Entity alignment is the cryptographic process of identifying overlapping records (e.g., the same customers or devices) across the vertically partitioned datasets held by different organizations without any party revealing its full dataset. This step is a prerequisite for Vertical Federated Learning (VFL), where different parties hold different features about the same entities. It is typically achieved using protocols like Private Set Intersection (PSI), which allows parties to compute only the common set of entity identifiers, ensuring no other private information is exposed.
Glossary
Entity Alignment

What is Entity Alignment?
Entity alignment is the foundational privacy-preserving step in Vertical Federated Learning (VFL) that enables collaborative model training across partitioned datasets.
The output of entity alignment is a secure, agreed-upon list of matched IDs that defines the intersection dataset used for all subsequent collaborative training. Without this alignment, parties cannot know which of their records correspond, making joint model training impossible. This process directly addresses core enterprise concerns in regulated industries by enabling data collaboration while maintaining data sovereignty and compliance with privacy regulations, as raw feature data never leaves its owner's control.
Core Characteristics of Entity Alignment
Entity alignment is the foundational, privacy-preserving process of identifying matching records for the same real-world entities across the vertically partitioned datasets held by different parties. It is the critical prerequisite that enables collaborative model training without sharing raw data.
Cryptographic Foundation
Entity alignment is not a simple database join; it is a cryptographic protocol. The core mechanism is Private Set Intersection (PSI), which allows two or more parties to compute the intersection of their private identifier sets (e.g., customer IDs, device serial numbers) without revealing any identifiers not in the intersection. This ensures only the aligned subset of entities is used for training, with no leakage about non-overlapping records.
- Example: A bank (Party A) and a retailer (Party B) use PSI to find their shared customers. The protocol confirms Customer X exists in both datasets, but Party A learns nothing about Customer Y who shops only at the retailer, and vice-versa.
Pre-Training Prerequisite
Entity alignment is a one-time, pre-processing step executed before the federated training loop begins. Its output is a cryptographically secured agreement on the aligned entity indices. The subsequent split neural network training operates only on this aligned subset. This separation is crucial for system design, as the alignment protocol's computational and communication costs are incurred upfront, not in every training round.
- Key Distinction: Alignment establishes which samples to use; the VFL protocol defines how to compute over the features of those samples.
Identifier-Based, Not Feature-Based
Alignment operates exclusively on entity identifiers, not on the feature data itself. Parties share or compute over encrypted hashes of IDs (e.g., user IDs, transaction IDs), not the actual features (e.g., account balance, purchase history). This strict separation preserves the core privacy promise of VFL: feature data never leaves its owner.
- Security Boundary: A robust alignment protocol ensures that even the distribution or entropy of the non-intersecting IDs is protected from other participants.
Deterministic vs. Probabilistic Matching
Alignment strategies vary based on data quality:
- Deterministic Matching: Used when unique, stable keys exist across all parties (e.g., government ID numbers, global device UUIDs). PSI protocols are most efficient here.
- Probabilistic Matching: Required in absence of common keys. Uses secure entity resolution techniques, which may compare encrypted quasi-identifiers (e.g., name, date of birth, address) with fuzzy matching to estimate record linkage probability, all within a multi-party computation (MPC) framework. This is more complex and computationally intensive.
Scalability & Communication Cost
The communication overhead of entity alignment is a primary engineering challenge. Naïve PSI implementations have quadratic cost. Modern efficient PSI protocols (e.g., based on Oblivious Transfer, Homomorphic Encryption, or Bloom Filters) reduce this to linear or near-linear complexity relative to dataset size. The chosen protocol directly impacts the feasibility of aligning large-scale datasets (e.g., millions of records) across organizational boundaries with practical bandwidth.
Trust and Threat Model Assumption
The design of the alignment protocol hinges on the adversarial threat model. In semi-honest (honest-but-curious) settings, parties follow the protocol but try to learn extra information. Most PSI protocols are designed for this model. For malicious settings where parties may deviate, more robust but costly verifiable PSI or MPC protocols are required. The choice dictates the cryptographic primitives used and the necessary consensus mechanisms.
How Entity Alignment Works
Entity alignment is the foundational privacy-preserving step that enables Vertical Federated Learning (VFL) by securely identifying overlapping records across distributed datasets.
Entity alignment is the cryptographic process of identifying the same real-world entities (e.g., customers, devices) across the vertically partitioned datasets held by different parties without revealing non-overlapping records. This is achieved using protocols like Private Set Intersection (PSI), which allows participants to compute the intersection of their private identifier sets (like user IDs) while keeping all other identifiers secret. The output is a secure, aligned list of common entities that forms the sample space for subsequent collaborative model training, ensuring no raw data is exchanged.
