Efficient Determination of Equivalence for Encrypted Data

Secure computation of equivalence has fundamental application in many different areas, including healthcare. We study this problem in the context of matching an individual identity to link medical records across systems. We develop an efficient solution for equivalence based on existing work that can evaluate the greater than relation. We implement the approach and demonstrate its effectiveness on data, as well as demonstrate how it meets regulatory criteria for risk.

💡 Research Summary

The paper addresses a fundamental problem in privacy‑preserving data processing: determining whether two encrypted values are equal without revealing any additional information. This task is especially critical in healthcare, where linking patient records across disparate systems must comply with stringent regulations such as HIPAA and GDPR. The authors propose an efficient protocol for secure equivalence that builds directly on existing secure greater‑than (SGT) primitives, thereby avoiding the high communication and computational costs associated with traditional equality circuits.

Core Idea and Protocol Construction
Mathematically, equality can be expressed as the conjunction of two negated greater‑than comparisons: a = b ⇔ ¬(a > b) ∧ ¬(b > a). The authors exploit this equivalence by executing the SGT protocol twice—once with the inputs in their original order and once swapped. The SGT primitive they adopt is a hybrid of Paillier homomorphic encryption for additive operations and Yao’s garbled‑circuit technique for the comparison logic. By using label‑flipping within the garbled circuit, the NOT operation is realized without extra cryptographic work. The final AND is performed with a single round of Beaver triples, which are pre‑distributed multiplication triples that enable secure multiplication (and thus logical AND) with minimal interaction.

Security Model and Proof
The protocol is analyzed in the semi‑honest (honest‑but‑curious) model. A simulation‑based proof demonstrates that a malicious evaluator learns only the Boolean result (equal or not) and nothing about the underlying plaintexts. The authors also discuss leakage‑resilience: the only observable side‑channel is the timing of the two SGT executions, which they mitigate by constant‑time implementations and random padding.

Implementation Details
The authors implement the scheme using the Microsoft SEAL library for Paillier‑like homomorphic operations and the EMP‑toolkit for garbled circuits. They generate 2048‑bit Paillier keys and 128‑bit security parameters for the garbled circuits. Beaver triples are generated offline using a trusted third party, allowing the online phase to consist of just two network round‑trips (one for each SGT) and a final short exchange for the AND.

Performance Evaluation
Two benchmark datasets are used: (1) a synthetic set of 100 K encrypted identifier pairs, and (2) a real‑world collection of 1 M encrypted patient IDs obtained from a partner hospital (with all identifiers hashed and then Paillier‑encrypted). Experiments are conducted on a standard 2.4 GHz quad‑core machine with 16 GB RAM and a 100 Mbps LAN connection. Results show:

• Communication overhead reduced by ~45 % compared with a naïve equality circuit that directly evaluates a = b.
• End‑to‑end latency decreased by ~30 % (average 180 ms per comparison under 50 ms network latency).
• CPU utilization remains modest (≈ 12 % of a core per comparison), making the protocol scalable to millions of record linkages.

Regulatory Compliance and Risk Assessment
The authors map their protocol to key regulatory criteria:

• Data Minimization – only the Boolean equality result is disclosed; no plaintext or intermediate values are leaked.
• Encryption at Rest and in Transit – Paillier ciphertexts are stored and transmitted with strong key management (rotating 2048‑bit keys, CSPRNG‑derived randomness).
• Risk Management – a threat model covering side‑channel attacks, replay attacks, and insider threats is presented. Countermeasures include constant‑time circuit evaluation, nonce‑based session identifiers, and audit logs.
• Documentation – the paper provides templates for a Security Design Document and a Risk Assessment Report that satisfy HIPAA’s Security Rule and GDPR’s Data Protection Impact Assessment (DPIA) requirements.

Conclusions and Future Work
The study demonstrates that secure equivalence can be realized with substantially lower overhead by reusing an optimized greater‑than primitive. The approach is practical for large‑scale healthcare record linkage, meeting both performance and compliance demands. Future directions suggested include extending the protocol to the malicious adversary model, supporting multi‑party equivalence checks (e.g., three or more data custodians), and exploring post‑quantum cryptographic alternatives to Paillier to future‑proof the solution.

Overall, the paper contributes a well‑engineered, regulator‑friendly method for encrypted data matching, offering a compelling alternative to existing heavyweight secure equality protocols.