Privacy-Preserving Fingerprint Authentication Using D-H Key Exchange and Secret Sharing

Biometric based remote authentication has been widely deployed. However, there exist security and privacy issues to be addressed since biometric data includes sensitive information. To alleviate these concerns, we design a privacy-preserving fingerprint authentication technique based on Diffie-Hellman (D-H) key exchange and secret sharing. We employ secret sharing scheme to securely distribute fragments of critical private information around a distributed network or group, which softens the burden of the template storage center (TSC) and the users. To ensure the security of template data, the user’s original fingerprint template is stored in ciphertext format in TSC. Furthermore, the D-H key exchange protocol allows TSC and the user to encrypt the fingerprint template in each query using a random one-time key, so as to protect the user’s data privacy. Security analysis indicates that our scheme enjoys indistinguishability against chosen-plaintext attacks and user anonymity. +rough experimental analysis, we demonstrate that our scheme can provide secure and accurate remote fingerprint authentication.


Introduction
Biometric based authentication mainly depends on individual biological characteristics (such as fingerprint, face, iris, and palm print, etc.) or behavioral traits (such as speech and signature, etc.), which is convenient, fast, and less likely to be forgotten, lost, or copied compared to traditional authentication methods like password/tokens [1]. However, biometric based authentication verifies an individual's identity according to the fixed natural connection between an individual and his or her biometrics. Once biometrics are stolen or forged and misused, it will result in significant losses for individuals, businesses, and even the government [2,3]. is is because biological characteristics are usually unique and unchangeable, and they can never be revoked or reused once leaked or stolen [4]. Furthermore, the stolen biometric information may be used to acquire sensitive information about the owner, such as ethnic groups, genetic information, medical diseases, and health records [5]. As a result, developing a biometric authentication technique with privacy protection is critical [6][7][8].
Since the biometric authentication system needs to store and transmit individual biometrics in different entities, it is vulnerable to a variety of attacks [9]. For example, once the hackers or other malicious attackers break the template dataset and obtain the biometric data, they can access to all applications without user authorization where the same biological characteristics have been used [10]. A good biometric template protection system should have the following characteristics [11][12][13]: (1) Diversity: the same biometric data should have different template representations in different databases to resist cross-matching attacks (2) Reusability/revocability: the damaged or stolen template should be able to be revoked and a new template can be regenerated based on the same biometric data, which cannot be matched with the damaged or stolen one successfully (3) Noninvertibility: it is impossible to calculate or obtain a template with reasonable similarity to the original template from the protected template, so as to prevent the adversary's biological fraud attack (4) Performance: the performance of the authentication system cannot be greatly reduced To ensure the template's security in a biometric authentication system [2,14], the extracted biometric template should be protected (encrypted or transformed) being stored.
In this paper, building upon the fingerprint feature representation "FingerCode," we propose a privacy-preserving fingerprint authentication scheme, which employs secret sharing and D-H key exchange. We summarise the contributions of the proposed method as follows: (i) e secret sharing technology effectively reduces the risk of key leakage and relieves storage pressure for users and TSC. (ii) e D-H key exchange technology used built bilinear groups can effectively conceal the real identity of users and generate different templates, which can resist replay attacks and cross-matching attacks. (iii) e proposed scheme can prevent attacks like chosen-plaintext attacks (CPA) and crossmatching attacks and achieve the conditions of diversity, revocability, noninvertibility, and good performance.
e rest of this paper is organized as follows. Section 2 reviews the existing related work in this field. We introduce related knowledge in Section 3.
e system model and construction goals are described in Section 4. Section 5 introduces ours fingerprint protection scheme and Section 6 proves its security. In Section 7, we discuss the test results, and finally, Section 8 concludes this paper.

