A Facial Authentication System Using Post-Quantum-Secure Data Generated on Mobile Devices

This paper describes a demonstrator of a post-quantum-secure facial authentication system distributed between a mobile device acting as a client and a remote computer acting as an authentication server. Homomorphic encryption based on Classic McEliece, one of the fourth-round candidates of the NIST post-quantum standardization process, is carried out by the client for protecting the biometric data extracted from the users' faces at enrollment and verification. The remote computer only stores and compares the received protected data, thus preserving user privacy. An Android App and a Graphical User Interface (GUI) were implemented at the client and the server, respectively, to show the system performance in terms of computation and security.