Topic: Can private key be linked to biometric identity? (Read 245 times)

Since I read this post, this idea started to float in my mind but finally I realized that what you say is a terrible idea. The original post was about generating wallet address by using your face ID and being able to recover it again by using your face.
I would say that that's impossible: In order to generate wallet address and recover anytime with your face, I assume you mean that the wallet address and keys should always be the same because the condition is always the face. But if things get so exclusive, then logically I think every next wallet generated by the face can be absolutely unique because mood, mimics, the time you sleep, how tired, rested you are, what happened around you, The scar, the pimple, what you think about right now, absolutely everything affects your facial gestures at the same time.
I can't imagine one can be able to create an address on Bitcoincore and recover his wallet without any backup by looking at camera. That's why seed phrases are each unique to the wallet that created it. If you type 0 instead of O, you are not gonna get your wallet back. I hope you've got a point.

While it may be possible to create an unique bitcoin address via fingerprint because your fingerprint itself is an unique, still you have to keep in mind that you may damage your finger so much that fingerprint may change and if someone knows that you have a lot of bitcoin and wants to steal your money or just revenge, they may cut your finger or damage it. And you have to keep in mind that Hackers can use a fingerprint photo to create a synthetic print.

Do you really think anyone's going to honor an option to forbid companies and governments from abusing your biometrics data?

What is stopping them from doing any of the following:

- Selling it to third parties directly
- Getting hacked and having the data stolen and sold on the darknet
- Using it to unfairly suspend your account, or worse, carry out selective scamming

These guys should not be possessing your biometrics in the first place, and they should not even leave your device.

To some extent, I believe this is already possible if somebody is giving away many of his details on exchanges or other platforms which require KYC. The government can easily label any address related to their exchange address is related to them in one way or the other. Obviously, it would be even scarier if the government can simply check somebody's biometric details and trace everything from there, but an option to not use their biometrics should be available. It is impossible to prevent someone from creating new wallets that don't require their biometric data unless the government or any organization monitors them 24/7.

I assume you mean Bitcoin Core app and not a blockchain core, such word doesn't exist.
So, you want to generate bitcoin address and keys from Bitcoin Core. Such a thing isn't possible because it would generate absolutely new address and seed every time and it would need absolutely correct 3D model. I think one thing that you might be able to do is to save your keys somewhere and unlock access to these keys with your biometrics.

But that's not reliable. Nor the fingerprint is reliable because there is a chance that you get scar on your finger and it may be deep enough to change your fingerprint.
My advice is to just follow what has been proven and tested since its existence.

Let's make it simple bro, are you know QR Code? if know, the way is almost the same. 
Let's generate your private key like usual by using your wallet offline, After you got the private key (save it as a QR code), and tattoo it on your face. then when you want to sign the transaction, open the wallet camera to sign in your face.

But I am really sure, it makes you uncomfortable because That QR code appears on your face, yes, in this case same as you sign with a face ID without a QR code, It's not impossible for anyone out there to copy your face (to sign with private key) to steal your Bitcoin.

I would like to draw attention to something else.

Imagine that the private key will be tied to a person's personality. Then all generated wallets with the help of this key will be hard-wired to only one person. All his transactions will be labeled for those who will have this information and will know about all the movements of his assets.

Isn't this the same digital slavery?

In my opinion, it is impossible in any case to develop this direction. Get this technology into the hands of governments and you lose your freedom. Finally.

I assume that something similar will be implemented with CBDC.

The idea of YOU, as a person, is the PRIVATE KEY is a great thing to do. If we can be connected to something, then we can transact with our minds, etc. Would it be the next Matrix?

Maybe in the future?

Theoretically, it is possible to represent a biometric detail in the form of a private key and than work down to a public key and public address.

Is it an addition that would improve the network? I think not.
It could be handy to have your recovery key with you at all times without the need to store it yourself, but it poses a huge security risk and we would have a spike in $5 wrench attacks, except now they don't need the wrench to beat the information out of you.

The age old problem of lost private keys were popular cause Bitcoin had low value and people got then without really knowing much about them. In today's society, it is unlikely we have lots of people losing their keys

It seems that using a face ID for a security is not a valid recommendation, the consideration of our faces when we get older will not be the same as when we first record.
Biometric fingerprints can still be accepted as a step to secure or to be able to recover the lost key.

Actually this answer has been answered and for me the OP needs to consider it again instead of using a face ID.
Even in one of the exchanges that I used as a place where I transact I ignore the request to try the biometric.

Relevant discussion thread,
Biometrics as private key?
What if the wallet was you.


