Facial recognition templates are vulnerable to inversion attacks leveraging diffusion models, leading to severe privacy breaches. To address this, we propose a geometrically aware template protection method based on spherical linear interpolation (Slerp): facial features embedded on a hypersphere are rotated to approximate a noise-like distribution, while a grouped dimensional random cropping mechanism is introduced to enhance irreversibility. This work is the first to apply Slerp to biometric template protection, enabling conformal (i.e., shape-preserving) perturbations. The proposed grouped dropout significantly improves robustness against both inversion and matching attacks. Experiments across multiple benchmarks demonstrate that our method retains over 98% recognition accuracy, reduces PSNR of diffusion-based reconstructions by more than 15 dB, and consistently outperforms state-of-the-art approaches—including BioHash and Randomization—in privacy preservation, utility retention, and attack resistance.

Contemporary face recognition systems use feature templates extracted from face images to identify persons. To enhance privacy, face template protection techniques are widely employed to conceal sensitive identity and appearance information stored in the template. This paper identifies an emerging privacy attack form utilizing diffusion models that could nullify prior protection. The attack can synthesize high-quality, identity-preserving face images from templates, revealing persons' appearance. Based on studies of the diffusion model's generative capability, this paper proposes a defense by rotating templates to a noise-like distribution. This is achieved efficiently by spherically and linearly interpolating templates on their located hypersphere. This paper further proposes to group-wisely divide and drop out templates' feature dimensions, to enhance the irreversibility of rotated templates. The proposed techniques are concretized as a novel face template protection technique, SlerpFace. Extensive experiments show that SlerpFace provides satisfactory recognition accuracy and comprehensive protection against inversion and other attack forms, superior to prior arts.