Differential Cryptanalysis of Bloom Filters for Privacy-Preserving Record Linkage

Privacy-preserving record linkage (PPRL) aims to link records of the same real-world entity from different databases without exposing any private information about the entity. Bloom filters are widely used in PPRL due to their effectiveness in encoding records while enabling fast approximate linkage in the case of attribute value errors and changes. However, the basic Bloom filters used for PPRL can be subject to cryptanalysis attacks that expose the plain-text values encoded in them. Recent studies have successfully attacked some improved Bloom filter encodings in PPRL but require specific conditions or knowledge of various encoding parameters to obtain high accuracy. This paper presents a novel attack based on differential analysis against Bloom filters used for PPRL. The attack exploits graphs to model the relationship between attribute value variation and the difference between Bloom filters. Then, features are generated for the node in graphs according to a clustering algorithm that we propose. Thus, we can match nodes with similar features to re-identify encoded records. Experiments on two real-world databases show that even with improved Bloom filter encoding and some hardening techniques, our attack can re-identify private information from encoded records with high accuracy and require less priori knowledge.