I expect it's only partially solved due to various technical issue/limitation. But you'd also create new problem where Bitcoin can be stolen through stealing Biometric (e.g. breach from centralized service or trace fingerprint from item you touch).


Generally it's true, although it could be changed if you receive injury.

Would biometrics help in recovering private keys and seeds if they got lost? Yes, probably!
Would they make Bitcoin safer? No!
Should it be mandators? No!
Can it be an optional feature for those that want it? Yes (I would never use it, but why should I tell others what to do!?)

I prefer changes that make the network better and stronger. I know you might think that introducing a new recovery method (biometrics) is a step in that direction, but it isn't. Only those who have the keys can spend the coins. It's as simple as that. The fact that lost keys mean unspendable coins is proof that everything works as described and that it is safe. If you introduce a new system that makes unspendable coinn spendable again, you aren't making Bitcoin more secure. You are giving anyone with your fingerprint and other biometric data the keys to your coins. And that's easier to obtain than a seed that is written down on paper or engraved in metal and stored securely.     

In theory, it looks great. Yes, at least it solves, like you said, "an age-old problem of lost private keys". But in real life cases, there are many challenges and practical cases that need to be addressed in order for it to effective.

From the example you gave, you said - if your wallet address was generated using your face ID, then you lose your keys and you can recover those keys through the face ID again. What if there are tiny variations due to poor lighting or changes in look when you try to retrieve those keys using your face ID? If this happens, it could result in false positives or false negatives, which would subsequently result in inaccurate identity verification or access denial.

The gathering and storing of biometric data is another aspect of this idea that is a challenge or that worries me. In order to protect user privacy and security, compliance with a number of legal and regulatory requirements that are specific to each country's biometric data collection and storage practices is necessary.

Because biometric data is not infallible and can also be stolen or compromised. Biometric authentication methods rely on unique physical characteristics of an individual, such as fingerprints or facial recognition, to verify their identity. However, these physical characteristics can potentially be replicated or spoofed using various methods, such as fake fingerprints or deepfakes. There is also the risk of false positives or false negatives, where the biometric data is incorrectly recognized or not recognized at all, leading to potential authentication errors.

Proposing a solution that has an obviously weaker security does not solve this problem, it even creates more loopholes and ways for more people to lose their private keys. Always have a backup in a different location is like the best way to avoid losing your private key, or if you are afraid your may lose your seed phrase if it is written on paper, you can engrave it on a steel. Weaker and more convenient solutions create more problems and losses, it is the same mistake as keeping your funds in a centralized exchange because you are afraid of self custody.

That's not what he/she meant (AFAIK) because we use our fingerprints in many devices like you may have set a fingerprint lock on your smartphone, or any IoT (internet of things) in your home which has a feature of fingerprint, and once you have set your fingerprints on any of these unsecured devices the metadata of your prints can easily be extracted once your any containing device compromised and can be used to unlock your wallets plus to make transactions too. These types of attacks are mostly used to extract data through normal IoT devices such as fingerprint speaker systems, light systems home door locks, and those smartphones which has less secure OS built in.

So, i think linking your biometric data to decentralized platforms is not wise even due to identity concerns. Because you could easily be identified once you used such a feature. Secondly, even if you have a twin but the metadata/details of your fingerprints will be different, and for faces, low-quality fingerprints can easily be unlocked if you even bring a photo of your face in front of a camera. But not with advance sensors.

Biometric face recognition is not the best security to secure a wallet like you said we are aging and our faces are also aging which can give a problem in the future when recovering or accessing a wallet.

But the biometric fingerprint is way better because fingerprints do not change even as we age.

About a wallet that generates a unique private key based on biometrics, I never heard of them and it is not good to generate a key pair as they are easy to steal and copy.
Sample if you touch something on public places this would lead to identity theft and can be use to recover your wallet using the fingerprint that they stole from public places.

Biometrics is only good as your extra security layer for your wallet and your device.

He already said it that someone else could use your biometric and restore your wallets.
Maybe you could be asleep and someone use your finger. Maybe your identical twin can use their face and restore your wallet.

Thank you for telling me about joy.id. But why it won't be a secure way in your opinion?

It's possible but not the most secure way. Someone else could use your biometrics and restore your wallet.

There's a project called joy.id which is still in its early stages but should solve this problem. I suggest you look into it.

Is it possible to create a mechanism in the Bitcoin core for generating a wallet address that will be linked to human biometrics?

If we do so so, can solve an age-old problem of lost private keys?

For example, if my wallet address was generated using my fingerprint, then I lose my keys and I can recover those keys through the fingerprint again.

I don't know if anyone already solved this.