The Three Metrics That Define Every Biometric System
Every biometric authentication system -- fingerprint scanners, facial recognition cameras, iris readers, voice verifiers -- reduces to a single mathematical operation: comparing a live biometric sample against a stored template and deciding whether they match. That decision is governed by a similarity threshold, and the quality of that decision is measured by three metrics that every engineer, security architect, and product manager should understand before deploying any biometric system.
False Accept Rate (FAR) -- also called False Match Rate (FMR)
FAR is the probability that the system incorrectly accepts an impostor. If your system has a FAR of 0.01%, it means that for every 10,000 impostor attempts, one will be incorrectly granted access. FAR is the security metric. Banks, government facilities, and critical infrastructure demand FAR values at or below 0.001% (1 in 100,000). A system with high FAR is fundamentally insecure regardless of its other properties.
False Reject Rate (FRR) -- also called False Non-Match Rate (FNMR)
FRR is the probability that the system incorrectly rejects a legitimate user. If your system has a FRR of 1%, one in every 100 genuine authentication attempts will fail. FRR is the usability metric. Users locked out of their own phones, employees unable to badge into their own offices -- these failures erode trust and drive adoption collapse. Consumer-facing products typically require FRR below 3%.
Equal Error Rate (EER)
EER is the operating point where FAR and FRR are equal. It provides a single number to compare systems head-to-head. Lower EER means better overall discrimination. State-of-the-art face recognition systems achieve EER below 0.1%, while commodity fingerprint sensors hover around 1-2%. EER is useful for benchmarking, but you should never deploy at the EER threshold -- real-world systems must tune FAR and FRR independently based on the use case.
FAR and FRR are inversely related. Lowering the matching threshold accepts more matches -- FAR increases, FRR decreases. Raising the threshold rejects more matches -- FAR decreases, FRR increases. There is no free lunch. Every deployment must choose where on this tradeoff curve to operate.
DET Curves and ROC Curves
A Detection Error Tradeoff (DET) curve plots FRR against FAR on logarithmic axes. The closer the curve hugs the origin, the better the system. DET curves are the standard visualization in biometric evaluation -- NIST uses them exclusively in the Face Recognition Vendor Test (FRVT) reports. They are preferred over ROC curves for biometrics because the log-log scale makes it easier to distinguish high-performing systems in the operationally relevant low-error region.
A Receiver Operating Characteristic (ROC) curve plots the True Accept Rate (1 - FRR) against FAR on linear or semi-log axes. ROC curves are more common in general machine learning literature. A perfect system traces the top-left corner (100% TAR at 0% FAR). The area under the ROC curve (AUC) provides a threshold-independent performance summary -- values above 0.999 indicate excellent discrimination.
When reading either curve, identify the operating point that matches your target FAR and read off the corresponding FRR (or TAR). For example, NIST FRVT 2024 results show top-tier face recognition algorithms achieving FNMR of 0.1% at FMR of 0.001% -- meaning only 1 in 1,000 genuine users is rejected while only 1 in 100,000 impostors is accepted.
Biometric Modality Comparison
Not all biometric modalities are created equal. The table below summarizes typical performance ranges from published benchmarks and standards evaluations. These numbers represent well-tuned systems under controlled conditions -- real-world performance degrades with environmental noise, sensor quality, and population demographics.
| Modality | Typical FAR | Typical FRR | Typical EER | Template Size | Notes |
|---|---|---|---|---|---|
| Fingerprint | 0.001 – 0.1% | 0.2 – 2% | 1 – 2% | ~512 B | Degrades with dry/wet skin, manual labor |
| Face (2D) | 0.001 – 0.01% | 0.1 – 1% | 0.1 – 0.5% | 128–512 floats | NIST FRVT top: 0.1% FNMR @ 0.001% FMR |
| Iris | 0.0001 – 0.001% | 0.5 – 2% | 0.01 – 0.1% | ~256 B | Most discriminative single modality |
| Voice | 0.1 – 1% | 2 – 5% | 2 – 5% | ~1–4 KB | Vulnerable to environmental noise, replay |
Iris recognition delivers the lowest FAR of any single modality, but requires specialized near-infrared sensors and cooperative users. Face recognition has become the dominant modality for remote authentication thanks to ubiquitous front-facing cameras. Fingerprint remains dominant in physical access control. Voice is convenient but has the weakest discrimination and the highest vulnerability to spoofing.
