Eye C You

Scared of Data Leakes, we got you !!

Comment

Inspiration

Biometric data (like iris scans and fingerprints) is the ultimate form of identification, but it comes with a terrifying flaw: you can never change your password if your body gets hacked. Recent massive corporate data breaches have proven that storing raw biometric templates in centralized databases is a ticking privacy time bomb.

What it does

Eye C You is a zero-knowledge, privacy-preserving biometric authentication system.

  • Local Crypto Processing: The user's biometric data is captured and immediately encrypted on their local machine using Paillier Homomorphic Encryption. The private decryption key never leaves the client device.
  • Blind Cloud Verification: The encrypted payload is synced to a Supabase cloud database. When a user tries to log in later, a fresh encrypted live scan is sent to the cloud. The cloud gateway performs mathematical verification directly on the ciphertexts, computing the similarity score completely "in the dark."
  • Privacy Preserved: Supabase determines whether the vectors match and returns the encrypted result. The client decrypts it locally to grant access. The cloud never sees the raw biometric data, meaning an administrator or a hacker breaching the database gains absolutely nothing.

How we built it

We engineered a full-stack JavaScript prototype featuring an interactive, split-screen command-line style dashboard built in React and bundled with Vite.

  • The Cryptographic Engine: We built a custom mathematical engine using JavaScript BigInt to implement the Paillier Cryptosystem. It handles large-prime key generation, random blinding factors for IND-CPA security, and modular inverses.
  • The Cloud Infrastructure: We used Supabase as our blind data vault. We wrote custom SQL database schemas to handle array structures and bypassed strict framework typing to execute zero-knowledge homomorphic subtraction.
  • The Pipeline: The frontend uses environment variables (.env) to securely communicate with the cloud gateway, simulating a high-tech biometric hand-off pipeline.

Challenges we ran into

  • Debugging Cryptography in JavaScript: JavaScript is notoriously finicky with massive numbers. Implementing the Paillier mathematical properties required strict usage of native BigInt configurations to prevent rounding errors and floating-point data corruption during modular exponentiation.
  • Vite Import Resolution & Pathing: During integration, we ran into strict build-tool restrictions where our layout components and cryptographic logic directories were isolated outside the compiler's sandbox. Restructuring the folder architecture to align smoothly with Vite’s runtime environment was a great lesson in project configuration.
  • Database Homomorphic Math: Relational databases are built to read data, not compute operations on encrypted hex strings. Getting Supabase to process modular inverses on raw text arrays required defensive data mapping.

Accomplishments that we're proud of

  • A Working Math Engine: We didn't rely on generic, heavy external crypto wrappers; we built and verified the Paillier homomorphic processing highway directly inside our local codebase.
  • Beautiful, Scannable UI: We created a dual-terminal interface that visualizes the exact division between the local client machine and the blind cloud gateway in real time, making complex cryptography instantly understandable to judges.
  • Zero-Knowledge Status: We verified our database state and confirmed that the cloud stores absolutely zero plaintext data.

What we learned

We learned that you don't need a massive tech stack or massive server farms to implement cutting-edge web cryptography. Working through this project gave us deep practical insights into Homomorphic Encryption (HE), data isolation boundaries, and how to structure production-ready environment configurations using Vite and Supabase.

What's next for Eye C You

Right now, our system processes simulated biometric vector coordinates. The immediate next step is to integrate a physical acquisition layer. We plan to hook up the browser's native HTML5 MediaDevices API and use Google MediaPipe Face Mesh to extract real-time 3D eye and eyelid spatial coordinates directly from a standard webcam, funneling real human biometrics straight into our secure cryptographic highway.

Built With

Share this project:

Updates