Worldcoin's introduction of an open-source biometric data protection mechanism, developed in collaboration with TACEO's cryptography experts, entails the utilization of Secure Multi-Party Computation (SMPC) to securely eliminate the previous iris code system.
Worldcoin's novel approach, presently accessible on GitHub, involves encrypting iris codes into multiple confidential shares distributed among various entities. Through collective efforts, these entities can derive results from the encrypted data without exposing the true secrets, ensuring a high level of privacy in validating the uniqueness of biometric templates.
A representative of the Worldcoin Foundation highlighted the considerable improvement in user privacy achieved through the adoption of SMPC. Subsequent to transferring all iris codes to the new system, the old data was securely eradicated.
Enhancements in SMPC protocols for machine learning, tailored by Worldcoin and TACEO, enable the application of these protocols for comparing iris codes. This framework allows Worldcoin to confirm an individual's uniqueness without decrypting the biometric information.
Evolving Systems and Prerequisites
The transition to the new system was finalized in March 2024, with the previous iris code system securely purged in May 2024. The new system necessitates substantial computational resources, including 1152 cores, 3.6TB of memory, and 5 Gbps bandwidth across all participants.
Compliance Challenges
This transformation transpired following discussions with data protection regulators, notably the Bavarian Data Protection Authority (BayLDA). Currently, Tools for Humanity and Worldcoin Foundation's EU branch are engaged in the SMPC system, with the potential addition of other third-party participants.
Wider Privacy and Security Endeavors
The integration of SMPC is a component of Worldcoin Foundation's overarching effort to bolster privacy and security. Additional measures introduced in 2024 encompass secure storage of personal data, user-controlled deletion of iris codes, and in-person age verification to deter underage registrations.
This SMPC system embodies a notable progression in biometric security, setting a new standard for privacy protection in digital identity verification. It facilitates secure and confidential validation of user uniqueness, marking a significant leap forward in safeguarding biometric data.
