Biometric authentication attracts much attention because of the reuse problem of IDs and passwords. Recently, privacy-preserving biometric authentication in which authentication is executed on encrypted biometric information by homomorphic-encryption have been proposed. In our previous work, we have shown a spoofing attack to arbitrary user against a cancelable biometric authentication scheme by using homomorphic encryption proposed by Hattori et al. when binary coding is used. In addition, a recovery attack for encrypted template have been proposed by using our spoofing attack. These attack use a problem in process that calculates a squared euclidean distance between template and biometric information to compare. Therefore, our attack is not applicable to scheme that does not use a squared euclidean distance. This paper shows that an adversary can spoof to an arbitrary users with high probability against a privacy-preserving biometric authentication scheme by Yasuda et al. that uses hamming distance. Furthermore, by extending our proposed spoofing attack, we show that an adversary is able to recover the original biometric information by using the decryption server as a authentication oracle. These proposed attack are applicable if the feature vector is represented by a binary coding.