Worldcoin Foundation has introduced a new system using Secure Multi-Party Computation (SMPC) for biometric template protection, developed with cryptography engineers from TACEO.
The advancement has allowed the foundation to securely delete the previous iris code system. The move is part of the foundation’s effort to be more transparent after multiple countries raised concerns over its data collection practices.
Data collection revamp
The new approach, now available open source on GitHub, encrypts iris codes into multiple secret shares distributed among different parties. These parties collaborate to compute results over the encrypted data without accessing the actual secrets, ensuring a high level of privacy for verifying the uniqueness of biometric templates.
Worldcoin Foundation said:
“By migrating to SMPC, we’ve achieved a significant enhancement in privacy protection for our users. After securely transferring all iris codes to the new system, we deleted the old data.”
Recent optimizations in SMPC protocols for machine learning, adapted by Worldcoin and TACEO, have made it feasible to apply these protocols to iris code comparisons. This system allows Worldcoin to verify an individual’s uniqueness without decrypting the biometric data.
The transition to this new system was completed in March 2024. After extensive testing, the previous iris code system was securely deleted in May 2024. The new system requires substantial computing resources, including 1152 cores, 3.6TB of memory, and 5 Gbps bandwidth across all parties involved.
Regulatory hurdles
The development followed discussions with data protection authorities, particularly the Bavarian Data Protection Authority (BayLDA). Tools for Humanity and Worldcoin Foundation’s EU establishment are current participants in the SMPC system, with additional third-party participants under consideration.
The announcement comes after Worldcoin faced regulatory hurdles in multiple countries, including scrutiny over data privacy and security practices. Authorities in several regions questioned the adequacy of Worldcoin’s measures to protect user data, prompting the foundation to accelerate its efforts in adopting more robust privacy technologies.
The Worldcoin Foundation’s adoption of SMPC is part of a broader initiative to enhance privacy and security. Other measures introduced in 2024 include personal custody for secure personal information storage, the ability for users to delete their iris codes, and on-site age verification to prevent underage sign-ups.
This new SMPC system represents a significant milestone in the field of biometric security, setting a new standard for privacy protection in digital identity verification.