Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Labeled Delegated PSI and its Applications in the Public Sector

Kristof Verslype, Florian Kerschbaum, Cyprien Delpech de Saint Guilhem, Bart De Decker, Jorn Lapon

TL;DR

The paper addresses privacy-preserving linkage of fragmented citizen data across public bodies by introducing a labeled, delegated multi-party PSI framework. It develops a Set Intersection Key Agreement (SIKA) protocol as a composable core and builds practical output protocols, including Labeled D-PSI with payload and its threshold variant, enabling encrypted payload transfer and pseudonymized linking for a non-colluding data collector. The authors implement LetheLink to demonstrate real-world viability, with performance measurements showing practicality for multi-provider datasets up to 2^24 records and manageable data transfer; they also show security under semi-honest assumptions. The work advances privacy-friendly data integration for government use cases, reducing reliance on trusted intermediaries while enabling controlled data sharing and analysis across agencies.

Abstract

Sensitive citizen data, such as social, medical, and fiscal data, is heavily fragmented across public bodies and the private domain. Mining the combined data sets allows for new insights that otherwise remain hidden. Examples are improved healthcare, fraud detection, and evidence-based policy making. (Multi-party) delegated private set intersection (D-PSI) is a privacy-enhancing technology to link data across multiple data providers using a data collector. However, before it can be deployed in these use cases, it needs to be enhanced with additional functions, e.g., securely delivering payload only for elements in the intersection. Although there has been recent progress in the communication and computation requirements of D-PSI, these practical obstacles have not yet been addressed. This paper is the result of a collaboration with a governmental organization responsible for collecting, linking, and pseudonymizing data. Based on their requirements, we design a new D-PSI protocol with composable output functions, including encrypted payload and pseudonymized identifiers. We show that our protocol is secure in the standard model against colluding semi-honest data providers and against a non-colluding, possibly malicious independent party, the data collector. It, hence, allows to privately link and collect data from multiple data providers suitable for deployment in these use cases in the public sector.

Labeled Delegated PSI and its Applications in the Public Sector

TL;DR

The paper addresses privacy-preserving linkage of fragmented citizen data across public bodies by introducing a labeled, delegated multi-party PSI framework. It develops a Set Intersection Key Agreement (SIKA) protocol as a composable core and builds practical output protocols, including Labeled D-PSI with payload and its threshold variant, enabling encrypted payload transfer and pseudonymized linking for a non-colluding data collector. The authors implement LetheLink to demonstrate real-world viability, with performance measurements showing practicality for multi-provider datasets up to 2^24 records and manageable data transfer; they also show security under semi-honest assumptions. The work advances privacy-friendly data integration for government use cases, reducing reliance on trusted intermediaries while enabling controlled data sharing and analysis across agencies.

Abstract

Sensitive citizen data, such as social, medical, and fiscal data, is heavily fragmented across public bodies and the private domain. Mining the combined data sets allows for new insights that otherwise remain hidden. Examples are improved healthcare, fraud detection, and evidence-based policy making. (Multi-party) delegated private set intersection (D-PSI) is a privacy-enhancing technology to link data across multiple data providers using a data collector. However, before it can be deployed in these use cases, it needs to be enhanced with additional functions, e.g., securely delivering payload only for elements in the intersection. Although there has been recent progress in the communication and computation requirements of D-PSI, these practical obstacles have not yet been addressed. This paper is the result of a collaboration with a governmental organization responsible for collecting, linking, and pseudonymizing data. Based on their requirements, we design a new D-PSI protocol with composable output functions, including encrypted payload and pseudonymized identifiers. We show that our protocol is secure in the standard model against colluding semi-honest data providers and against a non-colluding, possibly malicious independent party, the data collector. It, hence, allows to privately link and collect data from multiple data providers suitable for deployment in these use cases in the public sector.

Paper Structure

This paper contains 35 sections, 1 theorem, 9 equations, 5 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Contributions.
  3. Practical Context and Requirements
  4. Current Practices.
  5. D-PSI as a privacy enhancing alternative.
  6. Minimal, but necessary requirements.
  7. Optional, but highly desired requirements.
  8. Related Work
  9. Evaluation of Feature Support
  10. Preliminaries
  11. General notation.
  12. Symmetric Encryption.
  13. Pseudorandom Permutation (PRP).
  14. Threshold Secret Sharing.
  15. Oblivious Key Value Store (OKVS).
  16. ...and 20 more sections

Key Result

Theorem 1

Protocol $\Pi_{SIKA}$ is secure in the semi-honest model, against any number of colluding, semi-honest input parties and against a non-colluding, but possibly malicious data collector.

Theorems & Definitions (5)

  • Definition 4.1
  • Definition 4.2
  • Definition 4.3: Random decodings
  • Theorem 1
  • proof