WorldCoin launches open source biometric data system

The WorldCoin Foundation has introduced a new biometric template protection system developed by cryptography engineers at TACEO. This system uses secure multi-party computation (SMPC) to safely remove the previous iris encoding system.

Data collection reform
Worldcoin's new approach, now open sourced on GitHub, encrypts the iris encoding into multiple secret shares that are distributed among various parties. These parties jointly compute the result on the encrypted data without access to the actual secret, thus ensuring a high degree of privacy for verification of the uniqueness of the biometric template.

A representative of the World Coin Foundation said: “By migrating to SMPC, we have significantly improved the privacy protection of our users. After all iris codes were securely transferred to the new system, we deleted the old data.”

Recent optimizations of the machine learning SMPC protocols, adopted by Worldcoin and TACEO, allow these protocols to be used for iris code comparison. This system enables Worldcoin to verify the uniqueness of an individual without decrypting the biometric data.

System Transition and Requirements
The transition to the new system was completed in March 2024. After extensive testing, the previous iris coding system was securely removed in May 2024. The new system requires extensive computing resources, including 1152 cores, 3.6TB of memory, and 5Gbps of bandwidth across all participants.

Regulatory hurdles
This development was discussed with data protection authorities, in particular the Bavarian State Data Protection Authority (BayLDA). Currently, Tools for Humanity and the EU agency of the Worldcoin Foundation are participants in the SMPC system, and the addition of other third-party participants is being considered.

The announcement comes after WorldCoin faced regulatory challenges in multiple countries, coming under scrutiny for its data privacy and security practices. Authorities in several regions have questioned the adequacy of WorldCoin’s protection of user data, prompting the Foundation to accelerate its efforts to adopt stronger privacy technologies.

Wider privacy and security initiatives
The adoption of SMPC is part of the Worldcoin Foundation’s broader move to improve privacy and security. Other measures introduced in 2024 include secure personal information storage for individuals, the ability for users to delete their own iris codes, and on-site age verification to prevent underage registration.

This new SMPC system marks a major milestone in biometric security, setting a new standard for privacy protection in digital identity verification. This advancement makes it possible to securely and privately verify a user's uniqueness, representing an important step forward in the field of biometric data protection.