A Privacy-Preserving Information-Sharing Protocol for Federated Authentication
Francesco Buccafurri, Carmen Licciardi
TL;DR
The paper tackles the challenge of preventing duplicate or fraudulent identity registrations across independent Identity Providers (IdPs) in a federated setting while preserving user privacy. It introduces a privacy-preserving protocol that combines Oblivious Pseudorandom Functions (OPRFs), domain-specific RSA transformations, and blind signatures, coordinated by a central blind registry (CTS). The three-phase workflow—first-time enrollment, subsequent registrations, and cooperative global checks—enables global consistency checks without revealing personal data or enabling cross-provider tracking. This approach offers strong privacy guarantees (unlinkability, blindness) alongside effective fraud prevention for identity enrollment in federated systems, with discussion of future enhancements like revocation and scalability.
Abstract
This paper presents a privacy-preserving protocol for identity registration and information sharing in federated authentication systems. The goal is to enable Identity Providers (IdPs) to detect duplicate or fraudulent identity enrollments without revealing users personal data or enabling cross-domain correlation. The protocol relies on Oblivious Pseudorandom Functions (OPRFs) combined with domain-specific transformations, ensuring that each IdP generates independent pseudonymous identifiers derived from a shared cryptographic service while maintaining full input confidentiality. A central authority maintains a blind registry that records successful and failed identity verifications using only pseudonymous identifiers, allowing global consistency checks without exposing sensitive information or linking users across domains. The proposed construction provides a general and abstract framework suitable for a wide range of federated authentication systems, achieving strong privacy guarantees while supporting effective fraud-prevention mechanisms during identity registration.