1 Combining Blockchain and Biometrics: A Survey on Technical Aspects and a First Legal Analysis Mahdi Ghafourian 1 , Bilgesu Sumer 2 , Ruben Vera-Rodriguez 1 , Julian Fierrez 1 , Ruben Tolosana 1 , Aythami Moralez 1 , and Els Kindt 2 1 Biometrics and Data Pattern Analytics Lab, Universidad Autonoma de Madrid, Spain 2 Biometric Law Lab, Centre for IT & IP Law (CITIP), KU Leuven, Belgium Abstract—Biometric recognition as a unique, hard-to- forge, and efficient way of identification and verification has become an indispensable part of the current digital world. The fast evolution of this technology has been a strong incentive for integrating it into many applications. Mean- while, blockchain, the very attractive decentralized ledger technology, has been widely received both by the research and industry in the past years and it is being increasingly deployed nowadays in many different applications, such as money transfer, IoT, healthcare, or logistics. Recently, re- searchers have started to speculate what would be the pros and cons and what would be the best applications when these two technologies cross paths. This paper provides a survey of technical literature research on the combination of blockchain and biometrics and includes a first legal analysis of this integration to shed light on challenges and potentials. While this combination is still in its infancy and a growing body of literature discusses specific blockchain applications and solutions in an advanced technological set-up, this paper presents a holistic understanding of blockchain applicability in the biometric sector. This study demonstrates that combining blockchain and biometrics would be beneficial for novel applications in biometrics such as the PKI mechanism, distributed trusted service, and identity management. However, blockchain networks at their current stage are not efficient and economical for real-time applications. From a legal point of view, the allocation of accountability remains a main issue, while other difficulties remain, such as conducting a proper Data Protection Impact Assessment. Finally, it supplies technical and legal recommendations to reap the benefits and mitigate the risks of the combination. Index Terms—Biometric, Blockchain, Security, Privacy, GDPR, Data Protection Regulation. I. I NTRODUCTION U NLIKE conventional authentication methods based on knowledge (e.g. password) or possession (e.g. smart card), biometric recognition relies on the concept of inherence, i.e., who someone is which makes it more robust against fraudulent activities like forging, spoofing, etc., compared to the aforementioned methods [1]–[3]. The advantages of biometric recognition including a high level of security and assurance, better user experience, and a fast process of recognition have allowed using biometric systems to increase the robustness of security in many different applications such as authentication systems, border control, etc [4]–[7]. One of the highly potential disciplines technologies to be used jointly with biometrics is blockchain. Compared to two decades ago, when we were record- ing our data on bulky, error-prone and space-limited storage devices such as floppy disks, we are now liv- ing in the age of storage breakthroughs. The need for high-volume, fast, reliable, secure, and available storage means has led us on a path to where we are now. The advent of Distributed Ledger Technology (DLT), in recent years, known as blockchain, has become one of the most prominent phenomena of our time. As a result, it has come to the forefront of research in many disciplines (e.g. cryptocurrency, smart contracts, identity management) aimed at including distributed data storage. Owing to the success of Bitcoin and cryptocurrencies, the corresponding blockchain technology is now suc- cessfully practiced to distribute data in a secure-by- design database without the need for a central authority. Not only the unprecedented security properties of the blockchain have revolutionized a wide range of finan- cial services and digital payments, but also its unique characteristics such as decentralization, immutability, auditability, fault tolerance, and availability have played a pivotal role in receiving further public attention so far. On the one hand, it is not surprising that, due to its availability and decentralization properties, blockchain solves the security problems arising from storing biomet- ric features (e.g., storing biometric features of the same individual in different places belonging to independent applications). In particular, in terms of biometric verifi- arXiv:2302.10883v1 [cs.CV] 21 Feb 2023