Paper 2017/022
Privacy for Distributed Databases via (Un)linkable Pseudonyms
Jan Camenisch and Anja Lehmann
Abstract
When data maintained in a decentralized fashion needs to be synchronized or exchanged between different databases, related data sets usually get associated with a unique identifier. While this approach facilitates cross-domain data exchange, it also comes with inherent drawbacks in terms of controllability. As data records can easily be linked, no central authority can limit or control the information flow. Worse, when records contain sensitive personal data, as is for instance the case in national social security systems, such linkability poses a massive security and privacy threat. An alternative approach is to use domain-specific pseudonyms, where only a central authority knows the cross-domain relation between the pseudonyms. However, current solutions require the central authority to be a fully trusted party, as otherwise it can provide false conversions and exploit the data it learns from the requests. We propose an (un)linkable pseudonym system that overcomes those limitations, and enables controlled yet privacy-friendly exchange of distributed data. We prove our protocol secure in the UC framework and provide an efficient instantiation based on discrete-logarithm related assumptions.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. ACM CCS 2015
- Keywords
- pseudonymsunlinkabilitydata exchange
- Contact author(s)
- anj @ zurich ibm com
- History
- 2017-01-19: revised
- 2017-01-13: received
- See all versions
- Short URL
- https://ia.cr/2017/022
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/022, author = {Jan Camenisch and Anja Lehmann}, title = {Privacy for Distributed Databases via (Un)linkable Pseudonyms}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/022}, year = {2017}, url = {https://eprint.iacr.org/2017/022} }