Labeled Delegated PSI and its Applications in the Public Sector

TL;DR

This paper introduces a new privacy-preserving multi-party data linking protocol tailored for public sector applications, enabling secure data integration with enhanced output functions and proven security guarantees.

Contribution

It presents a novel D-PSI protocol with composable output functions, addressing practical deployment challenges in public sector data linking.

Findings

Secure against colluding semi-honest providers

Supports encrypted payload and pseudonymized identifiers

Suitable for public sector data integration

Abstract

Sensitive citizen data, such as social, medical, and fiscal data, is heavily fragmented across public bodies and the private domain. Mining the combined data sets allows for new insights that otherwise remain hidden. Examples are improved healthcare, fraud detection, and evidence-based policy making. (Multi-party) delegated private set intersection (D-PSI) is a privacy-enhancing technology to link data across multiple data providers using a data collector. However, before it can be deployed in these use cases, it needs to be enhanced with additional functions, e.g., securely delivering payload only for elements in the intersection. Although there has been recent progress in the communication and computation requirements of D-PSI, these practical obstacles have not yet been addressed. This paper is the result of a collaboration with a governmental organization responsible for collecting, linking, and pseudonymizing data. Based on their requirements, we design a new D-PSI protocol with composable output functions, including encrypted payload and pseudonymized identifiers. We show that our protocol is secure in the standard model against colluding semi-honest data providers and against a non-colluding, possibly malicious independent party, the data collector. It, hence, allows to privately link and collect data from multiple data providers suitable for deployment in these use cases in the public sector.