CybersecurityBlockchainMobile

Privacy-Preserving Biometric Authentication SDK

Series B Identity & Security CompanyCybersecurity / Identity

Industry

Cybersecurity / Identity

Timeline

22 weeks

Team Size

9 engineers

Client

Series B Identity & Security Company

The Challenge

What was at stake

The client needed to offer enterprise customers biometric authentication that could survive regulatory scrutiny in the EU (GDPR biometric data rules) and Illinois (BIPA) without the liability of storing biometric templates. Existing solutions either stored encrypted templates centrally — still a honeypot for attackers — or used on-device-only matching that couldn't support cross-device authentication scenarios. They needed a fundamentally new architecture where biometric data provably never exists in complete form anywhere in the system.

Our Approach

How we delivered

Secure Multi-Party Computation Protocol Design

Designed a custom MPC protocol that splits biometric feature vectors into encrypted shares distributed across three independent computation nodes. Matching is performed on encrypted shares using garbled circuits, and the result (match/no-match) is the only information revealed — raw biometric data is never reconstructed at any point in the pipeline.

High-Performance Rust Implementation

Implemented the core MPC engine in Rust for memory safety and performance, leveraging SIMD instructions and zero-copy serialization to achieve sub-300ms end-to-end authentication latency including network round trips. The engine runs inside AWS Nitro Enclaves providing hardware-level attestation that the code has not been tampered with.

Cross-Platform Mobile SDK Development

Built native SDKs for iOS (Swift) and Android (Kotlin) with on-device biometric capture, liveness detection to prevent spoofing, and secure enrollment flows that split and distribute biometric shares without the complete template ever leaving the secure enclave of the mobile device.

Formal Security Verification & Compliance Certification

Engaged third-party cryptography auditors to formally verify the MPC protocol's security properties. Prepared comprehensive documentation for GDPR Article 35 Data Protection Impact Assessments and BIPA compliance, and supported the client through SOC 2 Type II and ISO 27001 certifications.

Results

Measurable impact, verified by the client

Sub-300ms authentication

Zero biometric data breaches

2M+

authentications/month

Tech Stack

Technologies we used

RustSwiftKotlinMPC LibrariesAWS Nitro EnclavesgRPC

“TPWITS solved what we thought was an impossible problem — biometric authentication that is both fast enough for production use and provably privacy-preserving. The Rust-based MPC engine they built authenticates in under 300ms, and we can prove to any regulator that we never store biometric data. Two million authentications a month and zero breaches.”

Katharina Braun

CTO & Co-Founder, Series B Identity & Security Company

Blockchain-Powered Anomaly Detection for Trade Channel Integrity Digital Estate Planning Platform with Smart Contract Automation

Power your next digital move.

Whether you need AI expertise, cloud infrastructure, or a full digital transformation, our team is ready to help you build what's next.

Book Free Consultation View Case Studies