PrivaRisk: Verifiable and auditable OPRF-based PSI for financial data sharing

Abstract

The high sensitivity and concurrency of financial data make privacy-preserving computation a critical requirement for data security in financial enterprises. In real-world business scenarios, financial institutions often need to collaborate with multiple platforms for data analysis and modeling. A key challenge lies in sharing data while preserving the privacy of non-intersecting elements. To address this, this paper proposes a novel secure financial data sharing framework aimed at achieving efficient “usable but invisible” data sharing. Specifically, we construct a multiparty computation-friendly oblivious pseudorandom function, termed the Key-Shared Verifiable Oblivious Pseudorandom Function (KS-VOPRF). KS-VOPRF ensures key uniqueness through the integration of timestamps, supports compliance verification of pseudorandom outputs, effectively resists replay attacks, prevents malicious server behavior, and provides data auditing capabilities. Based on KS-VOPRF, we design a private set intersection (PSI) protocol named PrivaRisk. PrivaRisk incorporates hashing and partitioning techniques for effective data value extraction. Additionally, we propose a novel data storage and querying method, the Cuckoo-Simple Hybrid Hash (CSHH) structure, and leverages fog nodes for distributed computation. To further enhance security, Pedersen commitments are introduced to facilitate multiparty consistency checks and auditing. Consequently, PrivaRisk exhibits low computational latency, effectively ensuring data integrity, correctness and traceability, thereby preventing data tampering and forgery by malicious users. The protocol also provides collusion resistance and can be extended to a threshold PSI. Experimental results demonstrate the efficiency and scalability of KS-VOPRF and PrivaRisk.