Iris recognition technologies are deployed in numerous large-scale nation-wide projects in order to provide robust and reliable biometric recognition of individuals. Moreover, the iris has been found to be rather stable over time, i.e. iris biometric reference data provides a strong and permanent link between individuals and their biometric traits. Hence, unprotected storage of (iris) biometric data provokes serious privacy threats, e.g. identity theft, limited re-newability, or cross-matching. Biometric cryptosystems grant a significant improvement in data privacy and increase the likelihood that individuals will effectively consent in the biometric system usage. However, the vast majority of proposed biometric cryptosystems do not guarantee desired properties of irreversibility, unlinkability, and re-newability without significantly degrading the biometric performance. In this work, we propose an unlinkable multi-instance iris biometric cryptosystem based on the improved fuzzy vault scheme. The proposed system locks biometric feature sets extracted from binary iris biometric reference data, i.e. iris-codes, of the left and right irises in a single fuzzy vault. In order to retain the size of the protected template and authentication speed, the proposed fusion step combines the most discriminative parts of two iris-codes at feature level. It is shown that the proposed key-binding process enables the generation of irreversible protected templates which prevents from previously proposed cross-matching attacks. Further, we investigate the optimal choice among potential decoding strategies with respect to biometric performance and time of key retrieval. The fully reproducible system is integrated to two different publicly available iris recognition systems and evaluated on the CASIAv3-Interval and the IITDv1 iris databases. Compared to the corresponding unprotected recognition schemes, genuine match rates of approximately 95 and 97 % at which no false accepts are observed and maintained in a single-and multi-instance scenario, respectively. Moreover, the multi-iris system is shown to significantly improve privacy protection achieving security levels of approximately 70 bits at practical biometric performance.