Privacy preserving set-based biometric authentication

What is claimed is: 1 . A method comprising: extracting a set of enrollment feature points from an enrollment biometric measurement; randomly selecting one or more enrollment code words from an error correction code; determining obfuscated enrollment feature point data describing an obfuscated version of the set of feature points that is obfuscated using the one or more enrollment code words so that the set of feature points cannot be determined from the obfuscated enrollment feature point data without the one or more enrollment code words; determining obfuscated enrollment code word data describing an obfuscated version of the one or more enrollment code words that is obfuscated using a random enrollment polynomial so that the one or more code words cannot be determined from the obfuscated enrollment code word data without the random enrollment polynomial; determining an enrollment biometric template including the obfuscated enrollment feature point data and the obfuscated enrollment code word data; and determining, using a processor-based computing device programmed to do the determining, enrollment data that keeps the one or more enrollment code words and the random enrollment polynomial secret, the enrollment data including the enrollment biometric template. 2 . The method of claim 1 , further comprising generating a public key based on the random enrollment polynomial, wherein the enrollment data includes the public key and the public key obfuscates the random enrollment polynomial. 3 . The method of claim 1 , wherein the enrollment data is transmitted to a server that makes the enrollment data accessible by a third party. 4 . The method of claim 3 , wherein the server implements a public key infrastructure (PKI) scheme based on biometrics. 5 . The method of claim 1 , wherein the enrollment data is transmitted via an insecure communication. 6 . The method of claim 1 , wherein the enrollment data is associated with an enrollment user and the enrollment data is determined by a client associated with the enrollment user. 7 . The method of claim 2 , further comprising: extracting a set of verification feature points from a verification biometric measurement responsive to receiving a verification challenge including the enrollment data and a random number value, wherein the enrollment data is associated with an enrollment user and the verification biometric measurement is associated with a verification user attempting to authenticate as the enrollment user; analyzing the enrollment data to determine the obfuscated enrollment feature point data included in the enrollment biometric template of the enrollment data; and determining one or more verification code words based on the set of verification feature points and the obfuscated enrollment feature point data. 8 . The method of claim 7 , further comprising: analyzing the enrollment data to determine the public key included in the enrollment data; and determining a verification polynomial based on the one or more verification code words. 9 . The method of claim 8 , further comprising: determining a private key based on the verification polynomial; and determining a challenge answer by signing the random number value with the private key, wherein the verification user is authenticated as the enrollment user based on whether the private key corresponds to the public key to form a key pair. 10 . A non-transitory computer-readable medium having computer instructions stored thereon that are executable by a processing device to perform or control performance of operations comprising: determining a random enrollment polynomial; extracting a set of enrollment feature points from an enrollment biometric measurement; randomly selecting one or more enrollment code words from a linear error correction code; determining obfuscated enrollment feature point data describing an obfuscated version of the set of feature points that is obfuscated using the one or more enrollment code words so that the set of feature points cannot be determined from the obfuscated enrollment feature point data without the one or more enrollment code words; determining obfuscated enrollment code word data describing an obfuscated version of the one or more enrollment code words that is obfuscated using the random enrollment polynomial so that the one or more code words cannot be determined from the obfuscated enrollment code word data without the random enrollment polynomial; determining an enrollment biometric template including the obfuscated enrollment feature point data and the obfuscated enrollment code word data; generating a public key based on the random enrollment polynomial, wherein the public key obfuscates the random enrollment polynomial; and determining enrollment data that keeps the one or more enrollment code words and the random enrollment polynomial secret, the enrollment data including the enrollment biometric template and the public key. 11 . The non-transitory computer-readable medium of claim 10 , wherein the enrollment data is transmitted to a server that makes the enrollment data accessible by a third party. 12 . The non-transitory computer-readable medium of claim 10 , wherein the enrollment data is transmitted via an unencrypted communication. 13 . The non-transitory computer-readable medium of claim 10 , wherein the enrollment data is associated with an enrollment user and the enrollment data is determined by a client associated with the enrollment user. 14 . The non-transitory computer-readable medium of claim 10 , wherein the operations further comprise: extracting a set of verification feature points from a verification biometric measurement responsive to receiving a verification challenge including the enrollment data and a random number value, wherein the enrollment data is associated with an enrollment user and the verification biometric measurement is associated with a verification user attempting to authenticate as the enrollment user; analyzing the enrollment data to determine the obfuscated enrollment feature point data included in the enrollment biometric template of the enrollment data; determining one or more verification code words based on the set of verification feature points and the obfuscated enrollment feature point data; analyzing the enrollment data to determine the public key included in the enrollment data; and determining a verification polynomial based on the one or more verification code words. 15 . The non-transitory computer-readable medium of claim 14 , wherein the operations further comprise: determining a private key based on the verification polynomial; and determining a challenge answer by signing the random number value with the private key, wherein the verification user is authenticated as the enrollment user based on whether the private key corresponds to the public key to form a key pair. 16 . The non-transitory computer-readable medium of claim 15 , wherein the operations are performed on a client side of a network. 17 . The non-transitory computer-readable medium of claim 15 , wherein the operations are performed by a client associated with the enrollment user so that authentication of the enrollment user as the verification user is performed by the client associated with the enrollment user. 18 . A method comprising: extracting a set of verification feature points from a verification biometric measurement responsive to receiving a verification challenge including enrollment data and a random number value, wherei