Worldcoin Foundation Launches, Open Sources “Perfect Secrecy” SMPC System
The Worldcoin Foundation today announced it launched and is open sourcing a novel secure multi-party computation (SMPC) system. The system, available now in a GitHub repository for any organization to use, aims to set a new standard for data protection, including the protection of biometric data. The Worldcoin Foundation also announced that, after the migration of iris codes to the new SMPC system, the previous uniqueness-checking system, including iris codes, was securely deleted.
Biometric authentication use increases as data breach frequency and impact rise
Organizations in the private and public sector increasingly require and use consumers’ biometric data for everyday services and activities, from building access and airport security to logging into healthcare and financial services apps. Underscoring the increase, a Fortune Business Insights report projected the global biometric system market size to reach $76.70 billion USD in 2029, 2.5x its total of $30.77 billion in 2022.
Meanwhile, research from MIT Professor Stuart Madnick indicates a 20% increase in data breaches from 2022 to 2023 while globally the number of victims of such breaches doubled over the same time period.
The convergence of these trends suggests a need to further advance data protection technologies. While Worldcoin is neither an authentication nor an identification use case for biometrics (the Worldcoin Foundation does not know the identity of their users), the Foundation’s new open source SMPC system can serve as a building block to set a new standard in biometric data security.
Worldcoin Foundation’s SMPC system
SMPC has been lauded by privacy and security experts alike. It can be thought of as taking one secret and sharing it in multiple parts across different parties for increased protection. Importantly, none of the individual parts alone say anything about the original secret, thus making it impossible for any individual party to decrypt the secret.
This SMPC approach demonstrates perfect information-theoretic security, meaning it is effective even against quantum-computing. SMPC systems have generally been too resource-intensive to be effectively used for large complex computations. This is why, despite their impressive privacy protective qualities, they have not yet seen extensive use in biometric template protection.
The Worldcoin Foundation, along with contributor-technologists from TACEO and Tools for Humanity, have successfully architected a new implementation of SMPC to address the scale and cost constraints that have previously hindered others. The new SMPC system, which encrypts iris codes into secret shares held by multiple parties, enabled the Worldcoin Foundation to permanently delete iris codes generated through its previous uniqueness-checking system.
“The community supporting Worldcoin will never stop developing, testing and deploying the most advanced technologies focusing on security, privacy and data protection as it works to improve trust online and increase access to the global economy,” said Jannick Preiwisch, Data Protection Officer of the Worldcoin Foundation. “Implementation of the new SMPC system enabled the Worldcoin Foundation to delete old iris codes by permanently encrypting them to SMPC shares that by themselves cannot be related to an identified person. The development of this new system demonstrates an unparalleled commitment to further compliance with the EU General Data Protection Regulation and other data protection regimes across the world. It also complements advancements aimed at providing consumers increased choice and control over their data including personal custody and the ability to unverify their World IDs.”