Privacy-preserving biometric authentication (PPBA) enables client authentication without revealing sensitive biometric data, addressing privacy and security concerns. Many studies have proposed efficient cryptographic solutions to this problem based on secure multi-party computation, typically assuming a semi-honest adversary model, where all parties follow the protocol but may try to learn additional information. However, this assumption often falls short in real-world scenarios, where adversaries may behave maliciously and actively deviate from the protocol. In this paper, we propose, implement, and evaluate $\sysname$, a \underline{F}lexible and \underline{L}ightweight biometric \underline{A}uthentication scheme designed for a \underline{M}alicious \underline{E}nvironment. By hybridizing lightweight secret-sharing-family primitives within two-party computation, $\sysname$ carefully designs a line of supporting protocols that incorporate integrity checks with rationally extra overhead. Additionally, $\sysname$ enables server-side authentication with various similarity metrics through a cross-metric-compatible design, enhancing flexibility and robustness without requiring any changes to the server-side process. A rigorous theoretical analysis validates the correctness, security, and efficiency of $\sysname$. Extensive experiments highlight $\sysname$'s superior efficiency, with a communication reduction by {$97.61\times \sim 110.13\times$} and a speedup of {$ 2.72\times \sim 2.82\times$ (resp. $ 6.58\times \sim 8.51\times$)} in a LAN (resp. WAN) environment, when compared to the state-of-the-art work.

翻译：隐私保护生物特征认证（PPBA）能够在无需暴露敏感生物特征数据的前提下实现客户端认证，从而应对隐私和安全关切。现有研究多基于安全多方计算提出高效的密码学解决方案，通常假设半诚实敌手模型，即所有参与方遵循协议但可能试图窃取额外信息。然而，该假设在实际场景中往往不足，因为敌手可能采取恶意行为并主动偏离协议。本文提出、实现并评估了$\sysname$——一种专为恶意环境设计的灵活轻量级生物特征认证方案。通过在两方计算中融合轻量级秘密共享族原语，$\sysname$精心设计了一系列支持协议，以合理额外开销为代价引入完整性验证。此外，$\sysname$通过跨度量兼容设计，支持服务器端采用多种相似性度量进行认证，在无需修改服务器端流程的情况下增强了灵活性与鲁棒性。严格的理论分析验证了$\sysname$的正确性、安全性与效率。大量实验表明$\sysname$具有显著性能优势：与现有最优方案相比，其通信开销降低{$97.61\times \sim 110.13\times$}，在局域网（广域网）环境中速度提升达{$ 2.72\times \sim 2.82\times$（对应$ 6.58\times \sim 8.51\times$）}。