pith. sign in

arxiv: 2402.02540 · v1 · submitted 2024-02-04 · 💻 cs.CV · cs.CR

Embedding Non-Distortive Cancelable Face Template Generation

Dmytro Zakharov , Oleksandr Kuznetsov , Emanuele Frontoni , Natalia Kryvinska This is my paper

Pith reviewed 2026-05-24 03:36 UTC · model grok-4.3

classification 💻 cs.CV cs.CR
keywords cancelable biometricsface template protectionimage distortionembedding neural networksprivacy in biometricsface recognitiontemplate generation
0
0 comments X

The pith

A tunable distortion method renders faces unrecognizable to humans while preserving identity predictions in any embedding network.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces an image distortion technique that hides facial identities from visual inspection but leaves them intact for neural embedding models used in biometrics. This supports privacy goals by enabling cancelable templates without storing raw biometric data. The method determines a maximum distortion level that does not alter a model's predicted identity and validates it through tests on MNIST and LFW datasets using standard comparison metrics.

Core claim

An innovative image distortion technique makes facial images unrecognizable to the eye but still identifiable by any custom embedding neural network model. The approach tests biometric recognition networks by finding the maximum distortion that leaves the predicted identity unchanged, with effectiveness assessed on MNIST and LFW datasets via traditional comparison metrics.

What carries the argument

The tunable image distortion technique that is applied until it reaches a maximum level without changing the embedding model's identity prediction.

If this is right

  • Biometric systems can generate cancelable face templates that enhance privacy without direct storage of raw data.
  • Recognition networks can be evaluated for robustness by measuring the distortion threshold before identity prediction changes.
  • The technique supports comparison of different embedding models using standard metrics on datasets like MNIST and LFW.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The approach may allow template revocation in biometric systems if a template is compromised.
  • Extension to other modalities such as fingerprints could follow the same distortion logic.
  • Further work would be needed to confirm the maximum distortion holds when the embedding model is replaced after deployment.

Load-bearing premise

A maximum distortion level exists that leaves the embedding model's identity prediction unchanged and can be tuned without specifying how this level is determined or validated across models.

What would settle it

A test on multiple embedding models where any distortion sufficient to make the image unrecognizable to humans also alters the predicted identity.

Figures

Figures reproduced from arXiv: 2402.02540 by Dmytro Zakharov, Emanuele Frontoni, Natalia Kryvinska, Oleksandr Kuznetsov.

Figure 1
Figure 1. Figure 1: An example of using our proposed image distortion technique on images [PITH_FULL_IMAGE:figures/full_fig_p001_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Trainer Network architecture [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Embedding model architecture. 4.2 Generator model For the generator model, we decided to employ the U-Net architecture [18]. Similarly to the embedding model from the previous section, we use He [12] weights initialization, LeakyReLU activation for all convolutional layers except for the last one, and the sigmoid function before the output to map pixel values to the interval (0, 1). We use batch size of 64… view at source ↗
Figure 4
Figure 4. Figure 4: Histogram of Hamming distances for three cases: “Real vs Real photos”, [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗
read the original abstract

Biometric authentication systems are crucial for security, but developing them involves various complexities, including privacy, security, and achieving high accuracy without directly storing pure biometric data in storage. We introduce an innovative image distortion technique that makes facial images unrecognizable to the eye but still identifiable by any custom embedding neural network model. Using the proposed approach, we test the reliability of biometric recognition networks by determining the maximum image distortion that does not change the predicted identity. Through experiments on MNIST and LFW datasets, we assess its effectiveness and compare it based on the traditional comparison metrics.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript proposes an image distortion technique for cancelable biometric templates. It claims that facial images can be distorted to become unrecognizable to human observers while remaining identifiable by arbitrary embedding neural network models. The central contribution is a procedure to identify the maximum distortion level that leaves the model's identity prediction unchanged, with experiments reported on MNIST and LFW and comparisons against traditional metrics.

