Biometric-based authentication systems have been widely used in applications that require high reliable scheme. For instance, iris-based authentication systems had received great attention due to its high reliability for personal identification. However, the growing use of biometric systems in real life applications raises more attention and concern about the privacy issues. Unlike PIN or password which provides exact matches, iris-codes recognition provides a degree of probability or confidence that two iris-codes are similar based on some distance measurements. In iris verification, the biometric matching is performed by measuring the Hamming distance between the query feature vector and the template. The computation must not leak any sensitive information because the leakage of such information may allow any malicious party to reconstruct the original feature vector of the user. Once the original features have been revealed, the privacy of the user will be compromised forever. In view of this problem, we design a privacy preserving biometric matching protocol to facilitate the iris-codes matching in a privacy preserved environment. By introducing some chaff features in our computation, the malicious client who outputs an artificially low mismatch score can be easily detected by the server. Hence, our protocol makes it computationally infeasible for malicious client to impersonate as an enrolled user.