Single biometric cryptosystems were developed to obtain win-win scenarios for security and privacy. They are seriously threatened by spoof attacks, in which a forged biometric copy or artificially recreated biometric data of a legitimate user may be used to spoof a system. Meanwhile, feature alignment and quantization greatly degrade the accuracy of single biometric cryptosystems. In this paper, by trying to bind multiple biometrics to cryptography, a cryptosystem named multibiometric cryptosystem (MBC), is demonstrated from the theoretical point of view. First, an MBC with two fusion levels: fusion at the biometric level, and fusion at the cryptographic level, is formally defined. Then four models, namely biometric fusion model, <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">MN</i> -split model, nonsplit model, and package model, adopted at those two levels for fusion are presented. Shannon entropy analysis shows that even if the biometric ciphertexts and some biometric traits are disclosed, the new constructions still can achieve consistently data security and biometric privacy. In addition, the achievable accuracy is analyzed in terms of false acceptance rate/false rejection rate at each model. Finally, a comparison on the relative advantages and disadvantages of the proposed models is discussed.