Significance. If the method can be shown to work with a reproducible, model-agnostic tuning procedure and quantitative validation, it would address a practical need in privacy-preserving biometrics by allowing templates that are visually cancelable yet still usable by existing embedding networks. The absence of any reported numbers, stopping criteria, or cross-model tests in the current text prevents assessment of whether this contribution is realized.

major comments (2)
  1. [Abstract] Abstract: the statement that experiments were performed on MNIST and LFW is not accompanied by any quantitative results, accuracy figures, error analysis, or description of how identity preservation was measured, leaving the central empirical claim unsupported.
  2. [Abstract] Abstract and method description: the procedure for locating the 'maximum image distortion that does not change the predicted identity' is not specified (no algorithm, stopping criterion, optimization method, or per-sample search strategy is given), and results are reported only for the models used in the experiments rather than demonstrating invariance across unrelated embedding networks.
minor comments (1)
  1. [Title/Abstract] The title refers to 'Non-Distortive' templates while the abstract describes an image distortion technique; this tension should be clarified in the introduction.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive report. We address each major comment below and have revised the manuscript to improve clarity, add missing details, and strengthen the presentation of results where appropriate.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the statement that experiments were performed on MNIST and LFW is not accompanied by any quantitative results, accuracy figures, error analysis, or description of how identity preservation was measured, leaving the central empirical claim unsupported.

    Authors: We agree that the abstract would benefit from explicit quantitative support. In the revised manuscript we have updated the abstract to report the key accuracy figures achieved on both MNIST and LFW, together with a concise statement of how identity preservation was measured (unchanged top-1 prediction of the embedding network after distortion). The full error analysis and per-sample statistics remain in the experimental section but are now cross-referenced from the abstract. revision: yes

  2. Referee: [Abstract] Abstract and method description: the procedure for locating the 'maximum image distortion that does not change the predicted identity' is not specified (no algorithm, stopping criterion, optimization method, or per-sample search strategy is given), and results are reported only for the models used in the experiments rather than demonstrating invariance across unrelated embedding networks.

    Authors: The original method section described the overall distortion approach but lacked an explicit algorithmic statement. We have added a dedicated subsection that specifies the per-sample binary-search procedure, the stopping criterion (first distortion level at which the model output changes), and the optimization method used. Regarding cross-model invariance, the tuning procedure is deliberately model-specific; each embedding network receives its own maximum-distortion threshold. We have clarified this point in the text and added a short discussion noting that the same search strategy can be applied to any new network without modification of the core algorithm, while acknowledging that empirical validation on additional unrelated models would require further experiments. revision: partial

Circularity Check

0 steps flagged

No circularity: no equations, derivations, or self-citation chains present

full rationale

The provided abstract and visible text introduce a distortion technique and a maximum-distortion test but contain no equations, parameter-fitting steps, or derivations. No load-bearing claims reduce to self-definition, fitted inputs renamed as predictions, or self-citation. The central assertion is an empirical technique whose validity would require external validation rather than internal reduction; absence of any mathematical chain means the derivation is self-contained by default. No steps qualify under the enumerated patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No technical details available from abstract; cannot enumerate free parameters, axioms, or invented entities.

pith-pipeline@v0.9.0 · 5624 in / 985 out tokens · 34057 ms · 2026-05-24T03:36:04.250792+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

29 extracted references · 29 canonical work pages · 8 internal anchors

  1. [1]

    Artificial Intelligence for Cybersecurity, Advances in Information Security, vol. 54. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3- 030-97087-1, https://link.springer.com/10.1007/978-3-030-97087-1

    work page doi:10.1007/978-3- 2022

  2. [2]

    Bio-inspiring cyber security and cloud services: trends and innovations pp

    Amin, R., Gaber, T., ElTaweel, G., Hassanien, A.E.: Biometric and traditional mobile authentication techniques: Overviews and open issues. Bio-inspiring cyber security and cloud services: trends and innovations pp. 423–446 (2014)

    work page 2014

  3. [3]

    Security and Communication Networks 2021, 6624890 (2021)

    Bok-Min, G., Abanda, Y., Tiedeu, A., Kom, G.: Image encryption with fu- sion of two maps. Security and Communication Networks 2021, 6624890 (2021). https://doi.org/10.1155/2021/6624890, https://doi.org/10.1155/2021/6624890

    work page doi:10.1155/2021/6624890 2021

  4. [4]

    IEEE Signal Processing Magazine 29(6), 141–142 (2012)

    Deng, L.: The mnist database of handwritten digit images for machine learning research. IEEE Signal Processing Magazine 29(6), 141–142 (2012)

    work page 2012

  5. [5]

    Database 1(3), 1–8 (2007)

