Large-Scale MPC: Scaling Private Iris Code Uniqueness Checks to Millions of Users

In this work we tackle privacy concerns in biometric verification systems that typically require server-side processing of sensitive data (e.g., fingerprints and Iris Codes). Concretely, we design a solution that allows us to query whether a given Iris Code is similar to one contained in a given database, while all queries and datasets are being protected using secure multiparty computation (MPC). Addressing the substantial performance demands of operational systems like World ID and aid distributions by the Red Cross, we propose new protocols to improve performance by more than three orders of magnitude compared to the recent state-of-the-art system Janus (S&P 24). Our final protocol can achieve a throughput of over 690 thousand Iris Code comparisons per second on a single CPU core, while protecting the privacy of both the query and database Iris Codes. Furthermore, using Nvidia NCCL we implement the whole protocol on GPUs while letting GPUs directly access the network interface. Thus we are able to avoid the costly data transfer between GPUs and CPUs, allowing us to achieve a throughput of 4.29 billion Iris Code comparisons per second in a 3-party MPC setting, where each party has access to 8 H100 GPUs. This GPU implementation achieves the performance requirements set by the Worldcoin foundation and will thus be used in their deployed World ID infrastructure.