Next Article in Journal
Cybersecurity in the IoT
Next Article in Special Issue
A Review of Honeypots: Fingerprinting Techniques, Detection, and Evasion Mechanisms
Previous Article in Journal
Cybersecurity of Cyber-Physical Systems in the Quantum Era: A Systematic Literature Review-Based Approach
Previous Article in Special Issue
A Temporally Dynamic Feature-Extraction Framework for Phishing Detection with LIME and SHAP Explanations
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 18
Issue 3
10.3390/fi18030126
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Survey on Biometric Authentication for Decentralized Identity Management: Trends, Challenges, and Future Directions

by
Imen Rjab
* and
Layth Sliman
*
Efrei Research Lab, Efrei Paris Pantheon-Assas University, 94800 Villejuif, France
*
Authors to whom correspondence should be addressed.
Future Internet 2026, 18(3), 126; https://doi.org/10.3390/fi18030126
Submission received: 15 January 2026 / Revised: 8 February 2026 / Accepted: 14 February 2026 / Published: 2 March 2026
(This article belongs to the Special Issue Information and Future Internet Security, Trust and Privacy—4th Edition)
Browse Figures
Versions Notes

Abstract

Decentralized Identity (DID) systems aim to restore user control over digital identities by minimizing reliance on centralized authorities. However, ensuring secure identity management in distributed environments remains a significant challenge. Biometric authentication offers a compelling solution by leveraging unique, non-transferable human traits to enhance security and usability compared to traditional methods such as passwords or tokens. Integrating biometrics into DID frameworks represents an important step toward privacy-preserving, user-centric identity verification aligned with the principles of decentralization. Despite growing interest in both biometrics and DIDs, their integration remains largely underexplored in the literature, with hardly any survey providing a systematic analysis of this convergence. This work addresses this gap by presenting a comprehensive review of biometric-enabled DID systems, examining their architectures, potential, and limitations. It emphasizes the role of multimodal biometrics in enhancing accuracy, inclusiveness, and resistance to spoofing, while highlighting key challenges related to data immutability, privacy preservation, interoperability, and regulatory compliance. Overall, this survey establishes a structured foundation for future research on secure, scalable, and privacy-preserving biometric-enabled decentralized identity frameworks.

Graphical Abstract

1. Introduction

In today’s digital world, nearly every aspect of life has moved online. From banking and healthcare to education and government services, most interactions now take place through websites and mobile applications. This shift has undoubtedly made life more convenient, allowing people to access services from anywhere at any time. However, it has also brought significant challenges, chief among them securing digital identities. Authentication systems lie at the core of digital security, as they are responsible for verifying that a person is who they claim to be. Traditionally, identity data was stored centrally within the service provider’s systems. While effective in theory, this approach made user data highly vulnerable to breaches, leaks, and misuse. To address these risks, many organizations have migrated toward Decentralized Identity (DID) systems [1]. DID offers a paradigm shift, granting users ownership and control over their digital identities rather than entrusting them entirely to centralized entities. By using blockchain and other distributed technologies, DID systems aim to reduce the reliance on centralized databases, thereby minimizing single points of failure [2]. Despite these advantages, DID alone does not guarantee complete security. Identity theft, spoofing, and privacy concerns still remain, particularly in the authentication process itself, where proving identity without compromising sensitive data is a delicate balance. It is in this context that biometric authentication emerges as a promising solution. Biometrics, such as fingerprints, facial recognition, or voice patterns, offer a unique, non-transferable method of verifying identity [3]. The integration of biometrics into DID frameworks represents a new era in privacy preserving authentication. Instead of relying solely on passwords, tokens, or other knowledge based factors or even possession based methods such as hardware tokens or smart devices, biometric enabled DID systems can authenticate users based on their inherent physiological or behavioral traits. This could greatly enhance both security and user experience, ensuring that access is granted only to the rightful individual without exposing raw biometric data.
However, the academic and industrial research landscape at this intersection remains limited. Many existing surveys focus exclusively on decentralized identity (DID) technologies, examining their architectures, advantages, and challenges, while others concentrate solely on biometric authentication, analyzing aspects such as accuracy, spoof resistance, and usability. Only a handful of studies address the convergence of these two domains, and systematic surveys that jointly analyze biometric authentication within decentralized identity frameworks are still scarce. In particular, existing reviews rarely investigate how privacy-preserving biometric techniques, implementation feasibility, and multimodal biometric strategies interact with DID architectures and protocols. This lack of integrated analysis highlights the need for a dedicated survey that not only consolidates existing research but also synthesizes architectural, technical, and regulatory perspectives to clarify the design space, trade-offs, and future research directions of biometric-enabled decentralized identity systems.
Such an exploration is not without its challenges, particularly when it comes to securing biometric templates in decentralized environments. It requires advanced privacy-preserving techniques such as homomorphic encryption [4], secure multi-party computation [5], and zero-knowledge proofs [6]. Moreover, biometric traits can evolve over time due to aging, injury, or environmental factors, raising concerns about long-term reliability [7]. Research on managing and utilizing multimodal biometric data within decentralized, user-controlled identity systems also remains limited, facing issues such as data immutability, intra-user variability, and noise across modalities. Additionally, off-chain processing and transmission during enrollment or authentication can expose users to risks like data leakage, linkage attacks, or unauthorized access. Finally, regulatory compliance, ethical considerations, user consent, and the lack of standardization across platforms continue to hinder widespread adoption. Addressing these challenges is essential to building trust in scalable, privacy-preserving, biometric-enabled DID solutions.
In light of these challenges, this survey provides a comprehensive examination of the integration of biometric authentication within decentralized identity (DID) systems, with a particular focus on multimodal approaches. Its key contributions include an overview of the evolution of digital identity systems, emphasizing the transition from centralized to decentralized architectures, an analysis of biometric authentication as a privacy-preserving mechanism within DID frameworks, and a review of recent advancements in biometric data protection techniques, assessing their applicability in decentralized contexts. The survey also identifies critical open challenges and outlines future research directions, offering a strategic roadmap for the development of lightweight, secure, and regulation-compliant biometric authentication solutions tailored to the unique requirements of decentralized identity management.
Overall, this survey serves as a pivotal and comprehensive resource for researchers and practitioners aiming to advance the integration of biometric authentication within decentralized identity systems. By systematically reviewing existing studies, identifying key challenges, and highlighting emerging trends, it bridges a critical gap in the literature. Through its focus on privacy-preserving mechanisms and the expanding role of multimodal biometrics, this survey offers essential insights to inform future research directions and support the development of secure, user-centric, and regulation-compliant DID solutions.

Background and Motivation

In the evolving landscape of digital identity management, Decentralized Identity (DID) systems have emerged as a privacy-preserving alternative to traditional identity models, giving users full control over their digital credentials without relying on centralized authorities. At the same time, biometric authentication has become a widely adopted method for verifying identity, offering a secure and user-friendly way to link individuals to their digital identities. Despite the complementary nature of these technologies, the integration of biometric authentication into DID systems presents several unresolved challenges. These include privacy risks, data immutability, biometric variability, and the absence of standardized frameworks for secure and interoperable implementation [8]. The complexity further increases with multimodal biometrics, where handling multiple types of biometric data requires careful consideration of security, performance, and user experience.
The motivation behind this survey is driven by the growing importance of developing privacy-preserving, secure, and regulation-compliant biometric solutions for decentralized identity management. While previous studies have explored biometric authentication or decentralized identity independently, few have addressed their integration holistically, particularly from the perspective of multimodal approaches and privacy-enhancing technologies. This survey aims to bridge that gap by offering a comprehensive overview of the state-of-the-art, identifying open research challenges, and outlining future directions for this promising intersection of technologies.

2. Survey Focus, Research Questions and Methodology

This survey provides a structured review of recent advancements in biometric authentication in decentralized identity management systems, with a focus on the multimodality approach to enhancing authentication accuracy, robustness, and privacy while addressing the challenges of biometric variability and secure identity verification in decentralized environments.
To structure our analysis, we define a set of focused Research Questions (RQ) and apply a systematic methodology, drawing on established guidelines for conducting literature reviews. This approach enables a comprehensive examination of the integration of biometric authentication, particularly multimodal approaches, within decentralized identity systems, highlighting key trends, challenges, and future directions.

2.1. Research Questions

To guide our investigation into the integration of biometric authentication within decentralized identity (DID) systems, this survey seeks to answer the following questions:
  • RQ1: What trade-offs characterize decentralized identity systems in balancing user autonomy and security with scalability, interoperability, and trust?
  • RQ2: In what ways does biometric authentication outperform or fall short of traditional methods in securing digital identities, especially within decentralized identity frameworks?
  • RQ3: What approaches integrate biometric authentication into decentralized identity systems, and how effective are privacy-preserving techniques in ensuring security?
  • RQ4: How does the adoption of multimodal biometrics within decentralized identity frameworks create new opportunities for security and usability, and what trade-offs does it entail?
  • RQ5: What are the key research gaps and future directions for developing robust, scalable, and secure biometric authentication systems for decentralized identity?
Each research question is systematically addressed in a corresponding part of the survey, where we critically review the existing body of work, identify prevailing methodological approaches, and expose unresolved challenges and research gaps to inform future developments in the field.

2.2. Methodology: PRISMA-Based Systematic Literature Review

To capture and synthesize the breadth of existing research in this domain, we adopted the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) framework to guide our literature review. Recognized as the gold standard for evidence synthesis, PRISMA ensures a transparent, rigorous, and reproducible process for organizing and reporting systematic reviews.Our methodology was inspired by prior works such as [9], which applied PRISMA to define eligibility criteria and conduct structured screening. Following these principles, our survey ensures a transparent and reliable process for selecting and analyzing the literature.
The selection process focused on academic publications from 2020 to 2025, written in English, and directly related to biometric authentication in decentralized identity (DID) systems. Each study was evaluated through the four PRISMA phases: identification, screening, eligibility, and inclusion. Figure 1 illustrates this process. Only methodologically sound and thematically relevant papers were included, ensuring a rigorous synthesis that effectively addresses all research questions with reliable and well-supported evidence.

2.2.1. Identification

An initial pool of 170 articles was collected from important scientific databases such as ACM, SpringerLink, IEEE Xplore and Elsevier. The search was conducted using a set of targeted keywords such as “Biometric Authentication,” “Decentralised Identity Systems”, “Multimodal Biometric Authentication”, “Privacy-preserving techniques”, “Biometric Protection Techniques”, and “Biometrics in DID Systems”. To maintain relevance and rigor, only peer-reviewed articles published in English between 2020 and 2025 were considered. This time window was selected to capture the phase following the stabilization of W3C standards for Decentralized Identifiers and Verifiable Credentials, during which decentralized identity frameworks reached practical and architectural maturity. In this period, privacy-preserving and biometric authentication techniques started to be systematically designed and evaluated within DID-oriented architectures rather than adapted from centralized identity models. Restricting the review to this timeframe ensures the inclusion of recent, technically comparable, and implementation-relevant solutions that accurately reflect the current state of biometric authentication mechanisms integrated within decentralized identity ecosystems.

2.2.2. Screening

A total of 30 duplicate records were eliminated during the data cleaning phase, resulting in 140 unique articles. Subsequently, a preliminary review of titles and abstracts was carried out to ensure alignment with the research scope, which led to the exclusion of 20 studies considered either irrelevant or lacking sufficient depth.

2.2.3. Eligibility

To ensure methodological rigor, the full texts of 120 candidate articles were examined in detail according to predetermined inclusion and exclusion criteria.
  • Inclusion Criteria (IC):Studies were deemed eligible for inclusion if they satisfied the following criteria:
     
    IC1: Published between 2020 and 2025;
     
    IC2: Written in English;
     
    IC3: Propose, evaluate, or review biometric authentication methods, either unimodal or multimodal, within the scope of decentralized identity (DID) systems.
     
    IC4: Address issues of security, privacy, scalability, interoperability or regulatory compliance in biometric-enabled identity frameworks;
     
    IC5: Published in established scientific outlets, including peer-reviewed journals, conference proceedings, preprints, or academic books offering conceptual or methodological insights.
  • Exclusion Criteria (EC): Studies were excluded if they fulfilled any of the following:
     
    EC1: Not published in English;
     
    EC2:Did not address biometric authentication in decentralized identity systems (focused on general cybersecurity, non-biometric authentication methods, or centralized identity models);
     
    EC3: Appeared in non-academic or informal sources, including blogs, online articles, web pages, social media content, editorials, lecture notes, or unpublished theses;
     
    EC4: Lacked methodological rigor, provided insufficient technical depth, or failed to clearly define its scientific contribution;
     
    EC5: Represented duplicate or substantially redundant publications already covered by other included studies.
Following detailed assessment, 16 articles were excluded for lacking methodological rigor or failing to align with the survey objectives.
In the end, 104 articles met the eligibility criteria and were retained for qualitative synthesis. These papers were sourced from a variety of reputable academic databases, including ACM Digital Library (9 papers), SpringerLink (16 papers), IEEE Xplore (28 papers), Elsevier (17 papers) and other sources (34 papers). Collectively, these studies advance the understanding of biometric-enabled decentralized identity systems by addressing challenges, proposing multimodal approaches, exploring privacy-preserving techniques, and outlining future research directions.

3. RQ1: What Trade-Offs Characterize Decentralized Identity Systems in Balancing User Autonomy and Security with Scalability, Interoperability, and Trust?

