In a biometric authentication or identification system, the matcher compares a stored and a fresh template to determine whether there is a match. This assessment is based on both a similarity score and a predefined threshold. For better compliance with privacy legislation, the matcher can be built upon a threshold-based obfuscated distance (i.e., Fuzzy Matcher). Beyond the binary output ("yes" or "no"), most algorithms perform more precise computations, e.g., the value of the distance. Such precise information is prone to leakage even when not returned by the matcher. This can occur due to a malware infection or the use of a weakly privacy-preserving matcher, exemplified by side channel attacks or partially obfuscated designs. This paper provides an analysis of information leakage during distance evaluation, with an emphasis on threshold-based obfuscated distance. We provide a catalog of information leakage scenarios with their impacts on data privacy. Each scenario gives rise to unique attacks with impacts quantified in terms of computational costs, thereby providing a better understanding of the security level.

翻译：在生物特征认证或识别系统中，匹配器通过比较存储模板与新鲜模板来判断是否匹配。该评估基于相似度分数和预设阈值。为更好遵循隐私法规，匹配器可基于阈值混淆距离（即模糊匹配器）构建。除二元输出（"是"或"否"）外，大多数算法会执行更精确的计算（如距离值）。即使匹配器未返回此类精确信息，其仍可能因恶意软件感染或使用弱隐私保护匹配器（例如侧信道攻击或部分混淆设计）而发生泄露。本文针对距离评估过程中的信息泄露展开分析，重点关注基于阈值的混淆距离。我们构建了信息泄露场景目录，并阐释其对数据隐私的影响。每种场景均会引发特定攻击，其影响通过计算成本进行量化，从而加深对安全等级的理解。