Privacy-Preserving Face Recognition in the Frequency Domain


  • Yinggui Wang Ant Group
  • Jian Liu Ant Group
  • Man Luo Ant Group
  • Le Yang University of Canterbury
  • Li Wang Ant Group



Computer Vision (CV), Data Mining & Knowledge Management (DMKM)


Some applications may require performing face recognition (FR) on third-party servers, which could be accessed by attackers with malicious intents to compromise the privacy of users’ face information. This paper advocates a practical privacy-preserving FR scheme without key management realized in the frequency domain. The new scheme first collects the components of the same frequency from different blocks of a face image to form component channels. Only part of the channels are retained and fed into the analysis network that performs an interpretable privacy-accuracy trade-off analysis to identify channels important for face image visualization but not crucial for maintaining high FR accuracy. For this purpose, the loss function of the analysis network consists of the empirical FR error loss and a face visualization penalty term, and the network is trained in an end-to-end manner. We find that with the developed analysis network, more than 94% of the image energy can be dropped while the face recognition accuracy stays almost undegraded. In order to further protect the remaining frequency components, we propose a fast masking method. Effectiveness of the new scheme in removing the visual information of face images while maintaining their distinguishability is validated over several large face datasets. Results show that the proposed scheme achieves a recognition performance and inference time comparable to ArcFace operating on original face images directly.




How to Cite

Wang, Y., Liu, J., Luo, M., Yang, L., & Wang, L. (2022). Privacy-Preserving Face Recognition in the Frequency Domain. Proceedings of the AAAI Conference on Artificial Intelligence, 36(3), 2558-2566.



AAAI Technical Track on Computer Vision III