit depth of around 3 (that is, around 8 possible brightness levels), that 95% of a 96×96px scan's pixels are fixed by a finger (or fix-able by your mathematical analysis), and that the finger will only move up to ±10px in each of the X and Z axes, that gives you approximately too many possible images that a given fingerprint might produce.

If you want to find a way to hash "fingerprints", you will have to find a serious analytic reduction of them based on pivotal attributes, and go about hashing that mathematical characterization of each instead.

JamesTheAwesomeDude
  • 581
  • 4
  • 15
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/124474/discussion-on-answer-by-jamestheawesomedude-number-of-biometric-samples-required). – Rory Alsop May 20 '21 at 11:10
-2

As the prior answer indicates it is definitely infeasible to hash actual fingerprint data so that an exhaustive set of hash values is a feasibly small number. On the other hand, hashing a mathematical model of a fingerprint pattern may provide a sufficient solution.

A mathematical model of a fingerprint would focus only on the key distinguishing features of the fingerprint pattern and thus ignore other differences between a pair of images.

Mathematical Models of Fingerprints

polcott
  • 93
  • 6
  • 1
    "During minutiae-based matching, the set of minutiae are extracted from the two fingerprints and stored as sets of points in the two dimensional plane...minutiae-matching is most widely used approach in fingerprint recognition ..." -- all fingerprint scanners extract a mathematical model of the fingerprint. The image isn't stored, if that's what you were thinking. So, I'm not sure if this is an "answer" to the problem. That paper is about adding more data points to avoid errors and speed up the matching process. – schroeder May 19 '21 at 22:48
  • @schroeder Because mathematical models of fingerprints screen out an enormous amount of irrelevant differences between two different fingerprint images this would seem to be a reliable way for biometric authentication to store fingerprint data in a cryptographically secure environment. It may still be susceptible to an evil maid attack on the client side. It would be at least as secure as using credit card numbers over the internet. – polcott May 19 '21 at 23:03
  • 4
    I'm saying that that is what is happening currently. John Deter's answer in the linked post assumes mathematical models... This "answer" adds nothing. It's just a discovery of yours for how the process works. – schroeder May 20 '21 at 06:43