With the growing reliance on digital services, the management of personal identity has become a critical concern. Traditional identity frameworks, typically governed by centralized authorities, expose users to significant risks, including large-scale data breaches, unauthorized surveillance, and loss of control over personal information. In response, decentralized identity (DID) systems have emerged as a user-centric paradigm that seeks to restore control to individuals through self-managed identifiers and cryptographic mechanisms. While DID systems promise enhanced autonomy, transparency, and security, these benefits introduce new architectural challenges related to scalability, interoperability, and trust in distributed environments. In particular, ensuring privacy and security without undermining system performance or cross-platform compatibility remains a complex issue. Consequently, a range of privacy-preserving and trust-minimizing techniques has been proposed to mitigate data exposure and reinforce user control. This section examines how such mechanisms contribute to balancing user autonomy and security with the persistent challenges of scalability, interoperability, and trust in decentralized identity ecosystems.

3.1. Decentralized Identity System

3.1.1. From Centralized to Decentralized Identity: Evolution of Identity Models

The emergence of decentralized identity systems is best understood through the historical evolution of digital identity models. In the early days of digital identity, centralized systems placed full control over user credentials in the hands of individual service providers, leading to fragmented experiences, inconsistent security, and heightened risks due to single points of failure. Password-based authentication, often weakened by user behavior, further exposed systems to threats like phishing and brute-force attacks [10,11,12]. To address these issues, federated identity systems were introduced, enabling access to multiple services through a single identity provider using standards like SAML and OpenID Connect [13]. While improving usability and scalability, they still relied on centralized authorities, retaining privacy and security risks and requiring complex regulatory coordination. These limitations paved the way for decentralized identity (DID) systems, which give individuals full control over cryptographically verifiable identifiers stored on distributed ledgers and managed via secure digital wallets. DID allows selective disclosure of information, reduces breach risks, and enhances user autonomy [10,11,13,14,15]. However, it also introduces new challenges, such as the responsibility placed on users to manage and secure their credentials, and the need for robust privacy-preserving mechanisms to protect sensitive information, particularly when biometric data or other immutable identifiers are involved. This approach enhances privacy, reduces the risk of centralized breaches, and aligns with the growing demand for transparent, secure, and self-sovereign identity frameworks in the digital age.

3.1.2. Workflow of Decentralized Identity Systems

Decentralized Identity (DID) systems follow a user-centric model that enables individuals to control their identities without relying on centralized authorities. The typical workflow can be broken down into several key phases:
  • DID Generation: A user or entity generates a Decentralized Identifier (DID) by first generating a cryptographic key pair (public and private keys) to enable secure identity verification and authentication [10,16]. Next, a DID Document is assembled, containing essential components such as public keys, service endpoints, and relevant metadata. This document is then published to a decentralized network, such as a blockchain or distributed ledger, using a specific DID method (did:ethr, did:sov, did:ion) [10,16,17,18]. This process ensures that the DID is globally resolvable and cryptographically verifiable, establishing a secure and interoperable identity anchor within decentralized ecosystems.
  • Credential Issuance: Once a DID is established, trusted issuers (governments, universities, or service providers) issue Verifiable Credentials (VCs) to the holder. The issuer verifies the user’s real-world attributes (such as identity or qualifications) and generates a digitally signed VC containing the corresponding claims and metadata. The credential is then transmitted to the user and securely stored in a digital wallet, which manages DIDs, credentials, and associated cryptographic keys in a privacy-preserving manner [2,10,14,16,19,20].
  • Credential Presentation: When proving identity or claims, the user creates a Verifiable Presentation (VP), often using zero-knowledge proofs to disclose only necessary information. The VP is signed with the user’s private key, ensuring authenticity and integrity.
  • Verification: The verifier retrieves the DID Document from the blockchain to verify authenticity, then validates the VC’s signature using the issuer’s public key. It also checks for revocation, expiry, and confirms the presenter’s control over the DID via cryptographic challenge-response. If all checks pass, the credential is accepted; otherwise, it is rejected. This process ensures secure, verifiable, and privacy-preserving identity and claim validation [2,17,20].

3.1.3. Trade-Offs in Decentralized Identity Systems

Despite notable advances in decentralized identity research, existing approaches adopt heterogeneous design choices that prioritize different system objectives. Solutions emphasizing user autonomy and privacy often incur scalability, interoperability, or governance costs, whereas performance-oriented systems may introduce partial centralization or stronger trust assumptions. Table 1 synthesizes these trade-offs by comparing representative studies across architectural, privacy, infrastructure, application, and governance dimensions.
The comparative analysis in Table 1 demonstrates that no existing decentralized identity approach simultaneously achieves strong user autonomy, robust security, high scalability, seamless interoperability, and consistent trust governance. Architectures emphasizing self-sovereignty and privacy effectively reduce dependence on centralized authorities but often introduce cryptographic complexity, performance overhead, and usability challenges. Conversely, scalability-oriented solutions frequently adopt hybrid infrastructures or external trust anchors that partially reintroduce centralization. To address these tensions, recent research explores architectural compromises such as hybrid on-chain/off-chain identity models, standardized trust registries, and privacy-preserving cryptographic mechanisms that limit data disclosure while preserving verifiability. These architectural trade-offs are increasingly reflected in domain-specific applications, where decentralized identity solutions are deployed in financial services for digital onboarding, in e-government platforms for citizen authentication and access to public services, in healthcare systems for secure access to medical records and data sharing, and in supply-chain management for provenance tracking and compliance verification. Despite their practical relevance, many of these deployments continue to rely primarily on knowledge- or possession-based authentication factors, exposing them to credential theft, reuse, and phishing attacks. However, when authentication relies primarily on knowledge or possession-based factors, these approaches remain vulnerable to credential theft, reuse, and phishing attacks. In this regard, biometric authentication emerges as a compelling alternative, offering more natural, user-friendly, and potentially stronger verification based on inherent user traits. This observation motivates the next research question (RQ2), which examines the extent to which biometric authentication outperforms or falls short of traditional methods in securing digital identities, particularly within decentralized identity frameworks.

4. RQ2: In What Ways Does Biometric Authentication Outperform or Fall Short of Traditional Methods in Securing Digital Identities, Especially Within Decentralized Identity Frameworks?

As decentralized identity (DID) systems shift identity control from centralized authorities to individuals, authentication mechanisms play a critical role in ensuring both security and usability. Traditional authentication methods are predominantly based on knowledge factors, such as passwords and PINs, or possession factors, such as smart cards, hardware tokens, or mobile devices. While these mechanisms are widely used to protect digital identities, they exhibit well-known weaknesses that become more pronounced in decentralized settings where users act as their own custodians. Knowledge-based methods are highly susceptible to phishing, brute-force attacks, credential reuse, and poor password hygiene, whereas possession-based methods introduce risks related to loss, theft, duplication, and dependency on external devices. Moreover, both approaches impose a non-negligible cognitive and operational burden on users, who must remember secrets or securely manage physical artifacts. In response to these limitations, biometric authentication has emerged as a promising alternative, offering a more natural and user-friendly means of identity verification based on inherent human traits. Within DID frameworks, biometrics are increasingly considered as a mechanism to strengthen authentication while preserving user autonomy and minimizing reliance on centralized trust anchors.
According to [39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55], biometric authentication refers to the automated recognition of individuals based on distinctive physiological or behavioral characteristics. Physiological biometrics rely on relatively stable anatomical traits such as fingerprints, facial geometry, iris or retina patterns, and hand vein structures, whereas behavioral biometrics analyze dynamic patterns of human activity, including voice characteristics, keystroke dynamics, mouse movements, gait, signatures, and touchscreen interactions. Despite their different properties, both categories aim to provide reliable identity verification by exploiting traits that are difficult to replicate or share. Biometric systems typically operate in two stages, enrollment and authentication. During enrollment, a biometric sample is captured, processed into a digital template, and stored for future comparison. During authentication, a newly captured sample is transformed into a template and matched against the enrolled reference, either in a one-to-one verification scenario or a one-to-many identification setting [43,44,45,46,47,48]. All biometric modalities share the critical advantage of being inherently difficult to replicate or share, making them significantly more resilient to common attack vectors than traditional methods based on passwords or physical tokens. As such, biometrics provide a strong foundation for identity verification, especially in decentralized systems where user controlled, tamper resistant authentication is essential.
From a security perspective, biometric authentication offers several advantages over traditional methods. Since biometric traits are intrinsic to the user, they cannot be easily shared, guessed, or reused across services, providing stronger resistance to impersonation and credential sharing attacks. This property directly addresses vulnerabilities commonly associated with passwords and tokens, such as phishing, brute-force attacks, and physical theft [40]. In decentralized identity environments, where users manage cryptographic keys and credentials independently, biometrics can further enhance security by protecting access to wallets or private keys, thereby reducing the risk of unauthorized identity use. When properly implemented, biometrics can therefore provide a higher level of assurance than traditional authentication factors, particularly in scenarios where usability and security must be balanced. However, biometric authentication also introduces important limitations that distinguish it from conventional methods. Unlike passwords or tokens, biometric traits are inherently non-revocable, meaning that once compromised they cannot be replaced. The leakage of biometric templates may therefore have long-term consequences for user privacy and security. Biometric systems are also vulnerable to presentation attacks, where adversaries attempt to spoof sensors using artificial fingerprints, facial images, or voice recordings. In addition, biometric performance is subject to false acceptance and false rejection errors, which may negatively impact usability and accessibility, particularly for users with disabilities or changing biometric characteristics. These risks highlight that biometrics are not inherently secure by default and require robust protection mechanisms such as liveness detection, template protection, and secure sensor design.
Privacy and trust considerations are especially critical when biometrics are deployed within decentralized identity systems, where trust is inherently distributed and individuals retain direct control over their personal information. Biometric data is highly sensitive and, if improperly stored or transmitted, may enable cross-domain tracking or unauthorized profiling. To mitigate these risks, DID-aligned biometric implementations increasingly emphasize on-device processing, where biometric samples are captured, transformed, and matched locally without leaving the user’s device. In this model, biometrics are used to unlock cryptographic keys or authorize credential usage rather than serving as identifiers themselves. Such an approach naturally complements self-sovereign identity principles by minimizing data disclosure and eliminating centralized biometric repositories. Additionally, because biometric verification can be performed locally, it remains functional in offline or low-connectivity environments, making it particularly suitable for decentralized ecosystems that aim to operate independently of continuous network access or third-party validation [56,57,58,59]. Nevertheless, trust in the integrity of capture devices, enrollment procedures, and local execution environments remains a critical dependency.
From a usability and deployment perspective, biometric authentication offers clear advantages over traditional methods by eliminating the need for memorization or physical token management. Authentication becomes faster and more intuitive, which can improve user experience and encourage adoption of self-sovereign identity solutions. At the same time, biometric systems introduce new deployment constraints, including hardware dependencies, sensor availability, and device heterogeneity. While passwords and tokens can be deployed with minimal infrastructure, biometrics require compatible hardware and secure execution environments, which may limit scalability or increase costs in certain contexts.
Overall, biometric authentication outperforms traditional methods in terms of user convenience, resistance to credential sharing, and strong binding between the individual and their digital identity. These properties make biometrics particularly attractive for decentralized identity systems, where users must securely manage their own credentials without relying on centralized intermediaries. However, biometrics also fall short in areas such as revocability, privacy risk management, and susceptibility to sensor-level attacks. As a result, biometric authentication should not be regarded as a standalone substitute for knowledge- or possession-based methods, but rather as a complementary authentication factor that strengthens identity assurance when integrated with cryptographic safeguards and privacy-preserving mechanisms. To overcome the intrinsic limitations of single-modality authentication, recent research increasingly investigates multimodal and hybrid authentication frameworks that combine multiple factors to improve robustness, usability, and resilience against diverse attack vectors. These approaches are discussed in the subsequent section.

5. RQ3: What Approaches Integrate Biometric Authentication into Decentralized Identity Systems, and How Effective Are Privacy-Preserving Techniques in Ensuring Security?

5.1. Integration of Biometrics into the DID Systems

The integration of biometric authentication into decentralized identity (DID) systems represents an important step toward strengthening secure, user-controlled, and privacy-aware digital identity ecosystems. In this context, biometrics act as an effective mechanism for authenticating individuals by leveraging distinctive physiological or behavioral traits, thereby enabling intuitive and user-bound authentication. By relying on characteristics that are inherently tied to the user, biometric authentication reduces dependence on knowledge- or possession-based credentials and supports stronger identity assurance in decentralized environments. The synergy between biometrics and DID systems is particularly compelling, as biometrics address the challenge of user authentication in the absence of centralized authorities, while DID frameworks provide mechanisms to preserve user control over identity data. Specifically, DID architectures can enhance the protection of biometric information by confining its use to local devices and enabling controlled disclosure through privacy-preserving techniques such as zero-knowledge proofs or secure execution environments. Together, biometrics and DID systems complement each other by combining strong user-bound authentication with decentralized control and privacy guarantees, contributing to identity solutions that better align with principles of data sovereignty and digital trust.