    Galbally, J., Fierrez, J., Ortega-Garc´ ıa, J.: Vulnerabilities in biometric systems: Attacks and recent advances in liveness detection. Database 1(3), 1–8 (2007)

    work page 2007

  6. [6]

    In: 2016 IEEE Conference on Computer Vision and Pattern Recog- nition (CVPR)

    Gatys, L.A., Ecker, A.S., Bethge, M.: Image style transfer using convolutional neu- ral networks. In: 2016 IEEE Conference on Computer Vision and Pattern Recog- nition (CVPR). pp. 2414–2423 (2016). https://doi.org/10.1109/CVPR.2016.265

    work page doi:10.1109/cvpr.2016.265 2016

  7. [7]

    Advances in neural infor- mation processing systems 27 (2014)

    Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. Advances in neural infor- mation processing systems 27 (2014)

    work page 2014

  8. [8]

    Huang, G.B., Ramesh, M., Berg, T., Learned-Miller, E.: Labeled faces in the wild: A database for studying face recognition in unconstrained environments. Tech. Rep. 07-49, University of Massachusetts, Amherst (October 2007)

    work page 2007

  9. [9]

    Image-to-Image Translation with Conditional Adversarial Networks

    Isola, P., Zhu, J., Zhou, T., Efros, A.A.: Image-to-image translation with con- ditional adversarial networks. CoRR abs/1611.07004 (2016), http://arxiv.org/ abs/1611.07004

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  10. [10]

    Future Generation Computer Systems 102, 30–41 (Jan 2020)

    Kaur, H., Khanna, P.: Privacy preserving remote multi-server biometric authenti- cation using cancelable biometrics and secret sharing. Future Generation Computer Systems 102, 30–41 (Jan 2020). https://doi.org/10.1016/j.future.2019.07.023

    work page doi:10.1016/j.future.2019.07.023 2020

  11. [11]

    Adam: A Method for Stochastic Optimization

    Kingma, D.P., Ba, J.: Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

    work page internal anchor Pith review Pith/arXiv arXiv 2014

  12. [12]

    On weight initialization in deep neural networks

    Kumar, S.K.: On weight initialization in deep neural networks. CoRR abs/1704.08863 (2017), http://arxiv.org/abs/1704.08863

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  13. [13]

    CoRR abs/1908.08628 (2019), http://arxiv.org/abs/1908.08628

    Le, H.M., Samaras, D.: Shadow removal via shadow image decomposition. CoRR abs/1908.08628 (2019), http://arxiv.org/abs/1908.08628

    work page arXiv 1908

  14. [14]

    CoRR abs/2103.12997 (2021), https://arxiv.org/abs/2103

    Liu, Z., Yin, H., Wu, X., Wu, Z., Mi, Y., Wang, S.: From shadow generation to shadow removal. CoRR abs/2103.12997 (2021), https://arxiv.org/abs/2103. 12997

    work page arXiv 2021

  15. [15]

    Proceedings of the IEEE 97(6), 1128–1148 (2009)

    Matoba, O., Nomura, T., Perez-Cabre, E., Millan, M.S., Javidi, B.: Optical tech- niques for information security. Proceedings of the IEEE 97(6), 1128–1148 (2009). https://doi.org/10.1109/JPROC.2009.2018367 Embedding Non-Distortive Template Generation 13

    work page doi:10.1109/jproc.2009.2018367 2009

  16. [16]

    In: BMVC 2015- Proceedings of the British Machine Vision Conference 2015

    Parkhi, O., Vedaldi, A., Zisserman, A.: Deep face recognition. In: BMVC 2015- Proceedings of the British Machine Vision Conference 2015. British Machine Vision Association (2015)

    work page 2015

  17. [17]

    Wiley-ISTE, Hoboken, 1st edition edn

    Puech, W.: Multimedia Security 2: Biometrics, Video Surveillance and Multimedia Encryption. Wiley-ISTE, Hoboken, 1st edition edn. (Jul 2022)

    work page 2022

  18. [18]

    U-Net: Convolutional Networks for Biomedical Image Segmentation

    Ronneberger, O., Fischer, P., Brox, T.: U-net: Convolutional networks for biomed- ical image segmentation. CoRR abs/1505.04597 (2015), http://arxiv.org/abs/ 1505.04597

    work page internal anchor Pith review Pith/arXiv arXiv 2015

  19. [19]