Related Work
Over the years, a number of biometric template protection schemes have been proposed [15][16][17][18][19]. In this section, we review some approaches that have been proposed to deal with the security and privacy issues of fingerprint authentication systems, which are relevant to the proposed method.
Tuyls [10] and Ratha [20] outlined the types of attacks that the biometric system could face at each stage, and they believed that attacks would range from template collecting to final recognition decision. For example, in the process of template collection, it may be vulnerable to spoofing attacks, brute force attacks, device replacement attacks, and denial of service attacks. In the process of sending the collected fingerprint feature templates to the matcher, there may exist replay attacks, eavesdropping attacks, man-in-the-middle attacks, and brute force attacks [12]. ese surveys show us the right direction for constructing a remote authentication scheme with privacy protection. Different biometric authentication applications in smart cities can help for human lives; thus, there are many scholars who conducted research in this field. For example, El-Latif et al. [21] introduced a score level multibiometrics fusion approach for healthcare. In their proposed approach, they treat the biometric traits of patient/user as a request for healthcare assistance, which are processed in the cloud management and received by the caregiver with valid identification/verification for further treatment. en they use the 1D-log Gabor iris features, two-directional modified fisher principal component analysis ((2 D) 2 MFPCA), and Complex Gabor Jet Descriptor face features for healthcare monitoring. In [22], Sedik et al. presented a system to discriminate pristine, adulterated, and fake biometrics in 5G-based smart cities by detecting alterations to biometric modalities. is work uses a convolutional neural network (CNN) and a hybrid structure that combines CNN with convolutional long-short term memory (ConvLSTM) as DLMs for the detection of different levels of alteration in biometrics that are employed for person identification, which provides a solution for different biometric authentication applications in secure smart cities.
Other research topics of biometrics involve protecting biometric templates and preserving users' privacy. Peng et al. [23] designed a novel biometric cryptosystem scheme based on random projection (RP) and backpropagation neural network (BPNN) to solve the problems of biometric template protection. e main idea of this work is to project the original biometric feature vector onto a fix-length feature vector of random subspace using random projection. After that, a backpropagation neural network model was applied to bind a projected feature vector with a random key. Finally, based on BPNN, a robust mapping between a projected feature vector and a random key is learned to generate an error-correction based biometric cryptosystem.
Zhu et al. [24] suggested a matrix based and efficient biometric outsourcing scheme with privacy protection in 2018, which has good performance in the preparation phase and the recognition phase. However, Liu et al. [25] in 2019 proved this scheme is insecure under chosen-plaintext attack (CPA) and proposed a new matrix transformation-based and privacy-preserving cloud computing, which not only can resist CPA but also has good recognition performance. Zhu et al. [26] proposed a privacy-preserving online fingerprint authentication scheme, named e-Finga, over encrypted outsourced data in 2018. e-Finga is based on bilinear mapping, which outsources the user fingerprint registered in the trust center to other servers under user's authorization, allowing the server to provide safe, accurate, and efficient identity verification services without leaking any fingerprint information. However, this method sends the user's fingerprint template in plain text to the trusted organization in the registration phase, which poses a certain security risk.
Trivedi et al. [27] proposed a noninvertible cancellable fingerprint template generation scheme based on information extracted from the Delaunay triangulation of minutiae points system in 2020. In their method, the location information of the fingerprint without minutiae points was extracted from the triangles to solve the security problem brought by fingerprint reconstruction technology, which can handle the intraclass changes of fingerprints. In the same year, Kaur et al. [28] used cancellable biometrics and secret sharing to develop a privacy-preserving remote multiserver biometric authentication system. eir system allows user to operate safely on diverse applications and can prevent transmission attacks such as replay attacks, man-in-themiddle attacks, and database and server spoofing.

Preliminaries
In this section, we present the bilinear pairing technique and Decisional Diffie-Hellman assumption (DDH) problem and introduce the FingerCode-based identity matching algorithm which is the basis of our scheme.

FingerCode-Based Identity Matching Algorithm.
e FingerCode-based identity matching algorithm utilizes a fixed-length "FingerCode" [29,30] to characterize the fingerprint template, which uses a bank of Gabor filters to extract both local and global details in a fingerprint to produce a feature vector of fixed length, which is usually 640, where each element's length is 8-bit integer. When matching two fingerprints, we usually compute a certain distance between their FingerCodes and decide whether the distance is smaller than a predetermined threshold (τ). For example, given two fingerprint codes X � [x 1 , x 2 , . . . , x n ] and Y � [y 1 , y 2 , . . . , y n ], we can calculate their Euclidean distance using the following equation: e Euclidean distance is then compared to τ. If the Euclidean distance is less than τ, the two fingerprints will be judged to be from the same person. Otherwise, it is judged to be from different persons.

e Decisional Diffie-Hellman Assumption (DDH).
Let G be a cyclic group of prime order p with a generator g, and choose any triplet (g, g a , g b ) for some random values a, b∈ R Z * p to any probability polynomial-time (PPT) and attackers A; the advantage for |Pr

Framework and Design Goals
In this section, we formalize the architecture of the proposed scheme and summarise its security requirements as follows.