The process begins with each party locally hashing and encrypting their entity identifiers. Through a series of secure multi-party computations, these encrypted sets are compared to derive the intersection. For VFL, this alignment is a mandatory pre-training step, as the feature owners and the label owner must agree on which samples to use. Efficient entity alignment protocols minimize communication and computational overhead, which is critical for scaling VFL systems across large, distributed datasets in regulated industries like finance and healthcare.
Entity Alignment Use Cases
Entity alignment is the foundational, privacy-preserving step that enables collaborative model training across vertically partitioned datasets. These use cases demonstrate its critical role in unlocking value from siloed data without compromising security.
Cross-Bank Credit Risk Modeling
Multiple financial institutions hold different financial attributes for the same corporate clients (e.g., Bank A has loan history, Bank B has transaction data). Entity alignment via Private Set Intersection (PSI) allows them to identify shared corporate entities without revealing their full client lists. This enables the collaborative training of a superior credit risk model using a broader feature set, while each bank's proprietary customer relationships remain confidential.
Healthcare Diagnostics & Research
A hospital holds patient lab results and imaging data, while a research institute holds genomic sequences. Secure entity resolution aligns patient records across these entities using anonymized identifiers, enabling the training of a multimodal diagnostic model that correlates genetic markers with clinical outcomes. This accelerates precision medicine research while maintaining strict HIPAA/GDPR compliance, as raw patient records never leave their original custodians.
Retail & Advertising Personalization
An e-commerce platform holds user purchase history, while a digital advertiser holds user browsing behavior and demographic data. Entity alignment matches users across these platforms based on hashed identifiers. This allows for the federated training of a next-product-to-buy model with vastly enriched features, leading to highly personalized recommendations and ad targeting. The process ensures user privacy is preserved, as neither party learns the specific browsing habits or purchase history of the other's users.
IoT & Smart City Analytics
Different municipal departments or utility companies hold sensor data for the same geographic areas (e.g., traffic cameras, energy meters, air quality sensors). Entity alignment matches data streams by location and timestamp, enabling the joint training of models for predictive traffic flow, energy load forecasting, or pollution source identification. This creates a unified intelligence layer for urban management without centralizing sensitive operational data from each department.
Manufacturing Supply Chain Optimization
An original equipment manufacturer (OEM), its component suppliers, and logistics partners each hold partial data about production batches and shipments. Entity alignment links records for the same physical components or shipments across the supply chain using shared order IDs or serial numbers processed through a secure multi-party computation (MPC) protocol. This enables collaborative models that predict delays, optimize inventory, and identify quality issues root causes, while protecting each company's proprietary operational data.
Fraud Detection Across Financial Networks
Different payment processors, merchants, and credit bureaus observe fragments of potentially fraudulent transaction patterns. Privacy-preserving entity alignment allows these parties to securely determine if suspicious activities in their separate systems refer to the same underlying actor or card. By aligning entities without exposing legitimate customer transactions, they can collaboratively train a more robust and generalized fraud detection model that identifies sophisticated, cross-platform attack patterns earlier.
Entity Alignment vs. Related Concepts
A comparison of Entity Alignment with other key data processing and privacy techniques, highlighting its unique role in enabling Vertical Federated Learning.