5.1.1. Architecture and Workflow of Biometric-Enabled Decentralized Identity Systems

The architecture of biometric-enabled decentralized identity (DID) systems seamlessly integrates the principles of self-sovereign identity (SSI) with secure and privacy-preserving biometric authentication techniques. These systems aim to empower users with full control over their identity while ensuring robust protection against impersonation and unauthorized access. The integration of biometrics into DIDs follows a structured, multi-phase lifecycle: beginning with secure biometric enrollment, followed by template protection and binding of the biometric identity to a DID, and culminating in decentralized verification [8,16,57,60]. This lifecycle is designed to ensure non-repudiation, integrity, and resilience against attacks while maintaining decentralization and compliance with privacy principles. The authentication workflow can be broadly divided into a registration (enrollment) phase and an authentication (verification) phase.
  • Registration (Enrollment) Phase: The registration phase involves securely capturing and linking the user’s biometric identity to a decentralized identifier (DID). This phase proceeds as follows:
    1.
    Biometric Capture: A user provides biometric input (face, fingerprint) through a trusted capture device, typically a smartphone or kiosk equipped with secure sensors.
    2.
    Feature Extraction and Template Generation: Once the biometric data is collected, it undergoes preprocessing to remove noise and enhance quality. This may include normalization, alignment, and contrast adjustment, depending on the modality. The system then applies feature extraction techniques to identify the most relevant and distinguishing characteristics of the biometric signal. These features are used to generate biometric templates using either traditional methods or AI-based approaches. The resulting template captures the unique traits of the user in a compressed, efficient, and discriminative format suitable for matching and verification.
    3.
    Template Protection:To prevent security and privacy risks, the raw biometric template is never stored or transmitted directly. Instead, it is transformed using a protection mechanism such as cancelable biometrics or a biometric cryptosystem. This transformation ensures that the stored template is non-invertible.
    4.
    DID Creation and Binding: The user creates a decentralized identifier (DID), which is associated with the protected biometric template through Metadata linkage (in the DID document or off-chain storage reference), Or cryptographic commitments (Pedersen commitments or zk-SNARKs) that prove possession of the biometric without revealing it.
    5.
    Issuance of Verifiable Credentials (VCs): A trusted authority may issue one or more verifiable credentials that attest to identity attributes. These credentials are cryptographically signed and linked to the user’s DID, optionally incorporating biometric-based challenge-response proofs during issuance.
    6.
    Store Identity Artifacts Locally: All sensitive identity components, including the protected biometric template, the user’s DID, and any Verifiable Credentials, are securely stored on the user’s personal device—typically in a digital identity wallet or secure enclave. These components are under the user’s control and are not stored on-chain, ensuring that sensitive data remains private and decentralized.
  • Authentication (Verification) Phase: In the authentication phase, the user proves control over the DID and biometric credential by repeating the biometric process and submitting a proof of identity to the verifier.
    1.
    Biometric Verification Attempt: The user submits a live biometric sample, from which a fresh template is generated and protected using the same method as during registration.
    2.
    Matching Process: The biometric matching process in decentralized identity systems can be performed either locally or remotely, depending on system design and privacy requirements. In local (on-device) matching, the fresh biometric template is compared directly with the reference template stored securely on the user’s device, often within a trusted execution environment (TEE) or secure enclave. This approach offers low latency and eliminates the need to transmit sensitive data externally. In contrast, remote or off-chain matching involves transmitting the protected biometric template (typically encrypted) to an external verifier for processing. To preserve privacy in this setting, advanced cryptographic techniques are employed. Homomorphic encryption enables matching over encrypted templates without revealing biometric data [4], while secure multiparty computation (SMPC) allows multiple parties to jointly compute a match score without disclosing their respective inputs [61]. These methods ensure that biometric verification remains secure and privacy-preserving, even in untrusted environments.
    3.
    Proof Generation: Upon a successful biometric match, the system generates a cryptographic proof binding the authentication result to the user’s DID without exposing sensitive data. This can be done via zero-knowledge proofs (ZKPs) that confirm the match without revealing the biometric data or the template itself [62]. Alternatively, the user can sign a challenge using their DID-linked private key. In scenarios where verifiable credentials (VCs) are involved, the user may present these credentials to a verifier, optionally applying selective disclosure or ZKP-based credential presentation (such as BBS+ signatures or JSON-LD ZKPs) to reveal only the necessary claims while maintaining privacy.
    4.
    Proof Validation and Access: After generating a cryptographic proof of successful biometric authentication, the user submits it to a verifier for validation and access authorization. This process can occur either on-chain or off-chain, depending on the system design. In on-chain validation, a smart contract verifies the proof, such as a zero-knowledge proof (ZKP) or digital signature, using public keys stored in the user’s DID document. If valid, the contract confirms the user’s identity and automatically triggers predefined actions, such as granting access to digital assets, executing transactions, or updating identity records. In off-chain validation, a verifier retrieves the DID document and checks the proof or verifiable credential through cryptographic methods, including signature and integrity verification. Upon successful validation, the verifier authorizes access such as logging the user into a service, unlocking a device, or assigning system permissions.
To provide a clearer and more intuitive understanding of the system, Figure 2 illustrates the architecture and end-to-end workflow of the biometric-enabled decentralized identity system, capturing the involved entities, data flows, and operational phases described above.

5.1.2. Integration Challenges and Architectural Trade-Offs in Biometric-Based Decentralized Identity Systems

  • Overview of Research Objectives and Reported Challenges: Biometric-based Decentralized Identity (DID) systems offer a compelling alternative to traditional identity management systems by enhancing security, promoting user sovereignty, and reducing reliance on centralized authorities. However, integrating privacy-preserving biometric authentication into decentralized architectures introduces architectural trade-offs and systemic limitations that challenge practical implementation, scalability, and interoperability. To better understand the current state of research on biometric-enabled DID systems, it is essential to examine the objectives, contributions, and challenges reported in the literature. Table 2 summarizes key findings from representative research papers, presenting their stated objectives, primary contributions, and the main challenges encountered in implementing biometric-based decentralized identity systems.
    Table 2. Objectives, Contributions, and Challenges in Biometric-Based Decentralized Identity Systems.
    Table 2. Objectives, Contributions, and Challenges in Biometric-Based Decentralized Identity Systems.
    ReferenceObjectiveContributionsChallenges Faced
    [10,21,62,63,64]Design a blockchain-based biometric authentication framework aligned with decentralized identity principlesProposes a decentralized authentication protocol combining blockchain, cancelable biometrics, and zero-knowledge proofs (ZKPs); introduces template protection methods ensuring revocability; integrates DID with verifiable credentials for trustless verificationHigh computational cost of ZKPs/Homomorphic Encryption (HE) affects scalability; template revocation remains difficult; blockchain adds latency, fees, and metadata leaks; trade-off between privacy and usability; lack of global standards for biometric-DID interoperability; limited real-world deployments, with most solutions still at prototype stage
    [64]Enhance security and interoperability in self-sovereign identity systems using biometricsDevelops biometric-backed VC model; demonstrated cross-domain use cases (healthcare, finance); provides an architecture for binding biometric proofs to DID documentsLimited interoperability due to lack of standardization; revocation of biometric-linked credentials is difficult; privacy risks in cross-domain data sharing; reliance on secure hardware (wallets, TEEs) reduces accessibility
    [21]Maps research on decentralized and self-sovereign identity, with attention to biometric integrationReviews 179 papers on SSI, identifying biometrics as a major authentication trend; highlights template protection techniques (fuzzy vault, fuzzy commitment); identifies blockchain and verifiable credentials as common enablers for biometric-DID systemsFragmentation of approaches: no unified global standards for biometrics in DID; privacy-preserving methods (SMPC, HE, FL) still impractical at scale; real-world deployments are limited; persistent tension between usability and strong security
    [8]Develop a framework integrating biometric capture, preprocessing, and template protection with blockchain; propose DID and VC issuance via smart contract-based verificationIntroduces end-to-end integration of biometric processing and blockchain-based verificationBiometrics irreversible if leaked; blockchain scalability and high costs; compliance challenges with GDPR/CCPA; algorithmic bias in recognition; adoption barriers (cost, literacy)
    [65]Examine how DIDs and biometrics can jointly enable self-sovereign identity systemsShowed DIDs with biometrics improve privacy and user control; emphasized W3C standards, VCs, and selective disclosureBlockchain scalability bottlenecks; interoperability gaps; risks from improper biometric handling; regulatory conflicts across regions; limited real-world adoption studies
  • DID-Specific Integration Challenges and Architectural Implications: Decentralized identity (DID) architectures fundamentally alter biometric authentication by redistributing trust and control across wallets, issuers, and verifiers. Consequently, biometric integration in DID systems introduces distinct architectural constraints that affect matching location, protection mechanisms, and stakeholder trade-offs. A first critical implication of this shift concerns where biometric matching is performed. In this context, local biometric matching is particularly well suited for wallet-centric operations where biometrics serve as local authorization rather than global identity verification. It is typically used to unlock the identity wallet, release cryptographic keys, and authorize verifiable credential presentations [66,67]. In this model, biometric data remain on the user’s device and are not shared with issuers or verifiers. This preserves self-sovereignty and limits cross-service linkability. As a result, local matching is appropriate for low- to medium-assurance scenarios, such as accessing digital services, signing transactions, or proving credential possession. However, this approach provides limited verifiable assurance to external parties. It also shifts trust to the wallet software, operating system, and device manufacturer. These factors restrict its applicability in regulated or adversarial environments [66]. In contrast, remote biometric matching is intended for DID scenarios requiring stronger identity guarantees. Examples include remote onboarding, cross-border identity verification, and access to regulated services. These scenarios require verifiers to establish a robust binding between biometric traits and claimed identities beyond the local wallet, introducing significant privacy and architectural challenges. In particular, remote matching risks re-centralizing biometric processing and weakening user control. Although privacy-enhancing techniques such as zero-knowledge proofs or secure multiparty computation have been proposed, their computational cost, protocol complexity, and integration overhead limit real-world deployment [68]. Consequently, most remote biometric verification architectures remain at the proof-of-concept stage and fail to scale beyond controlled environments. In addition to the matching location, the roles of decentralized identifiers (DIDs), verifiable credentials, and identity wallets strongly constrain biometric protection and authentication choices in decentralized identity systems. Wallets primarily safeguard private keys, credentials, and user consent; consequently, biometrics are mainly used as local authenticators to protect cryptographic material rather than for continuous or global identity recognition. This naturally favors on-device matching and hardware-backed isolation [66]. When biometrics are involved in credential issuance or high-assurance verification, core DID principles—such as selective disclosure, unlinkability, and data minimization—make centralized biometric storage and matching unsuitable. As a result, system designs increasingly rely on privacy-enhancing techniques, including cancelable biometrics, biometric cryptosystems, and zero-knowledge-based verification. However, many of these approaches remain difficult to deploy in practice due to incompatibilities with wallet-centric architectures and resource-constrained environments. Finally, biometric authentication in DID ecosystems involves stakeholders with divergent priorities. Users prioritize usability and privacy, favoring fast, local biometric authentication without external data exposure. Wallet providers balance usability, security, and liability, typically relying on platform biometric APIs and trusted hardware to avoid direct biometric handling. In contrast, issuers and verifiers emphasize assurance, fraud resistance, and regulatory compliance, often favoring stronger or remote biometric verification at the cost of usability or privacy. Regulators further impose auditability and data protection requirements, adding additional constraints. These competing objectives cannot be jointly optimized within a single biometric–DID architecture, which explains why many existing solutions implicitly favor specific stakeholders and struggle to scale across domains.
Across the reviewed literature, the common objective is to integrate biometrics into decentralized identity systems to achieve strong authentication while preserving privacy and enabling interoperability. Contributions range from proposing new architectures and template protection mechanisms to demonstrating real-world applications in finance, healthcare and other sectors. Techniques such as cancelable biometrics and fuzzy vaults, have been explored as means of making biometric authentication both secure and decentralized, while blockchain integration ensures immutability and transparency of identity proofs. However, the integration of privacy-preserving biometrics into decentralized architectures introduces several architectural trade-offs and systemic limitations that challenge scalability, security, and interoperability.
One of the most prominent challenges is the computational complexity of advanced cryptographic techniques. Methods such as homomorphic encryption (HE), secure multiparty computation (SMPC), and zero-knowledge proofs (ZKPs) protect confidentiality during biometric matching and verification, yet they impose high computational and storage overheads. This creates latency, energy consumption, and scalability bottlenecks particularly in mobile, IoT, and edge environments where fast and lightweight authentication is required.
Equally critical are challenges of storage and data governance. While on-chain storage of biometric templates or cryptographic commitments ensures immutability and transparency, it poses severe privacy and compliance risks, especially given regulations like GDPR and CCPA that mandate data minimization and revocability. Hybrid and off-chain models mitigate these risks but reintroduce reliance on third-party infrastructure or user hardware, undermining the decentralization principle.
The inherent non-revocability of biometric traits further complicates secure identity management. Cancelable biometrics and biometric cryptosystems provide partial solutions by enabling template transformation and regeneration, but these approaches face limited standardization and compatibility with existing DID protocols. Their experimental status means that practical revocation and reissuance remain unresolved in real-world implementations.
A critical and underexplored challenge lies in the heterogeneous and sometimes conflicting regulatory and standardization landscape governing decentralized identity and biometric authentication. Legal frameworks such as GDPR and eIDAS emphasize data protection, accountability, and assurance levels, imposing strict constraints on biometric data processing, storage, and cross-border use. In contrast, standards developed by ISO/IEC, ETSI, ENISA, the FIDO Alliance, and W3C primarily focus on technical security properties, authentication protocols, and data models, often without fully addressing regulatory compliance or decentralized ownership assumptions. As a result, many of these standards remain optimized for domain-specific or platform-centric applications rather than interoperable, self-sovereign identity systems. This misalignment reinforces a broader lack of global interoperability. DID ecosystems remain fragmented across platforms, identifier schemes, and credential formats, while biometric systems vary widely in modalities, feature representations, and storage architectures. Consequently, biometric credentials are often tightly coupled to specific infrastructures, limiting portability and undermining the practical realization of universal self-sovereign identity. Although W3C Decentralized Identifiers and Verifiable Credentials provide a partial foundation for interoperability, adoption remains limited, and support for privacy-preserving biometric integration is still insufficient. Overall, this divergence creates a regulatory–technical gap: biometric standards define how authentication should be secured and evaluated, while DID standards define how identity should be represented and exchanged. However, no unified framework reconciles legal compliance, biometric protection, and decentralized control. Many proposed biometric–DID systems therefore satisfy individual standards in isolation but struggle to achieve cross-standard compliance, significantly limiting their deployability in regulated, real-world environments.
Usability and user experience also emerge as recurring barriers. Complex multi-step authentication workflows, long proof generation times, and unintuitive interfaces reduce accessibility and discourage adoption, particularly for non-technical users. On the other hand, simplifying interfaces at the expense of privacy or verification rigor opens the door to spoofing and identity theft. Designing systems that balance security, privacy, and ease of use is a non-trivial and still largely unsolved problem.
Finally, governance and trust infrastructures in biometric-based DIDs are still underdeveloped. Despite claims of full decentralization, many architectures still rely on trusted third parties. This introduces potential single points of failure and undermines the self-sovereignty principle. Adoption is further hindered by socioeconomic barriers such as the cost of secure hardware, limited access in disadvantaged regions, and algorithmic bias in biometric recognition systems that disproportionately affect certain demographic groups.
In summary, the literature highlights several critical gaps that must be addressed to improve the robustness, scalability, and real-world deployment of biometric-enabled decentralized identity systems:
  • Scalability limits from heavy cryptography, AI biometrics, and blockchain latency/fees.
  • Privacy and compliance risks due to biometric immutability, storage overhead, and weak governance.
  • Security issues including spoofing, fragile key management, and poor revocation.
  • Interoperability gaps stemming from limited standardization across DID methods, credential formats, biometric representations, and blockchain platforms.
  • Usability challenges from complex workflows, enrollment errors, weak recovery.
  • Governance and centralization risks from third-party reliance and unclear oversight.
  • Regulatory and ethical uncertainties around biometric data collection, compliance and adoption risks.
  • Ecosystem immaturity with most solutions still at prototype stage, weak tooling, and limited real-world deployment.
By addressing these challenges, future research can enable the development of decentralized identity systems that are not only secure and privacy-preserving, but also scalable, user-friendly, and suitable for real-world deployment across diverse domains. A clearer understanding of these architectural trade-offs provides the foundation for exploring how biometric data can be safeguarded against misuse, leakage, or irrevocable compromise. The next section therefore turns to privacy-preserving techniques for biometric-enabled decentralized identity systems, highlighting the methods designed to balance robust authentication with strict protection of user data.

