FaceCloak: Learning to Protect Face Templates
Sudipta Banerjee, Anubhav Jain, Chinmay Hegde, Nasir Memon
TL;DR
FaceCloak tackles template inversion in face recognition by learning a renewable binary hash of length $d=64$ that combines a single unprotected template with positive and negative disruptors. It trains a shallow network with losses $L_{id}$, $L_{bin}$, and $L_{div}$ to produce a binary cloak $h \in {-1,+1}^d$ that preserves biometric utility while being difficult to invert. Empirical results on LFW and CFP with ArcFace and FaceNet show minimal biometric loss after cloaking, strong irreversibility (SAR often 0), and high unlinkability, with a tiny footprint and fast inference ($0.28$ ms). The approach is keyless and renewable, capable of suppressing demographic attributes like gender and generalizing to new extractors, making it practical as an add-on with low overhead.
Abstract
Generative models can reconstruct face images from encoded representations (templates) bearing remarkable likeness to the original face, raising security and privacy concerns. We present \textsc{FaceCloak}, a neural network framework that protects face templates by generating smart, renewable binary cloaks. Our method proactively thwarts inversion attacks by cloaking face templates with unique disruptors synthesized from a single face template on the fly while provably retaining biometric utility and unlinkability. Our cloaked templates can suppress sensitive attributes while generalizing to novel feature extraction schemes and outperform leading baselines in terms of biometric matching and resiliency to reconstruction attacks. \textsc{FaceCloak}-based matching is extremely fast (inference time =0.28 ms) and light (0.57 MB). We have released our \href{https://github.com/sudban3089/FaceCloak.git}{code} for reproducible research.