Why Threshold Selection Matters
The matching threshold is the single most consequential parameter in a biometric deployment. Choose wrong and you either lock out legitimate users (high threshold, low FAR, high FRR) or let impostors through (low threshold, high FAR, low FRR). The right threshold depends entirely on the application.
- Banking and financial services: Target FAR < 0.001%. Accept FRR up to 3%. A rejected user can retry or fall back to a PIN -- an accepted impostor drains an account.
- Building access control: Target FAR < 0.01%. FRR below 1%. Employees badge in dozens of times daily. High FRR causes bottlenecks and tailgating as frustrated users hold doors open.
- Phone unlock: Target FAR < 0.005%. FRR below 3%. Apple Face ID targets FAR of approximately 1 in 1,000,000 with multi-frame neural matching. Convenience is paramount -- users unlock 80+ times per day.
- Border control and national ID: Target FAR < 0.0001%. FRR below 5%. One-to-many search against millions of records demands extreme precision. NIST FRVT 1:N evaluations are the gold standard.
The FHE Advantage: Accuracy Without Exposure
Traditional biometric systems store plaintext templates in a database. If that database is breached, every enrolled user's biometric is permanently compromised -- you cannot change your fingerprint like you change a password. This is the fundamental problem that fully homomorphic encryption solves.
FHE allows computation directly on encrypted data. The biometric matching operation -- typically a cosine similarity or inner product between a probe vector and an enrolled template -- executes entirely in the encrypted domain. The server never sees the raw biometric. The result is decrypted only by the client, revealing nothing but the match/no-match decision.
H33 uses the BFV (Brakerski/Fan-Vercauteren) scheme, which operates on exact integer arithmetic. Unlike approximate schemes like CKKS that introduce rounding noise, BFV's modular arithmetic produces bit-identical results to plaintext computation. The encrypted inner product of two 128-dimensional integer vectors yields the exact same similarity score as the plaintext computation. FAR, FRR, and EER are unchanged under encryption.
H33's Approach: BFV-Encrypted Biometric Matching
H33's biometric engine encodes 128-dimensional feature vectors into BFV ciphertexts using SIMD batching. With a polynomial degree of N=4096 and 128 dimensions per user, each ciphertext packs 32 users. The matching operation is a single encrypted inner product -- NTT-domain fused multiply-accumulate with one final INTT -- followed by threshold comparison on the decrypted score.
- Batch size: 32 users per ciphertext
- Matching latency: ~1,109 µs per 32-user batch (~42 µs per individual auth)
- Throughput: 2,172,518 auths/sec sustained on Graviton4 (96 workers)
- Template storage: ~256 KB per user (128x reduction from naive encryption)
- Accuracy: Bit-identical to plaintext -- 0% accuracy loss from encryption
The full authentication pipeline adds ZKP verification (in-process DashMap lookup at 0.085 µs) and Dilithium attestation (~244 µs per batch) for a total of ~1,356 µs per 32-user batch. Every component in the pipeline is post-quantum secure: BFV is lattice-based, SHA3-256 underpins the ZKP proofs, and ML-DSA (Dilithium) provides the attestation signatures.
Practical Guidance: Choosing Your Threshold
When deploying H33's biometric API, the similarity threshold is a parameter you control. Here is a practical framework:
| Use Case | Recommended Threshold | Expected FAR | Expected FRR | Rationale |
|---|---|---|---|---|
| Financial / Banking | 0.85 | < 0.001% | ~2–3% | Maximize security; retry or PIN fallback acceptable |
| Enterprise Access | 0.78 | < 0.01% | ~0.5–1% | Balance security and throughput for daily use |
| Consumer / Phone | 0.72 | < 0.005% | < 0.3% | Minimize friction; multi-factor context reduces FAR risk |
| Border / National ID | 0.90 | < 0.0001% | ~3–5% | 1:N search; extreme precision required |
These thresholds assume 128-dimensional normalized feature vectors and cosine similarity scoring. Actual operating points should be validated against your enrollment population using DET curve analysis. H33's API returns the raw similarity score alongside the match decision, allowing you to tune thresholds in production without re-enrollment.
The critical insight is that none of these accuracy properties change when you move to encrypted biometric matching. BFV's exact integer arithmetic guarantees that the similarity score computed on encrypted templates is identical to the plaintext score. Your DET curves, your threshold calibration, your FAR/FRR operating points -- they all transfer directly. You gain template protection and post-quantum security without sacrificing a single basis point of accuracy.
Ready to Go Quantum-Secure?
Start protecting your users with post-quantum authentication today. 1,000 free auths, no credit card required.
Get Free API Key →