(Sicherheit 2024, 2024) Heng, Youzhe; Schnell, Rainer; Armknecht, Frederik
For linking sensitive or medical data in Germany, the widely accepted protocol of the German cancer registries (GCRs) is often used as a baseline model for privacy-preserving record linkage (PPRL). Despite its popularity, no cryptographic analysis of the GCR protocol has been published so far. Given the recent advances in the cryptanalysis of PPRL methods and the resulting increase in privacy demands of PPRL protocols, an evaluation of the GCR protocol is needed. Using the same assumptions as recent attacks on modern PPRL methods, we show that the current GCR protocol cannot protect against attacks. Using a public available database, up to 90% of the encoded records can be correctly re-identified. Therefore, the GCR protocol should no more be used as a blueprint for future registers.