    FaceNet: A Unified Embedding for Face Recognition and Clustering

    Schroff, F., Kalenichenko, D., Philbin, J.: Facenet: A unified embedding for face recognition and clustering. CoRR abs/1503.03832 (2015), http://arxiv.org/abs/ 1503.03832

    work page internal anchor Pith review Pith/arXiv arXiv 2015

  20. [20]

    IEEE Access 9, 23409–23423 (2021)

    Subramanian, N., Elharrouss, O., Al-Maadeed, S., Bouridane, A.: Image steganog- raphy: A review of the recent advances. IEEE Access 9, 23409–23423 (2021). https://doi.org/10.1109/ACCESS.2021.3053998

    work page doi:10.1109/access.2021.3053998 2021

  21. [21]

    In: 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)

    Vasluianu, F.A., Romero, A., Van Gool, L., Timofte, R.: Shadow removal with paired and unpaired learning. In: 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). pp. 826–835 (2021). https://doi.org/10.1109/CVPRW53098.2021.00092

    work page doi:10.1109/cvprw53098.2021.00092 2021

  22. [22]

    NormFace: L2 Hypersphere Embedding for Face Verification

    Wang, F., Xiang, X., Cheng, J., Yuille, A.L.: Normface: L2 hypersphere embedding for face verification. CoRR abs/1704.06369 (2017), http://arxiv.org/abs/1704. 06369

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  23. [23]

    Journal of Physics: Conference Series 2337(1), 012009 (sep 2022)

    Yang, P., Zhang, M., Wu, R., Su, Y., Guo, K.: Hiding image within image based on deep learning. Journal of Physics: Conference Series 2337(1), 012009 (sep 2022). https://doi.org/10.1088/1742-6596/2337/1/012009, https://dx.doi.org/10. 1088/1742-6596/2337/1/012009

    work page doi:10.1088/1742-6596/2337/1/012009 2022

  24. [24]

    Computers & Secu- rity 114, 102583 (Mar 2022)

    Yang, W., Wang, S., Kang, J.J., Johnstone, M.N., Bedari, A.: A linear convolution- based cancelable fingerprint biometric authentication system. Computers & Secu- rity 114, 102583 (Mar 2022). https://doi.org/10.1016/j.cose.2021.102583

    work page doi:10.1016/j.cose.2021.102583 2022

  25. [25]

    Jour- nal of Information Security and Applications 58, 102704 (May 2021)

    Yang, W., Wang, S., Shahzad, M., Zhou, W.: A cancelable biometric authentication system based on feature-adaptive random projection. Jour- nal of Information Security and Applications 58, 102704 (May 2021). https://doi.org/10.1016/j.jisa.2020.102704

    work page doi:10.1016/j.jisa.2020.102704 2021

  26. [26]

    SteganoGAN: High Capacity Image Steganography with GANs

    Zhang, K.A., Cuesta-Infante, A., Veeramachaneni, K.: Steganogan: High capacity image steganography with gans. arXiv preprint arXiv:1901.03892 (2019), https: //arxiv.org/abs/1901.03892

    work page internal anchor Pith review Pith/arXiv arXiv 1901

  27. [27]

    IEEE Access 4, 2507–2519 (2016)

    Zhang, Y., Zhang, L.Y., Zhou, J., Liu, L., Chen, F., He, X.: A review of com- pressive sensing in information security field. IEEE Access 4, 2507–2519 (2016). https://doi.org/10.1109/ACCESS.2016.2569421

    work page doi:10.1109/access.2016.2569421 2016

  28. [28]

    IEEE Transactions on Computational Imaging 3(1), 47–57 (2017)

    Zhao, H., Gallo, O., Frosio, I., Kautz, J.: Loss functions for image restoration with neural networks. IEEE Transactions on Computational Imaging 3(1), 47–57 (2017). https://doi.org/10.1109/TCI.2016.2644865

    work page doi:10.1109/tci.2016.2644865 2017

  29. [29]

    Inverting face embeddings with convolutional neural networks

    Zhmoginov, A., Sandler, M.: Inverting face embeddings with convolutional neu- ral networks. ArXiv abs/1606.04189 (2016), https://api.semanticscholar.org/ CorpusID:15785666

    work page internal anchor Pith review Pith/arXiv arXiv 2016