(Un)linkable Pseudonyms for Governmental Databases

When data maintained in a decentralized fashion needs to be synchronized or exchanged between different databases, related data sets usually get associated with a unique identifier. While this approach facilitates cross-domain data exchange, it also comes with inherent drawbacks in terms of controllability. As data records can easily be linked, no central authority can limit or control the information flow. Worse, when records contain sensitive personal data, as is for instance the case in national social security systems, such linkability poses a massive security and privacy threat. An alternative approach is to use domain-specific pseudonyms, where only a central authority knows the cross-domain relation between the pseudonyms. However, current solutions require the central authority to be a fully trusted party, as otherwise it can provide false conversions and exploit the data it learns from the requests. We propose an (un)linkable pseudonym system that overcomes those limitations, and enables controlled yet privacy-friendly exchange of distributed data. We prove our protocol secure in the UC framework and provide an efficient instantiation based on discrete-logarithm related assumptions.

[1]  Georg Fuchsbauer,et al.  Signatures on Randomizable Ciphertexts , 2011, Public Key Cryptography.

[2]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[3]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[4]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[5]  G De Moor,et al.  Privacy Protection through pseudonymisation in eHealth. , 2008, Studies in health technology and informatics.

[6]  Jan Camenisch,et al.  Practical Group Signatures without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[7]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[8]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[9]  Mehdi Tibouchi,et al.  Unified, Minimal and Selectively Randomizable Structure-Preserving Signatures , 2014, IACR Cryptol. ePrint Arch..

[10]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[11]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[12]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[13]  Thomas Neubauer,et al.  A methodology for the pseudonymization of medical data , 2011, Int. J. Medical Informatics.

[14]  Henning Müller,et al.  Strategies for health data exchange for secondary, cross-institutional clinical research , 2010, Comput. Methods Programs Biomed..

[15]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[16]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[17]  Daniela Richter,et al.  Pseudonymization of patient identifiers for translational research , 2013, BMC Medical Informatics and Decision Making.

[18]  Georg Fuchsbauer,et al.  Commuting Signatures and Verifiable Encryption , 2011, EUROCRYPT.

[19]  Y. de Montjoye,et al.  Unique in the shopping mall: On the reidentifiability of credit card metadata , 2015, Science.

[20]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[21]  Yehuda Lindell,et al.  Protocol Initialization for the Framework of Universal Composability , 2004, IACR Cryptol. ePrint Arch..

[22]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[23]  Jan Camenisch,et al.  Efficient Blind Signatures Without Random Oracles , 2004, SCN.