A Privacy-Preserving Information-Sharing Protocol for Federated Authentication

TL;DR

This paper introduces a privacy-preserving protocol for federated authentication that enables identity verification and fraud detection without compromising user privacy or enabling cross-domain user tracking.

Contribution

It proposes a novel cryptographic protocol combining OPRFs and domain-specific transformations to ensure privacy and prevent identity fraud in federated systems.

Findings

Achieves strong privacy guarantees for identity registration.

Supports effective fraud detection across domains.

Maintains user confidentiality while enabling global consistency checks.

Abstract

This paper presents a privacy-preserving protocol for identity registration and information sharing in federated authentication systems. The goal is to enable Identity Providers (IdPs) to detect duplicate or fraudulent identity enrollments without revealing users personal data or enabling cross-domain correlation. The protocol relies on Oblivious Pseudorandom Functions (OPRFs) combined with domain-specific transformations, ensuring that each IdP generates independent pseudonymous identifiers derived from a shared cryptographic service while maintaining full input confidentiality. A central authority maintains a blind registry that records successful and failed identity verifications using only pseudonymous identifiers, allowing global consistency checks without exposing sensitive information or linking users across domains. The proposed construction provides a general and abstract framework suitable for a wide range of federated authentication systems, achieving strong privacy guarantees while supporting effective fraud-prevention mechanisms during identity registration.