5.2. Privacy-Preserving Techniques for Biometric Identity in Decentralized Identity Systems

The integration of biometrics into decentralized identity (DID) systems introduces powerful capabilities for secure and user-centric authentication, but it also raises significant privacy concerns. Unlike passwords or tokens, biometric traits are immutable and uniquely tied to individuals, making their protection critical in the context of decentralized identity frameworks where users retain control over their personal data. In decentralized settings, where there is no centralized authority to safeguard sensitive information, the risk of biometric leakage, misuse, or irrevocable compromise becomes even more pronounced. Therefore, ensuring privacy at every stage of the biometric lifecycle, such as capture, storage, transmission, matching, and verification is essential. This section presents the key techniques used to preserve privacy in biometric-enabled DID systems.

5.2.1. Template Protection Techniques

These methods directly operate on biometric templates to prevent unauthorized access, misuse, or inversion:
  • Cancellable Biometrics: Cancelable biometrics are a privacy-preserving approach that transforms original biometric data using a non-invertible function before storage, ensuring the stored template cannot be reversed to reveal the original features. If compromised, templates can be revoked and regenerated by applying a different transformation, offering reusability and security. Techniques such as bio-hashing, salting with random projections, geometric and feature-space transformations, block permutation, and surface folding are used to make reconstruction of the original data computationally infeasible, while enabling secure and flexible template management [69,70,71,72].
  • Biometric Cryptosystems: Biometric cryptosystems are advanced template protection methods that combine biometric data with cryptographic techniques. Their primary purpose is either to secure a cryptographic key using biometric characteristics or to generate a key directly from the unique features of an individual’s biometric data. In biometric cryptosystems, securing cryptographic keys involves two main strategies: key generation and key binding, each addressing the challenge of biometric variability while preserving security and privacy. In key generation, cryptographic keys are derived directly from biometric inputs using primitives like secure sketches and fuzzy extractors. Secure sketches enable recovery of the original or a close approximation of a biometric sample from a noisy input without revealing significant biometric information, while fuzzy extractors generate stable, uniformly random keys and accompanying helper data that allow reliable key regeneration from similar future samples. These mechanisms provide strong error tolerance and privacy guarantees, making them ideal for decentralized identity systems that avoid persistent key storage [73,74,75,76]. In contrast, key binding securely associates an existing key with a biometric template such that the key can only be retrieved when a closely matching biometric sample is presented. Even if the helper data is exposed, neither the key nor the biometric can be reconstructed without the correct input [74,77]. Two prominent constructions for key binding are the fuzzy vault, which encodes a key into a polynomial hidden among biometric and chaff points [78,79], and the fuzzy commitment, which uses error-correcting codes to bind a key to binary biometric data, enabling recovery and verification via hashing [58,80,81]. Both methods offer robust protection against biometric noise and unauthorized access, making them foundational tools in privacy-preserving biometric authentication.

5.2.2. Privacy-Preserving Techniques for Computation and Verification

These approaches enable biometric matching and identity proof generation without revealing the underlying data:
  • Zero-Knowledge Proofs (ZKPs): Zero-Knowledge Proofs (ZKPs) allow users to prove possession of valid biometric credentials or a match with stored templates without revealing the biometric data itself, ensuring privacy even on public blockchains. They also enable selective disclosure, letting users reveal only chosen attributes or prove knowledge of a key linked to biometric secrets. Efficient variants like zk-SNARKs and zk-STARKs make ZKPs suitable for smart contracts in decentralized identity systems, though their high computational cost poses challenges for use on lightweight or edge devices [82,83,84].
  • Homomorphic Encryption (HE): Homomorphic Encryption (HE) enables computations directly on encrypted biometric data, allowing identity verification without ever exposing raw features. In biometric systems, templates are encrypted during enrollment and stored securely; during authentication, the fresh sample is also encrypted and compared through ciphertext-based similarity checks. This ensures that neither matching scores nor biometric data are exposed, protecting against reconstruction attacks in decentralized settings, though the high computational cost of Fully Homomorphic Encryption (FHE) limits real-time use, making lighter HE variants more practical for biometric applications [85,86].
  • Secure Multiparty Computation (SMPC): Secure Multiparty Computation (SMPC) enables multiple parties to jointly compute functions over private biometric data without revealing it, ensuring privacy and correctness even under semi-honest or malicious threat models. Techniques like Yao’s Garbled Circuits and the BGW/GMW protocols support decentralized biometric verification aligned with DIDs, though the approach remains resource-intensive due to its communication and computation overhead [61,87].

5.2.3. Decentralized Learning and Privacy-Aware Model Training

  • Federated Learning: Federated Learning (FL) is increasingly recognized as an important mechanism for enabling privacy-aware training of biometric models in decentralized identity (DID) systems, as it avoids the need to centralize sensitive biometric data while still allowing collaborative model improvement [88,89,90]. By keeping raw biometric samples on user devices and aggregating only model updates, FL aligns well with the principles of data minimization, user sovereignty, and decentralized trust that underpin DID architectures. Across the literature, FL is shown to mitigate large-scale data leakage risks and to support the development of robust biometric recognition and liveness detection models in distributed and cross-organizational settings [88,89]. Recent studies show that federated learning mitigates the privacy–data accessibility trade-off in deep biometric systems while preserving accuracy and generalization, supporting its use in decentralized identity environments with fragmented data [89,90]. However, the effectiveness of FL in biometric-enabled DID systems is constrained by several limitations. Biometric data are typically highly heterogeneous and non-IID due to variations in sensors, acquisition conditions, and user populations, which can negatively impact convergence and accuracy under standard federated optimization schemes [91]. In addition, FL alone does not provide strong privacy guarantees, as model updates may still leak sensitive information through inference or reconstruction attacks, necessitating complementary protections such as secure aggregation or differential privacy. Practical deployment is further challenged by communication overhead, device variability, and limited standardization. As a result, while federated learning is a promising building block for privacy-preserving biometric-DID systems, it remains insufficient as a standalone solution.
  • Differential Privacy: Differential Privacy (DP) offers formal and quantifiable protection against biometric data leakage by introducing calibrated noise that limits the influence of any single individual on released outputs or learned models. In biometric-enabled decentralized identity (DID) systems, DP is primarily applied during biometric model training or update sharing, where it mitigates inference and reconstruction attacks on sensitive biometric information. When combined with Federated Learning, DP is typically enforced by perturbing local model updates before aggregation, thereby strengthening privacy guarantees while preserving collaborative learning across distributed users [92]. However, the effectiveness of DP depends on careful calibration of the privacy budget, as excessive noise can degrade biometric recognition accuracy, highlighting an inherent trade-off between privacy strength and system performance.
For a better understanding of these techniques, a structured comparison is needed to assess their practical implications. Table 3 analyzes existing works on leading biometric protection methods, highlighting their advantages, limitations, and implementation challenges. This synthesis clarifies the trade-offs in deploying these techniques within real-world decentralized identity frameworks, where performance, security, and usability must be balanced.
The comparison of biometric template protection techniques highlights the diversity of approaches available to enhance privacy and security in decentralized identity systems, each with distinct strengths, limitations, and practical feasibility. Cancelable biometrics offer revocability and low computational overhead, making them suitable for on-device deployment, though often at the cost of reduced recognition accuracy. Cryptographic methods such as fuzzy vault and fuzzy commitment enable secure key binding without storing raw biometrics, but their adoption is limited by sensitivity to noise, revocation challenges, and alignment constraints. More advanced techniques, including homomorphic encryption, secure multiparty computation (SMPC), and zero-knowledge proofs (ZKPs), provide strong privacy guarantees by preventing direct biometric exposure; however, their high computational and communication costs restrict their use to experimental or hybrid off-chain implementations. Machine learning–based approaches such as federated learning and differential privacy primarily enhance privacy during model training rather than real-time authentication and introduce trade-offs between accuracy, privacy, and system overhead. Overall, these techniques illustrate the tension between privacy, security, efficiency, and usability in biometric-enabled DID systems, motivating the exploration of multimodal biometric approaches to improve robustness and practical deployability. The following section examines this direction in the context of decentralized identity.

6. RQ4: How Does the Adoption of Multimodal Biometrics Within Decentralized Identity Frameworks Create New Opportunities for Security and Usability, and What Trade-Offs Does It Entail?

6.1. Unimodal vs. Multimodal Biometric Authentication: A Comparative Analysis

As decentralized identity (DID) systems continue to evolve, biometrics have emerged as a powerful enabler of secure and user-centric authentication. Yet, relying on a single biometric trait, such as a fingerprint, iris, or facial scan, comes with inherent weaknesses. Factors such as environmental variability, sensor quality, physiological differences among users, and exposure to adversarial attacks can compromise the reliability and stability of unimodal systems. These vulnerabilities not only increase false acceptance and rejection rates but also expose users to higher risks of spoofing and identity fraud.
Based on existing research [99,100,101,102,103], multimodal biometric authentication has emerged as a superior alternative to unimodal systems in decentralized identity (DID) frameworks. By combining two or more biometric traits such as fingerprints, iris scans, and facial recognition or behavioral signals like voice and keystroke dynamics, multimodal systems construct a richer and more resilient identity profile. This integration enhances recognition accuracy by reducing false acceptance and rejection rates, improves inclusivity by addressing non-universality when certain users cannot provide reliable samples for a single trait, and increases robustness against intra-class variations caused by environmental conditions or user inconsistencies.
Equally important, multimodal biometric systems provide substantially stronger resistance to spoofing and adversarial attacks, as successfully imitating multiple independent biometric traits is considerably more difficult than compromising a single modality. By integrating complementary traits, these systems also enhance reliability in large-scale deployments, reducing false matches and enabling graceful degradation when one modality becomes unavailable or unreliable. In decentralized identity contexts, where authentication decisions must be made without centralized oversight or recovery mechanisms, such robustness is essential for maintaining trust and continuity of service.
Taken together, these properties highlight the role of multimodal biometrics as a more accurate, secure, and inclusive foundation for decentralized identity than unimodal approaches. Although multimodal authentication introduces additional system complexity, its ability to improve identity assurance, accommodate diverse user populations, and mitigate fraud makes it particularly well suited to decentralized identity frameworks. The following subsection critically examines the challenges and trade-offs associated with integrating multimodal biometric authentication into decentralized identity systems, focusing on architectural complexity, privacy risks, and operational constraints.