System
Architecture. e proposed fingerprint template protection system consists of three types of entities (see Figure 1), which are the template storage center (TSC), the matcher (M l ), and the user (U i ). We assume that TSC is a trusted participant and M l is a semihonest participant.
(1) TSC bootstraps the system, which generates and sends system parameters to the user and the matcher.
In real-world applications, TSC can be an official entity of the government. e tasks of TSC are to store the user's encrypted fingerprint reference template and send the relevant reference template in ciphertext form to the matcher. Since all users must register in TSC, the number of registered users will be significantly large. If the fingerprint templates registered by users are stored together, TSC needs to spend a lot of time to find the reference fingerprint template corresponding to the user's query identity when users make queries. us, there are many substorages in TSC for user registrations and authentications. When the corresponding substorage cannot find the reference template corresponding to the user's query identity, TSC will retrieve and send the templates in all other substores to the matcher for matching.
(2) User terminal converts the user's physical fingerprints into digital fingerprint feature templates through the fingerprint sensor and uploads them to TSC for storage or poses queries to the matcher after encrypting the fingerprint feature templates. (3) e matcher is mainly responsible for providing authentication service. Before providing fingerprint authentication services, the matcher must register in TSC to obtain the right to identify user's fingerprints.
To evaluate whether the user is authenticated, the matcher compares the Euclidean distance between the user's query template and the reference template to a predefined threshold. Only the users who pass the authentication can access the related servers.

Functionalities and Design Goals.
In fingerprint authentication system, malicious entities can obtain user's fingerprint template information as much as possible through eavesdropping, malicious attacks, etc. In order to achieve privacy-preserving remote identification, we determine the functionalities and design goals of the proposed system as follows: (1) User anonymity: the matcher is curious about the data entered by users to obtain additional Security and Communication Networks 3 information.
us, for each query, the original identity is always converted into a ciphertext format to guarantee privacy, and only TSC can decrypt the ciphertexts.
(2) Template security: TSC might also be attacked by an adversary. In order to prevent the user's original fingerprint template information from being leaked after the server is compromised, the user's reference template should be encrypted before being stored. Since the matcher might be curious about the templates input by the users and the templates stored in TSC, to prevent the adversary from obtaining relevant fingerprint template information through cross-matching attack, the users and TSC employ the same one-time key k i to encrypt the query template. ereby, even if the matcher or adversary obtained all the templates from TSC or the users, they cannot get any relevant information about the user's original fingerprint template.
(3) Efficiency: we ensure the efficiency of the system while ensuring the security and privacy of the user's fingerprint template.
(1) Setup(1 l ) ⟶ (para, x TSC , y TSC ): on input of a security parameter l, the fingerprint template protection system setup algorithm Setup, which is run by TSC, generates public key y TSC , private key x TSC for TSC, and the public parameter para for the system (2) UKgen(para) ⟶ (Usk i , Upk i , K i ): on input of the public parameter para, the user key generation algorithm UKgen, which is run by the users, generates a secret key Usk i and a public key Upk i and K i ) ∈ Z * p for U i (3) MKgen(para) ⟶ (Msk l , Mpk l ): on input of the public parameter para, the matcher key generation algorithm MKgen, which is run by the matcher, generates a secret key Msk l and a public key Mpk l for M l (4) Ureg(para, X U i ′ , Upk i , ID U i ) ⟶ y T j : on input of the public parameter para, the encrypted original fingerprint template X U i ′ , the user's public key Upk i , and the user's identity ID U i , the user registration algorithm Ureg, which is run by TSC, generates the pseudo-identity y T j for U i (5) Mreg(Mpk l , ID M l ): on input of the matcher's public key Mpk l and identity ID M l , the matcher registration algorithm Mreg, which is run by TSC, completes matcher registration on input of the public parameter para, the query fingerprint template Y i , and the pseudo-identity y T j of U i , the fresh fingerprint template encryption algorithm FTenc, which is run by U i , generates an encrypted query fingerprint : on input of the public parameter para, the fingerprint template authentication query algorithm Aque, which is jointly run by U i and matcher with (Usk i , Y 〞 i , y T j ) and (Msk l , ID M l ), respectively, outputs two ciphertexts (W, V) (8) TSCres(para, W, V, x TSC ) ⟶ G i : on input of the public parameter para, the secret key x TSC of TSC, and the ciphertexts (W, V), the template storage center response algorithm TSCres, which is run by TSC, outputs the ciphertext format G i that includes the reference fingerprint template (9) Matching(para, G i , Msk l ) ⟶ 1, ⊥ { }: on input of the public parameter para, the ciphertext format G i ) that includes the reference fingerprint template, and the secret key Msk l of the matcher, the matching algorithm, which is run by the matcher, outputs '1′ if the query is accepted; otherwise, it outputs '⊥'

