Verification of biometric templates for privacy preserving authentication

What is claimed is: 1. A method of registering a biometric stored on a user device with a verifier device using a first modulus N and a second modulus {circumflex over (N)}, the method comprising performing by the user device: providing, to the verifier device, an encrypted biometric vector c stored on the user device, the encrypted biometric vector c generated by encrypting a biometric vector x using a user public key, wherein the user public key includes the first modulus N, wherein a user secret key corresponds to the user public key; receiving, from the verifier device, a challenge message including a masked encrypted biometric vector |w|, an encrypted first cancellation value |v|, an encrypted second cancellation value |{circumflex over (v)}|, and the second modulus {circumflex over (N)}, wherein the first cancellation value v is an aggregation of first terms, including values of the encrypted biometric vector c and at least with a first random value β, and wherein the second cancellation value {circumflex over (v)} is an aggregation of second terms, including values of the encrypted biometric vector c and at least a second random value {circumflex over (β)}, and wherein the encrypted second cancellation value |{circumflex over (v)}| is generated using the second modulus {circumflex over (N)}; decrypting, using the user secret key, the masked encrypted biometric vector |w|, to obtain a masked biometric vector w, the encrypted first cancellation value |v| to obtain a first cancellation value v, and the encrypted second cancellation value |{circumflex over (v)}| to obtain a second cancellation value {circumflex over (v)}; generating a first challenge response z using the first cancellation value v and a first function of the masked biometric vector w, the first function including a modulus N; generating a second challenge response {circumflex over (z)} using the second cancellation value {circumflex over (v)} and a second function of the masked biometric vector w, the second function including the second modulus {circumflex over (N)}; and providing, to the verifier device, the first challenge response z and the second challenge response {circumflex over (z)}, thereby enabling the verifier device to validate that the first challenge response z matches a public value y using the first modulus N and to validate that the second challenge response {circumflex over (z)} matches the public value y using the second modulus {circumflex over (N)}. 2. The method of claim 1 , wherein each value of the masked encrypted biometric vector |w| is generated by applying a respective masking function to a corresponding value of the encrypted biometric vector c. 3. The method of claim 2 , wherein the respective masking function is a linear function and includes a random authenticating value α that scales the corresponding value of the encrypted biometric vector c and an offset random value of a random vector ρ. 4. The method of claim 1 , wherein the first function results in one or more first cross terms, wherein a portion of the first cancellation value v cancels out the one or more first cross terms, and wherein the second function results in one or more second cross terms, wherein a portion of the second cancellation value {circumflex over (v)} cancels out the one or more second cross terms. 5. The method of claim 1 , wherein the first challenge response z matches a first combination of the public value y, a random authenticating value α, and a first random value β, the first combination being determined mod N, and wherein the second challenge response {circumflex over (z)} matches a second combination of the public value y, the random authenticating value α, and a second random value {circumflex over (β)}, the second combination being determined mod {circumflex over (N)}. 6. The method of claim 1 , wherein the second modulus {circumflex over (N)} is a prime number that is less than the first modulus N. 7. The method of claim 1 , further comprising: receiving a signature of the encrypted biometric vector c; and providing, to an access device having a biometric sensor, the signature as part of a matching phase with the access device to obtain access to a resource. 8. The method of claim 7 , further comprising, as part of the matching phase: sending the user public key and the encrypted biometric vector c to the access device; receiving a first message from the access device, the first message including an encrypted similarity metric, the encrypted similarity metric computed with the encrypted biometric vector c and a biometric measurement using homomorphic encryption with the user public key, the encrypted similarity metric corresponding to a similarity metric encrypted with the user public key, the biometric measurement obtained by the biometric sensor; decrypting the encrypted similarity metric to obtain a decrypted similarity metric; and sending a response message to the access device, the response message indicating whether the decrypted similarity metric exceeds a threshold. 9. The method of claim 1 , further comprising: encrypting, using the user public key, a random value s using a random value u to obtain an encrypted mask |s;u|, wherein the encrypted biometric vector c is generated using a random vector r; sending, to the verifier device, the encrypted mask |s;u|; receiving, from the verifier device, a random challenge vector e; determining a first response by aggregating the random value s and an inner product of the biometric vector x and the random challenge vector e; determining a second response using the random vector r, the random challenge vector e, a generator g of the user public key, the first modulus N, and the first response; and sending the first response and the second response to the verifier device. 10. A method of registering a biometric of a user device with a verifier device using a first modulus N and a second modulus {circumflex over (N)}, the method comprising performing by the verifier device: receiving, from the user device, an encrypted biometric vector c, the encrypted biometric vector c generated by encrypting a biometric vector x using a user public key, wherein the user public key includes the first modulus N; generating a masked encrypted biometric vector |w| by applying a respective masking function to each value of the encrypted biometric vector c; generating an encrypted first cancellation value |v| by aggregating first terms, including values of the encrypted biometric vector c and a first mask value; generating an encrypted second cancellation value |{circumflex over (v)}| by aggregating second terms, including values of the encrypted biometric vector c and a second mask value; sending, to the user device, a challenge message including the masked encrypted biometric vector |w|, the encrypted first cancellation value |v|, and the encrypted second cancellation value |{circumflex over (v)}|; receiving, from the user device, a first challenge response z and a second challenge response {circumflex over (z)}; validating that the first challenge response z matches a public value y using the first modulus N; and validate that the second challenge response {circumflex over (z)} matches the public value y using the second modulus {circumflex over (N)}. 11. The method of claim 10 , wherein each value of the masked encrypted biometric vector |w| is generated by applying a respective masking function to a corresponding value of the encrypted biometric vector c. 12. The method of claim 11 , wherein the respective masking function is a linear function and includes a random authenticating value α that scales the corresponding value of the