6.2. Multimodal Fusion Strategies and Their Relevance to DID Architectures

Beyond improving recognition accuracy, the effectiveness of multimodal biometric authentication in decentralized identity (DID) systems critically depends on both the selection of biometric modality combinations and the manner in which these modalities are fused. Different combinations of biometric traits address distinct authentication needs in DID environments, ranging from high-assurance identity verification to usability-driven and privacy-sensitive self-sovereign identity (SSI) scenarios.
From a modality-combination perspective, systems combining multiple physiological traits, such as fingerprint–iris or face–iris authentication, primarily seek to maximize reliability and resistance to impersonation by leveraging highly distinctive biometric characteristics. Such combinations are well suited to DID applications requiring strong identity binding and very low false acceptance rates, including financial services and regulated digital credential issuance. However, these systems often depend on specialized sensing hardware, involve more complex enrollment procedures, and raise accessibility concerns, which can limit their practicality for large-scale or resource-constrained DID deployments. In contrast, multimodal systems that integrate physiological and behavioral traits, such as face recognition combined with voice or keystroke dynamics, offer a more balanced trade-off between security and usability. By combining modalities with heterogeneous acquisition properties, they improve robustness against spoofing and partial modality failure, but remain sensitive to environmental noise, behavioral drift, and context-dependent variability, which may degrade recognition performance and necessitate frequent model adaptation. A third category couples biometric traits with continuous behavioral modalities to enable persistent trust assessment beyond the initial authentication event. This approach is particularly relevant in decentralized environments lacking centralized session control, as it enhances resilience against post-authentication attacks and account takeover, but introduces increased energy consumption, continuous data processing overhead, and more complex long-term privacy management.
Beyond the choice of biometric modality combinations, the suitability of multimodal biometric authentication for decentralized identity (DID) architectures is strongly influenced by how these modalities are fused. Fusion strategies determine not only recognition performance, but also privacy exposure, scalability, and architectural alignment with decentralized systems. In this context, multimodal fusion is commonly realized at the feature level, score level, or decision level, each introducing distinct trade-offs relevant to DID deployment.
Feature-level fusion combines biometric representations at the feature extraction stage to produce a joint embedding that maximizes discriminative power, typically yielding the highest recognition accuracy by directly exploiting complementary information from multiple modalities. However, in decentralized identity (DID) contexts, it introduces challenges such as increased computational complexity, larger template sizes, and higher privacy risks, since raw or minimally processed biometric features must be jointly handled. This makes it less suitable for architectures that emphasize data minimization, local processing, and strict privacy guarantees. In contrast, score-level fusion aggregates independently produced matching scores from each modality, offering a balanced trade-off between performance and privacy by allowing separate processing and combining results only at the decision-support level. This modular approach aligns well with DID principles such as interoperability and off-chain computation, enabling flexible integration of heterogeneous modalities and supporting fault tolerance when one modality becomes unavailable. These characteristics make it particularly appropriate for self-sovereign identity (SSI) systems and mobile DID deployments. Finally, decision-level fusion provides the most decentralized and privacy-preserving strategy by allowing each modality to produce independent authentication decisions that are combined through logical or voting-based rules. Although it may reduce accuracy compared to feature-level fusion, it improves robustness, simplifies revocation and modality replacement, and reduces the risk of biometric data leakage, all of which are essential in trustless and privacy-centric identity ecosystems.
From an evaluation perspective, no single modality combination or fusion strategy is universally optimal in DID systems, different multimodal designs are required for high-assurance onboarding, routine SSI authentication, and privacy-sensitive deployments.
Taken together, these observations show that multimodal biometric authentication in decentralized identity (DID) systems should not be treated as a uniform enhancement, but as a configurable design space. The choice of biometric modality combinations and fusion strategies directly impacts accuracy, privacy exposure, fault tolerance, and revocation flexibility. Consequently, effective multimodal DID architectures must carefully align fusion design with the intended security level, usability requirements, and self-sovereign identity constraints.

6.3. Opportunities and Challenges of Multimodal Biometric Authentication in Decentralized Identity Systems

Multimodal biometric authentication holds critical importance in the advancement of decentralized identity (DID) systems, offering a pathway to overcome the well-documented limitations of unimodal approaches. By combining multiple biometric traits, such as fingerprints, iris scans, facial recognition, or voice patterns, these systems deliver higher accuracy, stronger resistance to spoofing, and greater inclusivity for users who may struggle to consistently provide a single biometric trait. This enhanced reliability is especially vital in DID ecosystems, where trust must be established without centralized authorities and where a single point of failure could compromise both security and user sovereignty. However, the adoption of multimodal biometrics also introduces significant challenges: increased architectural complexity, higher deployment costs, interoperability barriers across platforms, and heightened privacy risks associated with the collection and protection of multiple sensitive traits.
To capture these dynamics more systematically, it is essential to examine how multimodal biometric authentication shapes both the strengths and weaknesses of decentralized identity systems. By synthesizing insights from existing research, the Table 4 maps out the key opportunities and challenges identified in the literature, offering a comprehensive perspective on the trade-offs that define the practical implementation of multimodal biometrics in decentralized identity ecosystems.
The review of existing research highlights that multimodal biometric integration into decentralized identity (DID) systems offers clear opportunities, including higher authentication accuracy, resilience against spoofing, enhanced fraud detection, and improved interoperability when combined with blockchain. By leveraging multiple traits and advanced AI/ML models, these systems also provide adaptability across diverse environments and user groups. However, these benefits come with significant challenges: high computational and storage costs, increased system and hardware complexity, synchronization issues across modalities, and unresolved concerns around template revocation, privacy risks, and regulatory compliance. Future research should therefore focus on addressing these gaps by developing lightweight cryptographic protocols, establishing interoperability and standardization frameworks, improving revocation mechanisms for multimodal templates, and designing user-friendly yet secure interfaces that ensure both inclusiveness and regulatory compliance.

7. RQ5: What Are the Key Research Gaps and Future Directions for Developing Robust, Scalable, and Secure Biometric Authentication Systems for Decentralized Identity?

This section synthesizes the findings from RQ1–RQ4 to provide an integrated discussion of the research gaps and future directions for biometric authentication in decentralized identity (DID) systems. Collectively, the previous research questions examined the fundamental challenges of DID infrastructures (RQ1), the comparative strengths and weaknesses of biometrics relative to traditional authentication (RQ2), the integration and privacy-preserving mechanisms required for biometric-enabled DID systems (RQ3), and the opportunities and trade-offs introduced by multimodal biometric systems (RQ4). Taken together, these insights demonstrate that while biometrics can substantially reinforce the security and usability of decentralized identity, significant gaps in privacy, scalability, interoperability, and governance remain unresolved. Closing these gaps is essential for transitioning biometric-enabled DID systems from experimental prototypes to trustworthy infrastructures with global applicability. Accordingly, the following subsections organize the identified research gaps and future directions into coherent thematic dimensions, reflecting the key challenges and opportunities highlighted across RQ1–RQ4.

7.1. Privacy–Efficiency Trade-Offs and Scalability Constraints

A fundamental research gap concerns the trade-offs involved in achieving strong privacy preservation while maintaining computational efficiency. Privacy-enhancing techniques such as zero-knowledge proofs (ZKPs), homomorphic encryption (HE), and secure multiparty computation (SMPC) enable biometric verification without disclosing sensitive traits. However, these techniques impose significant computational and communication overhead. This limitation is particularly pronounced in decentralized and resource-constrained environments, such as mobile devices, IoT ecosystems, and real-time authentication scenarios, where latency, energy consumption, and device heterogeneity directly constrain scalability. When combined with multimodal biometric systems (RQ4), which require additional processing for feature extraction, synchronization, and fusion, these constraints are further amplified. This challenge reflects a fundamental conflict between strong privacy guarantees and the operational requirements of decentralized authentication. Consequently, future research must prioritize lightweight, optimized, and co-designed cryptographic solutions that effectively balance security with practical deployability.

7.2. Biometric Lifecycle Management and Revocability

Biometric-enabled decentralized identity systems face inherent challenges in ensuring revocability and robust lifecycle management of biometric data. Unlike passwords or cryptographic tokens, biometric traits are inherently immutable, making compromise particularly damaging in long-lived identity systems. Although techniques such as cancelable biometrics and multimodal fusion offer partial mitigation, the analysis across RQ2–RQ4 exposes more fundamental lifecycle limitations. In practice, biometric characteristics are not strictly static; they evolve over time due to aging, health conditions, sensor changes, and environmental factors, which can gradually degrade recognition accuracy and reliability. Within decentralized identity systems, where credentials are persistent and recovery mechanisms are intentionally limited, this tension between biometric immutability and natural biometric variability becomes especially pronounced. Multimodal biometric authentication, as discussed in RQ4, partially alleviates this challenge by introducing redundancy and adaptability across multiple traits, thereby improving robustness to temporal variation and sensor failure. However, it also introduces new dependencies between modalities that must be managed throughout the identity lifecycle. Addressing this gap therefore requires biometric-enabled DID architectures that explicitly account for biometric evolution, support secure re-binding or updating of biometric representations over time, and leverage multimodality to maintain continuity of identity without compromising security or long-term trust.

7.3. Standardization and Interoperability Across DID and Biometric Ecosystems

Standardization and interoperability remain fundamentally unresolved challenges at the intersection of decentralized identity and biometrics. As evidenced in RQ1, DID ecosystems are fragmented across blockchain infrastructures, credential models, and governance frameworks. Biometric systems analyzed in RQ2 exhibit even greater heterogeneity in sensing technologies, feature representations, and matching paradigms. This combined fragmentation not only renders cross-platform and cross-chain identity verification largely impractical, but also reflects the lack of standardized frameworks for integrating biometric mechanisms within DID architectures, as identified in RQ3, resulting in limited interoperability and reduced portability across implementations. Furthermore, current standards, including W3C Verifiable Credentials, lack explicit support for privacy-preserving biometric representations, revocability, and standardized multimodal proof composition, as discussed in RQ4. Bridging this gap requires not only extending existing DID/VC standards but also defining interoperable biometric schemas and cryptographic proof interfaces that can operate independently of underlying ledgers and biometric modalities. Without such standardization, large-scale, cross-domain deployment of biometric-enabled decentralized identity systems will remain constrained to isolated, non-interoperable solutions.

7.4. Usability and Inclusiveness

Beyond technical considerations, challenges of usability and inclusiveness demand sustained research attention. As highlighted across RQ1 and RQ2, decentralized identity shifts key management responsibilities onto end-users, which can overwhelm non-technical individuals. Biometrics promise to ease this burden, but issues of demographic bias, accessibility, and uneven recognition accuracy persist. Multimodal systems, as highlighted in RQ4, address some limitations by offering alternative traits, but they also add system complexity and interaction overhead. Future research must adopt a user-centric design philosophy, developing intuitive interfaces, inclusive modality choices, bias-aware algorithms, and seamless recovery mechanisms to make biometric-DID systems equitable and practical for diverse populations.

7.5. Governance, Trust, and Real-World Validation

Significant gaps persist in the governance and real-world validation of biometric-enabled DID systems. Despite extensive academic exploration, most proposed solutions remain confined to proofs of concept with limited empirical testing. Critical governance issues, such as trust assumptions in enrollment authorities, hardware and sensor certification, credential revocation authority, and compliance with legal and regulatory frameworks (GDPR and CCPA), are insufficiently addressed. Without transparent governance models and rigorous empirical validation, decentralized identity systems risk reintroducing hidden centralization and undermining user trust. Consequently, future research should prioritize the design of decentralized governance frameworks, auditable trust and revocation mechanisms, and large-scale pilot deployments in high-stakes domains such as finance, healthcare, and cross-border identity management.
To summarize the discussion above, Table 5 provides an overview of the main research gaps and corresponding future directions identified across RQ1–RQ4. The table highlights the key technical, organizational, and usability-related challenges associated with biometric-enabled decentralized identity systems and outlines the research directions required to address these challenges.
By addressing these gaps, future research can lay the foundation for the next generation of biometric-enabled decentralized identity systems, which are not only technically robust and scalable but also privacy-preserving, interoperable, and trusted by diverse user communities worldwide.

8. Conclusions

Securing digital identities in a decentralized world requires solutions that balance privacy, usability, and trust. While Decentralized Identity (DID) systems empower users by removing reliance on centralized authorities, they remain vulnerable without strong authentication. Biometrics, with their inherent uniqueness and non-transferability, offer a powerful complement, and when integrated into DID frameworks, they can enable more robust, user-centric identity management. Yet, despite the promise, few surveys have examined this intersection in a comprehensive way, leaving an important gap in the literature that this work has sought to address. Our analysis reveals a dual landscape of opportunities and challenges. Biometrics strengthen security beyond traditional methods, while multimodal systems offer higher accuracy, inclusiveness, and resilience against spoofing. At the same time, their integration into decentralized identity faces hurdles such as the computational cost of privacy-preserving techniques, the immutability of biometric data, missing interoperability standards, and trade-offs between scalability and usability. Future research must advance lightweight privacy-preserving protocols, revocable biometric templates, interoperable standards, and user-centric designs. Greater emphasis on multimodal fusion, real-world deployments, and regulation-compliant governance will be vital to translate prototypes into practical solutions. In conclusion, the intersection of biometrics and decentralized identity remains a rarely explored but highly promising frontier. By addressing these gaps, researchers can lay the foundation for secure, scalable, and truly user-sovereign identity systems in the digital era.

