Paper 2017/022

Privacy for Distributed Databases via (Un)linkable Pseudonyms

Jan Camenisch and Anja Lehmann

Abstract

When data maintained in a decentralized fashion needs to be synchronized or exchanged between different databases, related data sets usually get associated with a unique identifier. While this approach facilitates cross-domain data exchange, it also comes with inherent drawbacks in terms of controllability. As data records can easily be linked, no central authority can limit or control the information flow. Worse, when records contain sensitive personal data, as is for instance the case in national social security systems, such linkability poses a massive security and privacy threat. An alternative approach is to use domain-specific pseudonyms, where only a central authority knows the cross-domain relation between the pseudonyms. However, current solutions require the central authority to be a fully trusted party, as otherwise it can provide false conversions and exploit the data it learns from the requests. We propose an (un)linkable pseudonym system that overcomes those limitations, and enables controlled yet privacy-friendly exchange of distributed data. We prove our protocol secure in the UC framework and provide an efficient instantiation based on discrete-logarithm related assumptions.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ACM CCS 2015
Keywords
pseudonymsunlinkabilitydata exchange
Contact author(s)
anj @ zurich ibm com
History
2017-01-19: revised
2017-01-13: received
See all versions
Short URL
https://ia.cr/2017/022
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/022,
      author = {Jan Camenisch and Anja Lehmann},
      title = {Privacy for Distributed Databases via (Un)linkable Pseudonyms},
      howpublished = {Cryptology ePrint Archive, Paper 2017/022},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/022}},
      url = {https://eprint.iacr.org/2017/022}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.