What is Keyless?

Keyless is a privacy-first biometric authentication and identity management platform that eliminates the need for passwords, cryptographic keys, and other authentication data, without compromising on convenience or privacy.

The Keyless Protocol

The Keyless protocol implements secure biometric authentication using state-of-the-art multi-party computation techniques. The protocol involves the user’s mobile device, which interacts with a set of nodes in the Keyless network. Each node stores cryptographically protected shares of the user’s biometric data and of the user’s authentication key. These shares enable user authentication without the nodes or the devices having access to the the full biometric data, and to generate authentication tokens on demand.

The Keyless protocol is composed of two main phases:

• enrollment

• authentication

During the enrollment phase, users register themselves and their mobile device with the Keyless network. This includes storing an encrypted authentication key and one-way processed biometric data in a distributed form on Keyless nodes using threshold secret sharing.

During the authentication phase, Keyless first authenticates the user’s device, and then computes a one-way transformed biometric sample on that device. The sample is sent to the Keyless nodes, and matched against the one-way transformed template created during enrollment. Because none of the nodes is able to decrypt the biometric template or the authentication sample, matching is performed using a secure multi-party computation protocol.

At the end of the authentication process, the nodes learn whether the biometric authentication sample matches the template. This indicates that, with high probability, the two biometric datapoints are from the same person. Additionally, a match reveals a different encrypted shares of the authentication key to each node, which forwards them to the user’s mobile device.

Once the device has received enough shares, it can use the authentication key to construct the user’s authentication token.