Author Contributions

Conceptualization, I.R. and L.S.; methodology, I.R.; validation, I.R. and L.S.; formal analysis, I.R.; writing—original draft preparation, I.R.; writing—review and editing, L.S. and I.R.; supervision, L.S. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
RQResearch Question
DIDDecentralized Identity
ZKPZero-knowledge Proof
FLFederated Learning
DPDifferential Privacy
SMPCSecure Multi-Party Computation

References

  1. Le, H.V.A.; Nguyen, Q.D.N.; Tadashi, N.; Tran, T.H. Blockchain-Based Decentralized Identity Management System with AI and Merkle Trees. Computers 2025, 14, 289. [Google Scholar] [CrossRef]
  2. Ahmed, M.; Islam, A.K.M.; Shatabda, S.; Islam, S. Blockchain-Based Identity Management System and Self-Sovereign Identity Ecosystem: A Comprehensive Survey. IEEE Access 2022, 10, 113436–113481. [Google Scholar] [CrossRef]
  3. Albalawi, S.; Alshahrani, L.; Albalawi, N.; Kilabi, R.; Alhakamy, A. A comprehensive overview on biometric authentication systems using artificial intelligence techniques. Int. J. Adv. Comput. Sci. Appl. 2022, 13, 1–11. [Google Scholar] [CrossRef]
  4. Marcolla, C.; Sucasas, V.; Manzano, M.; Bassoli, R.; Fitzek, F.H.; Aaraj, N. Survey on Fully Homomorphic Encryption: Theory and Applications. Proc. IEEE 2022, 110, 1572–1609. [Google Scholar] [CrossRef]
  5. Lindell, Y. Secure Multiparty Computation. Commun. ACM 2020, 64, 86–96. [Google Scholar] [CrossRef]
  6. Sun, X.; Yu, F.R.; Zhang, P.; Sun, Z.; Xie, W.; Peng, X. A survey on zero-knowledge proof in blockchain. IEEE Netw. 2021, 35, 198–205. [Google Scholar] [CrossRef]
  7. De Keyser, A.; Bart, Y.; Gu, X.; Liu, S.Q.; Robinson, S.G.; Kannan, P.K. Opportunities and Challenges of Using Biometrics for Business: Developing a Research Agenda. J. Bus. Res. 2021, 136, 52–62. [Google Scholar] [CrossRef]
  8. Gudala, L.; Reddy, A.K.; Sadhu, A.K.R.; Venkataramanan, S. Leveraging biometric authentication and blockchain technology for enhanced security in identity and access management systems. J. Artif. Intell. Res. 2022, 2, 21–50. [Google Scholar]
  9. Ogunmakinde, O.E.; Egbelakin, T.; Sher, W.; Omotayo, T.; Ogunnusi, M. Establishing the Limitations of Sustainable Construction in Developing Countries: A Systematic Literature Review Using PRISMA. Smart Sustain. Built Environ. 2024, 13, 609–624. [Google Scholar] [CrossRef]
  10. Dib, O.; Rababah, B. Decentralized Identity Systems: Architecture, Challenges, Solutions and Future Directions. Ann. Emerg. Technol. Comput. 2020, 4, 19–40. [Google Scholar] [CrossRef]
  11. Soltani, R.; Nguyen, U.T.; An, A. A Survey of Self-Sovereign Identity Ecosystem. Secur. Commun. Netw. 2021, 2021, 8873429. [Google Scholar] [CrossRef]
  12. Hosseini, S.M.; Ferreira, J.; Bartolomeu, P.C. Blockchain-Based Decentralized Identification in IoT: An Overview of Existing Frameworks and Their Limitations. Electronics 2023, 12, 1283. [Google Scholar] [CrossRef]
  13. Kyriakidou, D.N.; Papathanasiou, A.M.; Polyzos, G. Decentralized Identity with Applications to Security and Privacy for the Internet of Things. Comput. Netw. Commun. 2023, 1, 244–271. [Google Scholar] [CrossRef]
  14. Mazzocca, C.; Acar, A.; Uluagac, S.; Montanari, R.; Bellavista, P.; Conti, M. A survey on decentralized identifiers and verifiable credentials. IEEE Commun. Surv. Tutor. 2025, 27, 3641–3671. [Google Scholar] [CrossRef]
  15. Schumm, D.; Müller, K.O.E.; Stiller, B. Are we there yet? A study of decentralized identity applications. IEEE Access 2025, 13, 125232–125259. [Google Scholar] [CrossRef]
  16. Alizadeh, M.; Andersson, K.; Schelén, O. Comparative Analysis of Decentralized Identity Approaches. IEEE Access 2022, 10, 92273–92283. [Google Scholar] [CrossRef]
  17. Agarkar, A.A.; Karyakarte, M.; Chavhan, G.; Patil, M.; Talware, R.; Kulkarni, L. Blockchain-Aware Decentralized Identity Management and Access Control System. Meas. Sens. 2024, 31, 101032. [Google Scholar] [CrossRef]
  18. Satybaldy, A.; Subedi, A.; Idrees, S.M. Decentralized Key Management for Digital Identity Wallets. In Blockchain Transformations: Navigating the Decentralized Protocols Era; Springer Nature: Cham, Switzerland, 2024; pp. 47–58. [Google Scholar]
  19. Fang, J.; Feng, T.; Guo, X.; Wang, X. Privacy-Enhanced Distributed Revocable Identity Management Scheme Based on Self-Sovereign Identity. J. Cloud Comput. 2024, 13, 154. [Google Scholar] [CrossRef]
  20. Bai, Y.; Lei, H.; Li, S.; Gao, H.; Li, J.; Li, L. Decentralized and Self-Sovereign Identity in the Era of Blockchain: A Survey. In Proceedings of the 2022 IEEE International Conference on Blockchain; IEEE: Piscataway, NJ, USA, 2022; pp. 500–507. [Google Scholar]
  21. Čučko, Š.; Turkanović, M. Decentralized and Self-Sovereign Identity: Systematic Mapping Study. IEEE Access 2021, 9, 139009–139027. [Google Scholar] [CrossRef]
  22. Butincu, C.N.; Alexandrescu, A. Design Aspects of Decentralized Identifiers and Self-Sovereign Identity Systems. IEEE Access 2024, 12, 60928–60942. [Google Scholar] [CrossRef]
  23. Buttar, A.M.; Shahid, M.A.; Arshad, M.N.; Akbar, M.A. Decentralized identity management using blockchain technology: Challenges and solutions. In Blockchain Transformations: Navigating the Decentralized Protocols Era; Springer Nature: Cham, Switzerland, 2024; pp. 131–166. [Google Scholar]
  24. Moreno, R.T.; García-Rodríguez, J.; Bernabé, J.B.; Skarmeta, A. A trusted approach for decentralised and privacy-preserving identity management. IEEE Access 2021, 9, 105788–105804. [Google Scholar] [CrossRef]
  25. Sedlmeir, J.; Smethurst, R.; Rieger, A.; Fridgen, G. Digital identities and verifiable credentials. Bus. Inf. Syst. Eng. 2021, 63, 603–613. [Google Scholar] [CrossRef]
  26. Montagna, S.; Ferretti, S.; Klopfenstein, L.C.; Florio, A.; Pengo, M.F. Data Decentralisation of LLM-Based Chatbot Systems in Chronic Disease Self-Management. In Proceedings of the 2023 ACM Conference on Information Technology for Social Good (GoodIT ’23); ACM: New York, NY, USA, 2023; pp. 205–212. [Google Scholar]
  27. Vizgirda, V.; Zhao, R.; Goel, N. SocialGenPod: Privacy-Friendly Generative AI Social Web Applications with Decentralised Personal Data Stores. In Companion Proceedings of the ACM Web Conference 2024; ACM: New York, NY, USA, 2024; pp. 1067–1070. [Google Scholar]
  28. Ramírez-Gordillo, T.; Maciá-Lillo, A.; Pujol, F.A.; García-D’Urso, N.; Azorín-López, J.; Mora, H. Decentralized identity management for Internet of Things (IoT) devices using IOTA blockchain technology. Future Internet 2025, 17, 49. [Google Scholar] [CrossRef]
  29. Fugkeaw, S. Achieving Decentralized and Dynamic SSO-Identity Access Management System for Multi-Application Outsourced in Cloud. IEEE Access 2023, 11, 25480–25491. [Google Scholar] [CrossRef]
  30. Luecking, M.; Fries, C.; Lamberti, R.; Stork, W. Decentralized Identity and Trust Management Framework for Internet of Things. In Proceedings of the 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC); IEEE: Piscataway, NJ, USA, 2020; pp. 1–9. [Google Scholar]
  31. Meisami, S.; Dabadie, H.; Li, S.; Tang, Y.; Duan, Y. SigScope: Detecting and Understanding Off-Chain Message Signing-Related Vulnerabilities in Decentralized Applications. In Proceedings of the ACM Web Conference 2025 (WWW ’25); ACM: New York, NY, USA, 2025; pp. 4284–4299. [Google Scholar]
  32. Zhu, X.; He, D.; Bao, Z.; Luo, M.; Peng, C. An Efficient Decentralized Identity Management System Based on Range Proof for Social Networks. IEEE Open J. Comput. Soc. 2023, 4, 84–96. [Google Scholar] [CrossRef]
  33. Murcia, J.M.B.; Cánovas, E.; García-Rodríguez, J.; Zarca, A.M.; Skarmeta, A. Decentralised identity management solution for zero-trust multi-domain computing continuum frameworks. Future Gener. Comput. Syst. 2025, 162, 107479. [Google Scholar] [CrossRef]
  34. Kim, T.M.; Ko, T.; Hwang, B.W.; Paek, H.G.; Lee, W.Y. Self-Sovereign Management Scheme of Personal Health Record with Personal Data Store and Decentralized Identifier. Comput. Struct. Biotechnol. J. 2025, 28, 16–28. [Google Scholar] [CrossRef]
  35. Liu, Z.; Pang, R. Blockchain Applications in Multiple Domains: Current Status, Challenges and Prospects. In Proceedings of the 2025 International Conference on Digital Economy and Information Systems (DEIS ’25); ACM: New York, NY, USA, 2025; pp. 225–230. [Google Scholar]
  36. Kleppmann, M.; Frazee, P.; Gold, J.; Graber, J.; Holmgren, D.; Ivy, D.; Johnson, J.; Newbold, B.; Volpert, J. Bluesky and the AT Protocol: Usable Decentralized Social Media. In Proceedings of the ACM CoNEXT 2024 Workshop on the Decentralization of the Internet (DIN ’24); ACM: New York, NY, USA, 2024; pp. 1–7. [Google Scholar]
  37. Ma, W.; Zhu, C.; Liu, Y.; Xie, X.; Li, Y. A Comprehensive Study of Governance Issues in Decentralized Finance Applications. ACM Trans. Softw. Eng. Methodol. 2025, 34, 208. [Google Scholar] [CrossRef]
  38. Frost, E.; Afrin, A.; Nieße, A.; Ardakanian, O. Robustness in Multi-Agent Energy Systems: The Trade-Off Between Decentralization and Security. In Proceedings of the 16th ACM International Conference on Future and Sustainable Energy Systems; ACM: New York, NY, USA, 2025; pp. 994–995. [Google Scholar]
  39. Bhattacharyya, D.; Ranjan, R.; Alisherov, F.; Choi, M. Biometric Authentication: A Review. Int. J. u- e-Serv. Sci. Technol. 2009, 2, 13–28. [Google Scholar]
  40. Alrawili, R.; AlQahtani, A.A.S.; Khan, M.K. Comprehensive Survey: Biometric User Authentication Application, Evaluation, and Discussion. Comput. Electr. Eng. 2024, 119, 109485. [Google Scholar] [CrossRef]
  41. Agarwal, A.; Ramachandra, R.; Venkatesh, S.; Prasanna, S.M. Biometrics in Extended Reality: A Review. Discov. Artif. Intell. 2024, 4, 81. [Google Scholar] [CrossRef]
  42. Ayeswarya, S.; Singh, K.J. A Comprehensive Review on Secure Biometric-Based Continuous Authentication and User Profiling. IEEE Access 2024, 12, 82996–83021. [Google Scholar] [CrossRef]
  43. Gunuganti, A. Behavioral Biometrics for Continuous Authentication. J. Biosens. Bioelectron. Res. 2023, 1, 1–5. [Google Scholar] [CrossRef]
  44. Hassan, W.; Sabahat, N. Towards Secure Identification: A Comparative Analysis of Biometric Authentication Techniques. VFAST Trans. Softw. Eng. 2024, 12, 105–120. [Google Scholar] [CrossRef]
  45. Ryu, R.; Yeom, S.; Herbert, D.; Dermoudy, J. The design and evaluation of adaptive biometric authentication systems: Current status, challenges and future direction. ICT Express 2023, 9, 1183–1197. [Google Scholar] [CrossRef]
  46. Syed, W.K.; Mohammed, A.; Reddy, J.K.; Dhanasekaran, S. Biometric authentication systems in banking: A technical evaluation of security measures. In 2024 IEEE 3rd World Conference on Applied Intelligence and Computing (AIC); IEEE: Piscataway, NJ, USA, 2024; pp. 1331–1336. [Google Scholar]
  47. Lee, Y.K.; Jeong, J. Securing Biometric Authentication System Using Blockchain. ICT Express 2021, 7, 322–326. [Google Scholar] [CrossRef]
  48. Ryu, R.; Yeom, S.; Kim, S.-H.; Herbert, D. Continuous Multimodal Biometric Authentication Schemes: A Systematic Review. IEEE Access 2021, 9, 34541–34557. [Google Scholar] [CrossRef]
  49. Iskandar, A.; Alfonse, M.; Roushdy, M.; El-Horbaty, E.-S.M. Biometric Systems for Identification and Verification Scenarios Using Spatial Footsteps Components. Neural Comput. Appl. 2024, 36, 3817–3836. [Google Scholar] [CrossRef]
  50. Lucia, C.; Zhiwei, G.; Nappi, M. Biometrics for Industry 4.0: A Survey of Recent Applications. J. Ambient Intell. Humaniz. Comput. 2023, 14, 11239–11261. [Google Scholar] [CrossRef]
  51. Vatchala, S.; Yogesh, C.; Govindarajan, Y.; Raja, M.K.; Ganesan, V.P.A.; Arul, A.V.; Ramesh, D. Multi-Modal Biometric Authentication: Leveraging Shared Layer Architectures for Enhanced Security. IEEE Access 2025, 13, 28029–28041. [Google Scholar] [CrossRef]
