A critique and attack on “Blockchain-based privacy-preserving record linkage”

Abstract Privacy-preserving record linkage (PPRL) is the process of identifying records in sensitive databases that refer to the same entities in applications where no private or confidential data can be shared by the owners of the databases being linked. In their paper “Blockchain-based Privacy-Preserving Record Linkage – Enhancing Data Privacy in an Untrusted Environment” (Nobrega et al., 2021) (named BC-PPRL in the following), Nobrega et al. (2021) proposed the use of blockchain technologies to provide accountability of the parties involved in a PPRL protocol and thereby allow the detection of misbehaving parties. While the use of blockchain techniques is an interesting and novel contribution to the research area of PPRL, as we show in this paper both theoretically and practically using a simple attack method, the BC-PPRL approach has some serious privacy weaknesses. We specifically highlight that one key aspect of the proposed approach, the exchange of Bloom filter segments between the database owners, can reveal substantially more sensitive information compared to what is stated in the paper by Nobrega et al. (2021). Using a real-world data set we show how our attack can allow a database owner to reidentify with high accuracy a large number of the sensitive values that were encoded in the Bloom filter segments they receive from the other database owner. We make the code and data sets of our attack available at: https://github.com/anushkavidanage/bc-pprlSegmentAtomAttack/ .