Formal Security Definitions.
We consider the case where malicious users may forge fingerprint templates during registration and collude with honest-but-curious matcher to get arbitrary plaintext and corresponding ciphertext of fake reference templates. Let A be a PPT adversary, who plays the following game with a challenger C.
Setup: on input of a security parameter l, the challenger C generates and publishes the public parameter para. Keys generation: on input of the public parameter para, the challenger C runs user key generation algorithm and returns the secret key Usk i , the public key Upk i , and K i ∈ Z * p of U i . Challenge: the adversary A submits a pair of fingerprint templates plaintexts X 0 and X 1 with the same length to the challenger C. And then the challenger C chooses a bit χ ∈ 0, 1 { } uniformly and computes the ciphertext X ′ � FTenc(para, K i , X χ ), which is given to the adversary A. Guess: at the end of the game, the adversary A outputs a guess χ ′ and succeeds in the game if χ ′ � χ. Definition1 A fingerprint template protection scheme is ε − IND − CPA secure (indistinguishable against chosen-plaintext attacks), if any PPT adversary A has only negligible advantage in l in winning the above game; that is,

The Proposed Scheme
In this section, a concrete fingerprint template protection scheme based on bilinear groups is proposed. Table 1 summarises the frequently used notations.

System
Setup. e template storage center TSC bootstraps system setup and mainly carries out two tasks: (1) Preparatory work (1) generates a bilinear mapping e: G × G ⟶ G t , where G and G T are cyclic groups with prime order p and g, h are two distinct generators of G (2) selects random value x TSC ∈ R Z * p , sets the x TSC as secret key, and computes y TSC � g x TSC , which is set as public key (3) picks four cryptographic hash functions H i and a threshold τ as where λ T and λ I denote the lengths of the identities of fingerprint template and the user's information, respectively (4) makes the system parameters para � 〈G, G T , e, p, g, h, y TSC , H 1 , H 2 , H 3 , H 4 , τ〉 public (2) Prepare substorage e template storage center TSC prepares q (for example, q � 5) empty substorages for distributed storage of reference fingerprint templates registered by users.
(1) selects q random values x T j , j � 1, 2, . . . , q, then computes y T j � g x T j , and denotes the q substorages as x T 1 , x T 2 , . . . , x T q (2) For the security of x T j , TSC picks random q polynomials of degree t − 1 like f j � x T j + a j1 x + a j2 x 2 + · · · + a j(t− 1) x t− 1 , j � 1, 2, . . . , q, which can translate x T j into shares for storage

User Key Generation.
In the user key generation phase, U i generates its own private key, public key, and K i according to system parameters para. U i selects random values K i , x 1 , x 2 ∈ R Z * p , computes y 1 � g x 1 , y 2 � g x 2 , and sets its secret key and public key as and Upk i � (Upk i,1 , Upk i,2 ) � (y 1 , y 2 ), respectively. Finally, U i picks a polynomial x t− 1 , which turns K i into shares for storage.

Matcher Key Generation.
In the matching key generation stage, the matcher M l generates its own private key and public key according to the system parameters para. e Table 1: Related symbols and their specific meanings.

Symbol
Specific meaning G, G T Cyclic groups of prime order p g, h Two distinct generators of G p A big prime, the order of G and G T K i e key used to encrypt original template x T j e identity of substorages y T j e pseudo-identity of U i H i Cryptographic hash function for 1 ≤ i ≤ 4 ID M l , ID U i e identities of matcher M l and U i Usk i , Upk i e secret key and public key of U i Msk l , Mpk l e secret key and public key of M l x TSC , y TSC e secret key and public key of TSC τ reshold matcher M l selects random value x l ∈ R Z * p and then computes y l � g x l . Finally, its secret key and public key are set as Msk l � x l and Mpk l � y l , respectively.

User Registration.
Each user's original fingerprint sample will be preprocessed to extract feature and obtain the corresponding fingerprint template X U i � (x i1 , x i2 , . . . , x in ). Note that TSC might also be attacked by the adversary. us, the user first uses K i to encrypt the original fingerprint template before registering in TSC: Without loss of generality, we let X U i ′ � (x i1 ′ , x i2 ′ , . . . , x in ′ ). And then the user U i sends the public key Upk i , its identity information ID U i , and the encrypted original fingerprint template X U i ′ to TSC. And TSC stores the user's information 〈ID U i , X U i ′ 〉 in q substorage randomly and sends y T j corresponding to the identity of each substorage to U i , which is set as the user's pseudo-identity.

Matcher Registration.
In the registration phase, the matcher submits its identity information ID M l and public key Mpk l to TSC for signature verification.

Fresh Fingerprint Template
Encryption. U i should first obtain a fresh fingerprint template Y U i � (y i1 , y i2 , . . . , y in ) with the fingerprint sensor before initiating an authentication query to the matcher. en U i picks a random value x U i ∈ R Z * p and a positive random value α i ∈ R Z * p , computes y U i � g x U i , k i � y x U i T j , and encrypts the fresh fingerprint template as follows: We denote this as Y U i ′ � (y i1 ′ , y i2 ′ , . . . , y in ′ ) without loss of generality. Finally,

Authentication Query.
e authentication query stage is mainly divided into two steps: U i initiates a fingerprint authentication query request to the matcher and the matcher asks TSC for the reference fingerprint feature template corresponding to the user's claimed identity.
Step 1. U i chooses three random values s 1 , s 2 , s 3 ∈ R Z * p after encrypting his fingerprint template into Y 〞 U i and computes the ciphertext W � (w 1 , w 2 , w 3 , w 4 , w 5 ), where en, the user U i sends (W, T i ) to the matcher, where T i is a time stamp.
Step 2. Upon receiving (W, T i ) from U i , the matcher runs the following steps to decrypt ciphertext w 2 with its secret key Msk l . e matcher computes and checks whether the following condition is satisfied: If it is true, the matcher saves . en the matcher picks a random value s 4 ∈ R Z * p and computes V l � (v l,1 , v l,2 ) � (g s 4 , h Msk l +s 4 H 2 (ID M l � � � �T l ) ). Finally, the matcher submits (W, V l , ID M l , T i , T l ) to TSC, where ID M l and T l are the identity of the matcher and a time stamp, respectively.

TSCResponse.
Upon receiving (W, V l , ID M l , T i , T l ) from the matcher, TSC performs the following process. TSC first decrypts ciphertext w 3 with its secret key x TSC : and checks whether the following conditions are satisfied: e v l,2 , g � ? e h, Mpk l · v If both are true, TSC accepts y U i , y T j , and ID U i . en TSC finds the substorage x T j that corresponds to y T j and computes k i � y x T j U i . TSC should encrypt reference fingerprint templates corresponding to the identity ID U i in the substorage x T j with k i Without loss of generality, we denote it as en TSC selects two random values s 5 , s 6 ∈ R Z * p and a positive random value β M ∈ R Z * p , extends X 〞 , and computes the ciphertext G j,i � (G j,i,1 , G j,i,2 , G j,i,3 ), where Finally, TSC sends (G j,i , T j,i ) to the matcher, where T j,i is a time stamp.

5.9.
Matching. Upon receiving (G j,i , T j,i ), the matcher decrypts G j,i,2 with its secret key Msk l as and checks whether the following condition is satisfied: If it is true, the matcher saves

Security and Communication Networks
Since α i and β M are both positive, the matcher outputs "1" when the results of the user's query fingerprint template and the reference fingerprint template are greater than or equal to 0; otherwise, it outputs "⊥."

Soundness and Security
In this section, we show that our scheme is sound and enjoys various security and privacy as discussed below. eorem 1 e proposed fingerprint template protection scheme is sound.
For a public key Upk i of U i , equation (7) holds as below: In the fingerprint template storage center response phase, ciphertexts w 4 and V l can pass the verification of equations (9) and (10), respectively: For a valid ciphertext G j,i , equation (14) holds in matching stage as follows: □ Theorem 2. e proposed scheme is secure. at is, suppose the DDH assumption holds; the fingerprint template of the developed scheme is ε − IND − CPA security.
Proof. If there exists an adversary A that can break the fingerprint template protection scheme with nonnegligible probability ε(l), then we can construct a PPT algorithm C to solve the underlying DDH problem.
We consider the following PPT algorithm C attempts to solve the DDH problem. Suppose C receives (G, q, g, h 1 , h 2 , h 3 ), K∈ R Z * p , and the system parameters para � 〈G, G T , e, p, g, h, y TSC , H 1 , H 2 , H 3 , H 4 , τ〉, where h 1 � g x , h 2 � g y , and h 3 is either g xy or g z (for uniformx, y, z∈ R Z * p ). e goal of C is to determine which is the case.  (1) Sets PK � (G, q, g, h 1 , h 2 ) and runs A(PK) to obtain two fingerprint templates X 0 , X 1 with |X 0 | � |X 1 | (2) Chooses a bit χ ∈ 0, 1 { } uniformly, and sets X χ ′ � X χ + H 1 (K) + H 1 (h 3 ) (3) Gives the ciphertext X χ ′ to A and obtains an output bit χ ′ . If χ ′ � χ, outputs 1; otherwise, output 0 ere are two cases about the behavior of C to consider: Case1. e challenger C chooses random values x, y, z∈ R Z * p and sets h 1 � g x , h 2 � g y , h 3 � g z , and then C runs A on a public key constructed as (G, q, g, h 1 , h 2 ) and returns a ciphertext as X χ ′ � X χ + H 1 (K) + H 1 (g z ).
In this case, we can see that the view of A when run as a subroutine by C is distributed identically to A ′ s view in the game of Section 4.4. Since C outputs 1 exactly when the output χ ′ of A is equal to χ, we have Pr C G, q, g, g x , g y , Case2. e challenger C chooses random values x, y∈ R Z * p and sets h 1 � g x , h 2 � g y , h 3 � g xy ; then C runs A on a public key constructed as (G, q, g, h 1 , h 2 ) and returns a ciphertext as X χ ′ � X χ + H 1 (K) + H 1 (g xy ).
In this case, we can see that the view of A when run as a subroutine by C is distributed identically to A ′ s view in the game of Section 4.4. Since C outputs 1 exactly when the output χ ′ of A is equal to χ, we have Pr C G, q, g, g x , g y , Under the assumption that the DDH problem is hard, there is a negligible function ϵ such that ε(l) ≥ Pr C G, q, g, g x , g y , g z � 1 − Pr C G, q, g, g x , g y , g xy � 1 | � | is implies that Adv ϵ, In addition to satisfying the above security, a secure fingerprint template protection scheme also needs to satisfy diversity, noninvertibility, and performance. e experimental results and analysis in Section 7 have proved that the fingerprint template protection scheme proposed in this paper will not affect the performance of the fingerprint authentication system. Next, we analyze the security of the proposed scheme in other aspects.
(1) Noninvertibility: An adversary is impossible to calculate or recover a template with reasonable similarity to the original template from the transformed template. In our scheme, the original fingerprint template is first encrypted to X_U i′ by adding each element of the original fingerprint template X U i to the hash value of K i randomly selected by the user in registration phase. And in the query stage, each element of X_U i′ is added to the hash value of a random number k i again, which is generated by the Diffie-Hellman key exchange. us, to obtain the original template, the adversary must first obtain the value of k i . However, to obtain k i , it must solve the DDH assumption problem, which is hard. In this case, our scheme satisfies noninvertibility. Existing literature on biometric template protection suffers from the problem of key management; that is, whether the key is stored in the server or is kept by the user, there is a risk of key leakage or loss. In this paper, the secret sharing can safely distribute confidential data in an efficient, secure, and private manner without storing it on a centralized server, which can reduce the risk of information leakage. e proposed scheme satisfies the ε − IND − CPA security, which is attributed to the D-H key exchange. e D-H key exchange allows the user and template storage center to encrypt the query fingerprint template with different random number k i in each query, thus strengthening security.

Experimental Analysis
We implement our system by using MATLAB (2019b) as the programming language. All experimental results were run on Windows 10 with 8-core 3.00 GHz Intel i7 CPU and 16 GB RAM. We use the public fingerprint dataset (http:// www.neurotechnology.com) composed of 408 grayscale fingerprint images acquired by a CrossMatch Verifier 300 sensor for performance testing. e dataset contains 8 images for each individual and each image is of 512 × 480 pixel size with a resolution equal 500 dpi [31]. Figure 2 shows two image samples in the dataset.

Security and Communication Networks
Our main purpose is to study the effectiveness of the fingerprint template protection, not the fingerprint recognition algorithm, so the final recognition accuracy is somewhat different from the accuracy obtained by the relevant fingerprint recognition algorithm. e performance of the proposed system on accuracy is measured as equal   error rate (EER). e EER is the error rate when the false acceptance rate (FAR) and the false rejection rate (FRR) are equal, which can reflect the overall accuracy of the fingerprint recognition system and the acceptability of the query user. In order to test the impact of the number of features in the FingerCode template on performance, we generated a total of 4 different configurations, corresponding to 4 sets of FingerCode vectors with a length ranging from 640 features (original configuration) to 96 features. Table 2 lists the detailed parameters of each configuration (N d , N f , N b , b, N k represent the dimension of features, the number of filters, the number of centric bands, the width of each band, and the number of sectors in each band, respectively). e experimental results in Figure 3 and Table 3 prove that the protection method proposed in this paper has no effect on the performance of the fingerprint authentication system and fully demonstrates that the template protection scheme proposed in this paper guarantees the recognition performance and feasibility of the fingerprint recognition system.
It can be seen from Figure 4 that the performance between different feature quantity configurations is very close, but compared with the original 640-dimensional feature configuration, the performance of the other two configurations (192-dimension and 96-dimension) is slightly worse, which shows the fingerprint template feature reduction will influence the system accuracy.

Conclusion
In this paper, a privacy-preserving fingerprint authentication scheme is proposed. We utilize the secret sharing technology to store keys to reduce the risk of key leakage and exploit the D-H key exchange to conceal the real identity of the users and generate various fingerprint templates to prevent crossmatching attack over bilinear groups. And in order to protect privacy and confidentiality of all fingerprint templates, the matcher matches the templates in ciphertext format without destroying authentication accuracy. e designed framework maintains user anonymity, diversity, revocability, noninvertibility, and indistinguishability against chosen-plaintext attacks.
rough security and experimental analysis, we demonstrate the security strength and the performance of the proposed system.
Since the user's original fingerprint template is stored in ciphertext format in the template storage center, it requires a user to reenroll if the template storage center is attacked and the templates in it are compromised, which is a limitation of the proposed method.
Recently, some novel fingerprint representations demonstrated superior authentication accuracy, which lay a great foundation for the future development of fingerprint template protection methods, for example, the Minutia Cylinder-Code (MCC) [32], a representation based on 3D data structures (called cylinders) and the DeepPrint [33], a fixedlength fingerprint representation of only 200 bytes. Built upon this novel fingerprint representation, we will investigate template protection for fingerprint biometric systems. In addition, multiple-biometric template protection and artificial intelligence (AI) based template data protection are worthy of further study.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that there are no conflicts of interest regarding the publication of this paper.