  52. Pahuja, S.; Goel, N. Multimodal Biometric Authentication: A Review. AI Commun. 2024, 37, 525–547. [Google Scholar] [CrossRef]
  53. Shethiya, A.S. AI-enhanced biometric authentication: Improving network security with deep learning. Acad. Nexus J. 2024, 3, 1–7. [Google Scholar]
  54. Abdul-Al, M.; Kyeremeh, G.K.; Qahwaji, R.; Ali, N.T.; Abd-Alhameed, R.A. The Evolution of Biometric Authentication: A Deep Dive into Multi-Modal Facial Recognition: A Review Case Study. IEEE Access 2024, 12, 179010–179038. [Google Scholar] [CrossRef]
  55. Patra, G.K.; Rajaram, S.K.; Boddapati, V.N.; Kuraku, C.; Gollangi, H.K. Advancing Digital Payment Systems: Combining AI, Big Data, and Biometric Authentication for Enhanced Security. Int. J. Eng. Comput. Sci. 2022, 11, 10-18535. [Google Scholar] [CrossRef]
  56. Salem, S.H.G.; Hassan, A.Y.; Moustafa, M.S.; Hassan, M.N. Blockchain-Based Biometric Identity Management. Clust. Comput. 2024, 27, 3741–3752. [Google Scholar] [CrossRef]
  57. Abo Alzahab, N.; Rafaiani, G.; Battaglioni, M.; Cavalli, A.; Chiaraluce, F.; Baldi, M. BiometricIdentity dApp: Decentralized Biometric Authentication Based on Fuzzy Commitment and Blockchain. SoftwareX 2024, 28, 101932. [Google Scholar] [CrossRef]
  58. Alzahab, N.A.; Rafaiani, G.; Battaglioni, M.; Chiaraluce, F.; Baldi, M. Decentralized Biometric Authentication Based on Fuzzy Commitments and Blockchain. In Proceedings of the 2024 6th International Conference on Blockchain Computing and Applications (BCCA); IEEE: Piscataway, NJ, USA, 2024; pp. 64–72. [Google Scholar]
  59. Sarier, N.D. Privacy Preserving Biometric Authentication on the Blockchain for Smart Healthcare. Pervasive Mob. Comput. 2022, 86, 101683. [Google Scholar] [CrossRef]
  60. Ou, H.H.; Pan, C.H.; Tseng, Y.M.; Lin, I.C. Decentralized Identity Authentication Mechanism: Integrating FIDO and Blockchain for Enhanced Security. Appl. Sci. 2024, 14, 3551. [Google Scholar] [CrossRef]
  61. Zhou, I.; Tofigh, F.; Piccardi, M.; Abolhasan, M.; Franklin, D.; Lipman, J. Secure Multi-Party Computation for Machine Learning: A Survey. IEEE Access 2024, 12, 53881–53899. [Google Scholar] [CrossRef]
  62. Xie, T.; Zhang, Y.; Song, D. Orion: Zero Knowledge Proof with Linear Prover Time. In Proceedings of the Annual International Cryptology Conference; Springer Nature: Cham, Switzerland, 2022. [Google Scholar]
  63. Faruk, M.J.H.; Islam, M.; Alam, F.; Shahriar, H.; Rahman, A. Bie Vote: A Biometric Identification Enabled Blockchain-Based Secure and Transparent Voting Framework. In Proceedings of the 2022 Fourth International Conference on Blockchain Computing and Applications (BCCA); IEEE: Piscataway, NJ, USA, 2022; pp. 253–258. [Google Scholar]
  64. Lai, J.; Wang, T.; Zhang, S.; Yang, Q.; Liew, S.C. BioZero: An Efficient and Privacy-Preserving Decentralized Biometric Authentication Protocol on Open Blockchain. arXiv 2024, arXiv:2409.17509. [Google Scholar]
  65. Sharma, S.; Saini, A.; Chaudhury, S. Multimodal biometric user authentication using improved decentralized fuzzy vault scheme based on blockchain network. J. Inf. Secur. Appl. 2024, 82, 103740. [Google Scholar] [CrossRef]
  66. Abraham, A.; Schinnerl, C.; More, S. SSI strong authentication using a mobile-phone based identity wallet reaching a high level of assurance. In Proceedings of the 18th International Conference on Security and Cryptography (SECRYPT 2021); SciTePress: Setúbal, Portugal, 2021; pp. 137–148. [Google Scholar]
  67. Iqbal, S.; Irfan, M.; Ahsan, K.; Hussain, M.A.; Awais, M.; Shiraz, M.; Hamdi, M.; Alghamdi, A. A Novel Mobile Wallet Model for Elderly Using Fingerprint as Authentication Factor. IEEE Access 2020, 8, 177405–177423. [Google Scholar] [CrossRef]
  68. Blanton, M.; Murphy, D. Privacy-Preserving Biometric Authentication for Fingerprints and Beyond. In Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy; ACM: New York, NY, USA, 2024; pp. 367–378. [Google Scholar]
  69. Bernal-Romero, J.C.; Ramirez-Cortes, J.M.; Rangel-Magdaleno, J.D.J.; Gomez-Gil, P.; Peregrina-Barreto, H.; Cruz-Vega, I. A Review on Protection and Cancelable Techniques in Biometric Systems. IEEE Access 2023, 11, 8531–8568. [Google Scholar] [CrossRef]
  70. El-Shafai, W.; Mohamed, F.A.H.E.; Elkamchouchi, H.M.; Abd-Elnaby, M.; Elshafee, A. Efficient and Secure Cancelable Biometric Authentication Framework Based on Genetic Encryption Algorithm. IEEE Access 2021, 9, 77675–77692. [Google Scholar] [CrossRef]
  71. Yang, W.; Wang, S.; Shahzad, M.; Zhou, W. A Cancelable Biometric Authentication System Based on Feature-Adaptive Random Projection. J. Inf. Secur. Appl. 2021, 58, 102704. [Google Scholar] [CrossRef]
  72. El-Hameed, H.A.A.; Ramadan, N.; El-Shafai, W.; Khalaf, A.A.; Ahmed, H.E.H.; Elkhamy, S.E.; El-Samie, F.E.A. Cancelable Biometric Security System Based on Advanced Chaotic Maps. Vis. Comput. 2022, 38, 2171–2187. [Google Scholar] [CrossRef]
  73. Yang, W.; Wang, S.; Hu, J.; Tao, X.; Li, Y. Feature Extraction and Learning Approaches for Cancellable Biometrics: A Survey. CAAI Trans. Intell. Technol. 2024, 9, 4–25. [Google Scholar] [CrossRef]
  74. Tantubay, N.; Bharti, J. A Survey of Biometric Key-Binding Biocrypto-System Using Different Techniques. Int. J. Emerg. Technol. 2020, 11, 421–432. [Google Scholar]
  75. Wang, Y.; Li, B.; Zhang, Y.; Wu, J.; Ma, Q. A Secure Biometric Key Generation Mechanism via Deep Learning and Its Application. Appl. Sci. 2021, 11, 8497. [Google Scholar] [CrossRef]
  76. Kuznetsov, O.; Zakharov, D.; Frontoni, E. Deep Learning-Based Biometric Cryptographic Key Generation with Post-Quantum Security. Multimed. Tools Appl. 2024, 83, 56909–56938. [Google Scholar] [CrossRef]
  77. Abd-Aljabbar, A.A.; Hammood, D.A.; Abed, L.H. Secure Cloud Storage Using Multi-Modal Biometric Cryptosystem: A Deep Learning-Based Key Binding Approach. J. Al-Qadisiyah Comput. Sci. Math. 2025, 17, 214–229. [Google Scholar] [CrossRef]
  78. Geißner, H.; Rathgeb, C. Closing the Performance Gap in Biometric Cryptosystems: A Deeper Analysis on Unlinkable Fuzzy Vaults. arXiv 2025, arXiv:2506.22347. [Google Scholar] [CrossRef]
  79. Ponce-Hernandez, W.; Blanco-Gonzalo, R.; Liu-Jimenez, J.; Sanchez-Reillo, R. Fuzzy Vault Scheme Based on Fixed-Length Templates Applied to Dynamic Signature Verification. IEEE Access 2020, 8, 11152–11164. [Google Scholar] [CrossRef]
  80. Elrefaei, L.A.; Al-Mohammadi, A.M. Machine Vision Gait-Based Biometric Cryptosystem Using a Fuzzy Commitment Scheme. J. King Saud Univ.-Comput. Inf. Sci. 2022, 34, 204–217. [Google Scholar] [CrossRef]
  81. Fohr, V.; Rathgeb, C. Deep Multi-Biometric Fuzzy Commitment Scheme: Fusion Methods and Performance. EURASIP J. Inf. Secur. 2025, 2025, 20. [Google Scholar] [CrossRef]
  82. Tran, Q.N.; Turnbull, B.P.; Wang, M.; Hu, J. A Privacy-Preserving Biometric Authentication System with Binary Classification in a Zero Knowledge Proof Protocol. IEEE Open J. Comput. Soc. 2021, 3, 1–10. [Google Scholar] [CrossRef]
  83. Guo, C.; You, L.; Hu, G. A Novel Biometric Identification Scheme Based on Zero-Knowledge Succinct Noninteractive Argument of Knowledge. Secur. Commun. Netw. 2022, 2022, 2791058. [Google Scholar] [CrossRef]
  84. Guo, C.; You, L.; Li, X.; Hu, G.; Wang, S.; Cao, C. A Novel Biometric Authentication Scheme with Privacy Protection Based on SVM and ZKP. Comput. Secur. 2024, 144, 103995. [Google Scholar] [CrossRef]
  85. Yang, W.; Wang, S.; Cui, H.; Tang, Z.; Li, Y. A Review of Homomorphic Encryption for Privacy-Preserving Biometrics. Sensors 2023, 23, 3566. [Google Scholar] [CrossRef]
  86. Palma, D.; Montessoro, P.L. For Your Eyes Only: A Privacy-Preserving Authentication Framework Based on Homomorphic Encryption and Retina Biometrics. IEEE Access 2024, 12, 183688–183706. [Google Scholar] [CrossRef]
  87. Wu, D.; Liang, B.; Lu, Z.; Ding, J. Efficient Secure Multi-Party Computation for Multi-Dimensional Arithmetics and Its Application in Privacy-Preserving Biometric Identification. In Proceedings of the International Conference on Cryptology and Network Security (CANS); Springer Nature: Singapore, 2024; pp. 3–25. [Google Scholar]
  88. Guo, J.; Mu, H.; Liu, X.; Ren, H.; Han, C. Federated Learning for Biometric Recognition: A Survey. Artif. Intell. Rev. 2024, 57, 208. [Google Scholar] [CrossRef]
  89. Srinivasarao, G.; Bhargavi, T. Federated learning to train facial and eye blink recognition models over a decentralized network. Int. J. Mod. Trends Sci. Technol. 2025, 11, 326–332. [Google Scholar]
  90. Campanile, L.; De Biase, M.S.; Marulli, F. Design and Evaluation of a Privacy-Preserving Multi-Level Federated Learning Architecture for Airport Biometric Check-in. Future Gener. Comput. Syst. 2025, 176, 108217. [Google Scholar] [CrossRef]
  91. Lian, F.Z.; Huang, J.D.; Liu, J.X.; Chen, G.; Zhao, J.H.; Kang, W.X. FedFV: A Personalized Federated Learning Framework for Finger Vein Authentication. Mach. Intell. Res. 2023, 20, 683–696. [Google Scholar] [CrossRef]
  92. El Ouadrhiri, A.; Abdelhadi, A. Differential Privacy for Deep and Federated Learning: A Survey. IEEE Access 2022, 10, 22359–22380. [Google Scholar] [CrossRef]
  93. Vinothkanna, R.; Wahi, A. A Multimodal Biometric Approach for the Recognition of Fingerprint, Palm Print and Hand Vein Using Fuzzy Vault. Int. J. Biomed. Eng. Technol. 2020, 33, 54–76. [Google Scholar] [CrossRef]
  94. Rúa, E.A.; Preuveneers, D.; Joosen, W. On the Security of Biometrics and Fuzzy Commitment Cryptosystems: A Study on Gait Authentication. IEEE Trans. Inf. Forensics Secur. 2021, 16, 5211–5224. [Google Scholar] [CrossRef]
  95. Shahreza, H.O.; Rathgeb, C.; Osorio-Roig, D.; Hahn, V.K.; Marcel, S.; Busch, C. Hybrid Protection of Biometric Templates by Combining Homomorphic Encryption and Cancelable Biometrics. In Proceedings of the 2022 IEEE International Joint Conference on Biometrics (IJCB); IEEE: Piscataway, NJ, USA, 2022; pp. 1–10. [Google Scholar]
  96. Yin, W. Zero-Knowledge Proof Intelligent Recommendation System to Protect Students’ Data Privacy in the Digital Age. Appl. Artif. Intell. 2023, 37, 2222495. [Google Scholar] [CrossRef]
  97. Wen, J.; Zhang, Z.; Lan, Y.; Cui, Z.; Cai, J.; Zhang, W. A Survey on Federated Learning: Challenges and Applications. Int. J. Mach. Learn. Cybern. 2023, 14, 513–535. [Google Scholar] [CrossRef]
  98. Liu, B.; Lv, N.; Guo, Y.; Li, Y. Recent Advances on Federated Learning: A Systematic Survey. Neurocomputing 2024, 597, 128019. [Google Scholar] [CrossRef]
  99. Wang, X.; Shi, Y.; Zheng, K.; Zhang, Y.; Hong, W.; Cao, S. User Authentication Method Based on Keystroke Dynamics and Mouse Dynamics with Scene-Irrelated Features in Hybrid Scenes. Sensors 2022, 22, 6627. [Google Scholar] [CrossRef]
  100. Alharbi, B.; Alshanbari, H.S. Face-Voice Based Multimodal Biometric Authentication System via FaceNet and GMM. PeerJ Comput. Sci. 2023, 9, e1468. [Google Scholar] [CrossRef]
  101. Singh, A.; Kant, C. Optimized Hybrid SVM-RF Multi-Biometric Framework for Enhanced Authentication Using Fingerprint, Iris, and Face Recognition. PeerJ Comput. Sci. 2025, 11, e2699. [Google Scholar]
  102. Sumalatha, U.; Prakasha, K.K.; Prabhu, S.; Nayak, V.C. A Comprehensive Review of Unimodal and Multimodal Fingerprint Biometric Authentication Systems: Fusion, Attacks, and Template Protection. IEEE Access 2024, 12, 64300–64334. [Google Scholar] [CrossRef]
  103. Madduluri, S.; Kishorekumar, T. Multimodal Biometric Authentication System for Military Weapon Access: Face and ECG Authentication. Int. J. Comput. Exp. Sci. Eng. 2024, 10, 952–961. [Google Scholar] [CrossRef]
  104. Chen, G.; Luo, D.; Lian, F.; Tian, F.; Yang, X.; Kang, W. A Multimodal Biometric Recognition Method Based on Federated Learning. IET Biom. 2024, 5873909. [Google Scholar] [CrossRef]
