Decentralized Generation of Multiple, Uncorrelatable Pseudonyms without Trusted Third Parties

Lehnhardt, Jan; Spalka, Adrian

doi:10.1007/978-3-642-22890-2_10

Cited by 4 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As stated in [24], when designing such a decentralised approach for pseudonym generation, we are mainly interested in fulfilling the following requirements: i) ease of use, ii) linking a pseudonym to its owning user should not be possible for any other than the user herself, unless it is explicitly permitted, iii) in cases that users may have multiple pseudonyms, it should not be possible to identify different pseudonyms as belonging to the same user, iv) injectivity, in terms that the pseudonym generation process should avoid duplicates, v) flexibility, i.e. it should be possible to add new pseudonyms to the user entities with minimal effort.…”

Section: Introductionmentioning

confidence: 88%

“…Therefore, the new pseudonymisation technique satisfies the properties described in [24] (implementation issues will be subsequently analysed), enriched with some additional properties that may be of high importance in specific scenarios, as discussed next. Actually, due to the property P3, the user A may prove, if she wants, that two different pseudonyms P (1)…”

Section: Introductionmentioning

confidence: 99%

“…Several such pseudonymisation approaches have been proposed in the literature (e.g. [33,24,35]). One of the most known scenarios of user-generated pseudonyms is the the case of several blockchain systems (such as the case of Bitcoin), in which the users are being identified by a meaningless identifier (i.e.…”

Section: Introductionmentioning

confidence: 99%

“…Moreover, it should be pointed out that the cryptographic strength of the above properties are strongly related to the cryptographic strength of the Merkle tree as an one-time signature scheme, which is known to be post-quantum secure under specific assumptions on the underlying hash function [9,10] (see subsection 3.3). This is an important property, taking also into account that other known techniques on deriving user-generated pseudonyms (such as the aforementioned techniques in [33,24,35])) rely on conventional public key cryptographic schemes which are not post-quantum secure.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Privacy Technologies and Policy

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

A pseudonymisation technique based on Merkle trees is described in this paper. More precisely, by exploiting inherent properties of the Merkle trees as cryptographic accumulators, we illustrate how usergenerated pseudonyms can be constructed, without the need of a third party. Each such pseudonym, which depends on several user's identifiers, suffices to hide these original identifiers, whilst the unlinkability property between any two different pseudonyms for the same user is retained; at the same time, this pseudonymisation scheme allows the pseudonym owner to easily prove that she owns a pseudonym within a specific context, without revealing information on her original identifiers. Compared to other user-generated pseudonymisation techniques which utilize public key encryption algorithms, the new approach inherits the security properties of a Merkle tree, thus achieving post-quantum security.

show abstract

Section: Introductionmentioning

confidence: 88%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Privacy Technologies and Policy

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…FHIR-DIET allows users to choose among several cryptographic schemes, all of which offer a perfectly hiding property and can be fed to the tool through the configuration files. In particular, following the guidelines [14], the choice is around literature approaches based on asymmetric cryptographic algorithms (e.g., [40]) or more recent approaches based on cryptographic accumulators for pseudonym generation [41], which inherits the security properties of a Merkle tree (also envisioned by the recent ENISA report [15]) achieving post-quantum security. The reference is the ENISA best practices [14] and techniques [15] and the ISO 25237 standard on pseudonymisation and specifically the Clause 6 [16].…”

Section: ) Pseudonymisation and De-pseudonymisationmentioning

confidence: 99%

Anonymization and Pseudonymization of FHIR Resources for Secondary Use of Healthcare Data

Raso,

Loreti,

Ravaziol

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Along with the creation of medical profiles of patients, Electronic Health Records have several secondary missions, such as health economy and research. The recent, increasing adoption of a common standard, i.e., the Fast Healthcare Interoperability Resources (FHIR), makes it easier to exchange medical data among the several parties involved, for example, in an epidemiological research activity. However, this exchange process is hindered by regulatory frameworks due to privacy issues related to the presence of personal information, which allows patients to be identified directly (or indirectly) from their medical data. When properly used, de-identification techniques can provide crucial support in overcoming these problems. FHIR-DIET aims to bring flexibility and concreteness to the implementation of de-identification of health data, supporting many customised data-processing behaviours that can be easily configured and tailored to match specific use case requirements. Our solution enables faster and easier cooperation between legal and IT professionals to establish and implement de-identification rules. The performance evaluation demonstrates the viability of processing hundreds of FHIR patient information data per second using standard hardware. We believe FHIR-DIET can be a valuable tool to satisfy the current regulation requirements and help to create added-value for the secondary use of healthcare data.

show abstract