The fuzzy commitment scheme is a cryptographic primitive that can be used to protect biometric templates when stored. If multiple records of the scheme protecting templates extracted from the same biometric characteristic have been intercepted, their correspondence can be examined via the decodability attack. Kelkboom et al. proposed a countermeasure by passing the templates through a public record-specific permutation process prior to protection with the scheme. This paper makes the observation that this countermeasure does not prevent an adversary from cross-matching completely: He still may be able to examine records protecting slightly different templates and now even may recover them explicitly. The feasibility of the attack is demonstrated experimentally in this paper. Furthermore, it is proven that there exists no alternative transformation process in a binary fuzzy commitment scheme to prevent the attack. Fortunately, an alternative transformation can be designed for the general case and it is briefly discussed how the improved fuzzy vault scheme by Dodis et al. can be used for protecting binary feature vectors while preventing record multiplicity attacks.
more here..........http://arxiv.org/pdf/1406.1154v1.pdf
more here..........http://arxiv.org/pdf/1406.1154v1.pdf