  105. Ghafourian, M.; Sumer, B.; Vera-Rodriguez, R.; Fierrez, J.; Tolosana, R.; Moralez, A.; Kindt, E. Combining Blockchain and Biometrics: A Survey on Technical Aspects and a First Legal Analysis. arXiv 2023, arXiv:2302.10883. [Google Scholar] [CrossRef]
Futureinternet 18 00126 g001
Figure 1. PRISMA flow diagram summarizing the article selection process.
Figure 1. PRISMA flow diagram summarizing the article selection process.
Futureinternet 18 00126 g001
Futureinternet 18 00126 g002
Figure 2. Architecture and workflow of a biometric-enabled decentralized identity system.
Figure 2. Architecture and workflow of a biometric-enabled decentralized identity system.
Futureinternet 18 00126 g002
Table 1. Comparative Analysis of Decentralized Identity (DID) Literature.
Table 1. Comparative Analysis of Decentralized Identity (DID) Literature.
Research AreaReferencesContributionsAdvantagesLimitations
Core Architecture and Ecosystem[2,10,11,15,20,21,22,23]Systematic analysis of DID/SSI architectures, clarifying core components such as DIDs, verifiable credentials, and trust frameworks, while identifying adoption and interoperability challenges.User-centric identity control, selective disclosure, portability, enhanced privacy and resilience, and cryptographic interoperability.Lack of standardized governance, limited cross-platform interoperability, scalability constraints, and regulatory uncertainty.
Privacy and Credential Management[19,24,25,26,27]Development of privacy-preserving mechanisms for credential issuance, presentation, and revocation, improving resilience against single points of failure.Fine-grained credential control, reduced over-disclosure, regulatory compliance, and enhanced user data sovereignty.Cryptographic complexity, performance overhead, difficult revocation mechanisms, and usability challenges related to key management.
Infrastructure and Performance[12,14,16,28,29,30,31]Comparative evaluation of DLT-, DHT-, and hybrid DID infrastructures, including IoT-oriented designs, to assess scalability–latency trade-offs.Clear characterization of storage, scalability, and flexibility trade-offs; lightweight protocols for IoT environments.Latency in DHT-based systems, unresolved biometric data risks, limited large-scale IoT validation, increased complexity in hybrid models, and scarce real-world benchmarks.
Domain-Specific Applications[32,33,34,35,36]Investigation of DID adoption in application domains such as social networks, decentralized social media, finance, healthcare, education, and supply chains.Improved privacy and anonymity, enhanced user agency and portability, and increased transparency, traceability, and compliance.Dependence on external trust anchors, privacy exposure of public data, limited scalability and adoption, and regulatory and interoperability barriers.
Governance, Security, and Power Structures[37,38]Analysis of governance and security issues in decentralized ecosystems, identifying persistent centralization risks and proposing taxonomies and safeguards.Improved understanding of governance vulnerabilities, ownership concentration, and the need for transparent standards and safeguards.Inconsistent governance models, Sybil and voting attacks, investor dominance, lack of unified frameworks, and challenges enforcing safeguards across heterogeneous ecosystems.
Table 3. Comparison of Biometric Template Protection Techniques.
Table 3. Comparison of Biometric Template Protection Techniques.
MethodAdvantagesLimitationsReferences
Cancelable BiometricsIrreversible feature transformations; revocable and re-issuable; unlinkable across applications; resistant to replay/linkage attacksPotential accuracy drop; some modalities difficult to transform; transformation functions may be vulnerable to inversion attacks[69,70,71,72]
Fuzzy VaultHides key with chaff; supports unordered data; avoids storage of raw biometric dataDifficult revocation; sensitivity to noise and alignment errors; susceptibility to statistical and correlation attacks[78,79,93]
Fuzzy CommitmentError-correcting codes tolerate biometric variability; efficient for binary data; stores only helper dataNoise/misalignment issues; weak hashes risks; limited reusability[58,80,81,94]
Homomorphic EncryptionEnables computation directly on encrypted biometric data; prevents data exposure during outsourced processingVery high computational overhead; impractical for low-resource or real-time settings; complex key management[85,86,95]
SMPCNo single trusted entity; protects privacy by distributing computation among multiple partiesHigh communication overhead; complex protocol setup; limited scalability in large deployments[61,87]
ZKPsAllow proving possession/validity without exposing biometric template: strong privacy; ideal for trustless systemsComplex proof design; limited support for biometric feature operations; high computation/storage overhead[82,83,84,96]
Federated LearningData stay local; supports collaborative and decentralized model training; reduces large-scale data exposureVulnerable to inference/membership attacks; sensitive to non-IID data, requires secure aggregation infrastructure[88,97,98]
Differential PrivacyFormal privacy guarantees; limits information leakage from data or model updates; composable with other methodsAccuracy loss due to injected noise; challenging privacy–utility trade-off[92]
Table 4. Opportunities and Challenges of Integrating Multimodal Biometrics into Decentralized Identity Systems.
Table 4. Opportunities and Challenges of Integrating Multimodal Biometrics into Decentralized Identity Systems.
ReferencesTechniques UsedOpportunitiesChallenges
[65]  AI-driven biometrics (fingerprint, face, iris, behavioral) with AI models (CNNs, RNNs, anomaly detection) and trends like multimodal, continuous authentication, and blockchain-based identity
Strengthens security and trust by combining multimodal biometrics with blockchain
Improves user control, privacy, and data integrity through decentralized identity (DID) integration
Enhances authentication reliability and fraud resistance via multiple biometric modalities and continuous monitoring
Computational complexity of blockchain + multimodal biometrics
Storage overhead and privacy concerns for biometric templates
Lack of standardization across biometric modalities
[104]   
FedMB framework (federated multimodal biometrics)
Clustered FL (FVAG) for Non-IID data
Complementary fusion (MLP)
Improves accuracy by fusing iris and fingerprint
Privacy-preserving training (data stays local)
Stronger robustness against spoofing
Potential fit for decentralized identity systems
Handles data heterogeneity and missing modalities
Higher system complexity and hardware requirements
Synchronization errors across modalities degrade accuracy
Fusion imbalance between large and small datasets
Increased computational overhead during feature fusion
[105]  
Blockchain–biometric integration (on-chain, off-chain, sidechain, IPFS)
Use of smart contracts, consensus algorithms, DID integration
Applications in identity, PKI, multimodal biometrics, e-voting, IoT, and secure data sharing.
Blockchain ensures immutability and transparency
Multimodal biometrics improve authentication confidence
Enables cross-border, interoperable identity verification
Enables self-sovereign identity (SSI) and DID frameworks
Blockchain scalability limits with biometric datasets
Regulatory compliance issues (GDPR, CCPA)
Revocation of compromised multimodal credentials unsolved
[58]   
Fuzzy commitment + ECCs for biometric template protection
Smart contracts for registration, enrollment, authentication, revocation
On-chain storage of hash + offset, off-chain matching
Multimodal-ready design
Decentralized biometric authentication with privacy preservation
Template protection: biometrics never stored in clear
Portability: users can authenticate from any device
Resistant to spoofing and replay attacks
High gas and deployment costs on public blockchains
Risk of malicious or compromised nodes in open networks
Trust dependency on enrollment centers
Immutability issue: revoked data remain stored (though encrypted)
Table 5. Synthesis of key research gaps and future directions for biometric-enabled decentralized identity systems.
Table 5. Synthesis of key research gaps and future directions for biometric-enabled decentralized identity systems.
RQ(s)Research DimensionKey Research GapsFuture Research Directions
RQ1, RQ3Privacy-Preserving TechniquesPrivacy-enhancing mechanisms for biometric-enabled DID systems incur high computational and communication overhead, limiting scalability and real-time deployment in decentralized environments.Development of efficient ZKPs, HE, SMPC schemes, and AI-based methods, alongside low-cost biometric solutions, suitable for real-time and large-scale environments.
RQ2, RQ4Biometric Revocability and Lifecycle ManagementLimited support for revocation, re-binding, and adaptation to biometric evolution in long-lived decentralized identity systems undermines long-term reliability.Design of cancelable, adaptive, and multimodal biometric templates that enable recovery after compromise.
RQ3, RQ4Standardization and InteroperabilityFragmentation across decentralized identity platforms, credential formats, biometric representations, and blockchain infrastructures hinders cross-domain and cross-chain identity verification.Establishment of unified standards for DID protocols, credential formats, biometric modalities, and blockchain frameworks.
RQ1, RQ2, RQ3SecurityPersistent vulnerabilities related to spoofing attacks, key compromise, and inadequate recovery or revocation mechanisms remain insufficiently addressed.Integration of advanced liveness detection techniques, resilient key management schemes, and robust recovery/revocation strategies to mitigate vulnerabilities.
RQ1, RQ2, RQ4User-Centric Design and InclusivenessUsability, accessibility, and demographic bias remain insufficiently considered in biometric-enabled decentralized identity systems.Development of inclusive and bias-aware authentication mechanisms, intuitive user interfaces, and effective error handling and recovery workflows.
RQ3, RQ4MultimodalityIntegration of multimodal biometric systems into decentralized identity frameworks remains underexplored due to fusion complexity and system overhead.Investigation of efficient fusion strategies and adaptive modality selection to improve robustness, reliability, and inclusiveness across diverse user populations.
RQ1, RQ2, RQ3, RQ4Governance and Empirical ValidationTransparent governance models and large-scale real-world validation of biometric-enabled decentralized identity systems are largely lacking.Design of transparent decentralized governance frameworks, regulatory-aligned system architectures, and real-world pilot deployments in high-stakes application domains.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Rjab, I.; Sliman, L. Survey on Biometric Authentication for Decentralized Identity Management: Trends, Challenges, and Future Directions. Future Internet 2026, 18, 126. https://doi.org/10.3390/fi18030126

AMA Style

Rjab I, Sliman L. Survey on Biometric Authentication for Decentralized Identity Management: Trends, Challenges, and Future Directions. Future Internet. 2026; 18(3):126. https://doi.org/10.3390/fi18030126

Chicago/Turabian Style

Rjab, Imen, and Layth Sliman. 2026. "Survey on Biometric Authentication for Decentralized Identity Management: Trends, Challenges, and Future Directions" Future Internet 18, no. 3: 126. https://doi.org/10.3390/fi18030126

APA Style

Rjab, I., & Sliman, L. (2026). Survey on Biometric Authentication for Decentralized Identity Management: Trends, Challenges, and Future Directions. Future Internet, 18(3), 126. https://doi.org/10.3390/fi18030126

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop