Biometric authentication has been attracting much attention because it is more user-friendly than other authentication methods such as password-based and token-based authentications. However, it intrinsically comprises problems of privacy and revocability. To address these issues, new techniques called cancelable biometrics have been proposed and their properties have been analyzed extensively. Nevertheless, only a few considered provable security, and provably secure schemes known to date had to sacrifice user-friendliness because users have to carry tokens so that they can securely access their secret keys. In this paper, we propose two cancelable biometric protocols each of which is provably secure and requires no secret key access of users. We use as an underlying component the Boneh-Goh-Nissim cryptosystem proposed in TCC 2005 and the Okamoto-Takashima cryptosystem proposed in Pairing 2008 in order to evaluate 2-DNF (disjunctive normal form) predicate on encrypted feature vectors. We define a security model in a semi-honest manner and give a formal proof which shows that our protocols are secure in that model. The revocation process of our protocols can be seen as a new way of utilizing the veiled property of the underlying cryptosystems, which may be of independent interest.------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.20(2012) No.2 (online) DOI　http://dx.doi.org/10.2197/ipsjjip.20.496------------------------------

Biometric authentication has been attracting much attention because it is more user-friendly than other authentication methods such as password-based and token-based authentications. However, it intrinsically comprises problems of privacy and revocability. To address these issues, new techniques called cancelable biometrics have been proposed and their properties have been analyzed extensively. Nevertheless, only a few considered provable security, and provably secure schemes known to date had to sacrifice user-friendliness because users have to carry tokens so that they can securely access their secret keys. In this paper, we propose two cancelable biometric protocols each of which is provably secure and requires no secret key access of users. We use as an underlying component the Boneh-Goh-Nissim cryptosystem proposed in TCC 2005 and the Okamoto-Takashima cryptosystem proposed in Pairing 2008 in order to evaluate 2-DNF (disjunctive normal form) predicate on encrypted feature vectors. We define a security model in a semi-honest manner and give a formal proof which shows that our protocols are secure in that model. The revocation process of our protocols can be seen as a new way of utilizing the veiled property of the underlying cryptosystems, which may be of independent interest.------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.20(2012) No.2 (online) DOI　http://dx.doi.org/10.2197/ipsjjip.20.496------------------------------