| Feature / Metric | Entity Alignment | Private Set Intersection (PSI) | Secure Entity Resolution | Data Federation |
|---|---|---|---|---|
Primary Goal | Identify overlapping entities across vertically partitioned datasets for collaborative training. | Cryptographically compute the intersection of private sets (e.g., ID lists) between parties. | Determine if two or more records from different sources refer to the same real-world entity. | Provide a unified query interface over distributed, heterogeneous data sources without centralization. |
Core Output | Aligned sample indices for the training cohort across parties. | The set of common elements, with no other information leaked. | Matched record pairs or clusters representing the same entity. | A virtual, integrated view of the underlying disparate databases. |
Data Partition Context | Exclusively designed for the Vertical Federated Learning (VFL) setting. | Generic cryptographic primitive; a common building block for Entity Alignment in VFL. | A broader database and record linkage concept; can be a component of Entity Alignment. | A data management architecture, not inherently tied to machine learning. |
Privacy Guarantee | Achieved by combining cryptographic protocols (like PSI) with FL safeguards; prevents raw data exchange. | Provides cryptographic security: parties learn only the intersection, nothing else. | Employs techniques like hashing or encryption to protect record content during matching. | Relies on access controls and query federation; raw data typically remains at sources. |
Revealed Information | Only the knowledge that specific entities (e.g., by encrypted ID) are present in all parties' datasets for the aligned set. | Only the items in the mathematical intersection of the input sets. | The matched entity relationships, but the resolution process itself is designed to protect attribute values. | Query results are revealed to the requester; source data schemas and locations may be exposed. |
Typical Use Case in ML | Mandatory first step to establish a common training cohort for Vertical Federated Learning. | Used within the Entity Alignment pipeline to securely find overlapping user IDs between a label owner and feature owners. | Used in data preprocessing to clean and link records before they are partitioned for VFL. | Not directly used for model training; used for analytics and reporting on distributed data. |
Communication & Computation Overhead | High, due to multi-party cryptographic protocols and potential multiple rounds for alignment. | Moderate to High, depending on the specific PSI protocol (e.g., RSA-based, ECDH, OT-based). | Varies; can be high for privacy-preserving methods that use secure comparisons. | Lower for query federation; overhead is in query planning and execution across networks. |
Role in VFL Pipeline | Foundational prerequisite. Training cannot proceed without aligned entities. | A key cryptographic tool often used to implement the core alignment step. | Can be a precursor step if raw records need linking before IDs are extracted for alignment. | Generally not part of the core VFL training protocol. |
Frequently Asked Questions
Entity alignment is the foundational privacy-preserving step in Vertical Federated Learning (VFL), enabling collaborative model training across organizations that hold different data features about the same customers or devices.
Entity alignment is the cryptographic process of identifying overlapping records (e.g., the same customers, devices, or transactions) across the vertically partitioned datasets held by different organizations without revealing the full datasets to each other. It is the critical first step in Vertical Federated Learning (VFL), establishing a common set of samples on which a joint model can be trained. Without secure alignment, parties cannot know which of their records correspond to the same real-world entities, making collaborative training impossible while preserving privacy. The output is a securely computed intersection of entity IDs, such as encrypted user identifiers, that all participating parties agree upon for the training process.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Entity alignment is a foundational step in Vertical Federated Learning (VFL). These related concepts define the cryptographic protocols, data structures, and collaborative processes that make secure, multi-party model training possible.
Vertical Data Partition
A vertical data partition is the specific data structure where different features (columns) describing the same set of entities (rows) are held by different, non-colluding organizations. This is the structural prerequisite for VFL and defines the problem entity alignment solves.
- Key Characteristic: Entities (rows) are aligned, but features (columns) are split. For example, a hospital holds medical history features, while an insurer holds billing code features for the same patients.
- Contrast with Horizontal FL: In horizontal FL, parties have the same feature sets for different entities. Vertical FL requires alignment of entities across different feature sets.
Secure Entity Resolution
Secure entity resolution is a broader privacy-preserving data management process for identifying records that refer to the same real-world entity across multiple, distinct databases. It encompasses PSI but can also handle fuzzy matching (e.g., aligning "Jon Doe" with "John Doe") using secure techniques.
- Scope: Often involves record linkage and deduplication across databases with potentially noisy or inconsistent identifiers.
- VFL Role: Provides a more robust alignment layer when entity identifiers are not perfectly consistent across parties, ensuring higher-quality sample alignment before model training commences.
Feature Owner & Label Owner
These are the two primary roles in a VFL system, defined by the data they hold in the vertically partitioned schema.
- Feature Owner: A participant that possesses a subset of the input features (e.g., transaction history, sensor readings) for the aligned entities. They compute the initial layers of a split neural network.
- Label Owner: The participant that holds the target values or labels (e.g., loan default flag, diagnostic outcome) for the aligned entities. This party typically initiates the training process, computes the loss, and coordinates backpropagation.
The relationship and trust model between these roles dictate the vertical training protocol design.
Split Neural Network
A split neural network is the model architecture used in VFL, where the neural network is divided into multiple segments hosted by different parties according to the vertical data partition.
- Cut Layer: The specific layer where the model is split. The feature owner computes the forward pass up to this layer, producing an intermediate output or embedding.
- Information Flow: This intermediate output is securely sent to the label owner, who completes the forward pass, calculates the loss, and initiates vertical backpropagation.
- Privacy-Utility Trade-off: The location of the cut layer is critical; earlier cuts preserve more privacy but may reduce model utility.
Vertical Secure Aggregation
Vertical secure aggregation refers to cryptographic protocols used to combine model updates (e.g., gradients from feature owners) in VFL without revealing any single participant's contribution. It protects against privacy inference attacks during training.
- Common Techniques: Leverages Secure Multi-Party Computation (MPC) or homomorphic encryption to allow a coordinator (often the label owner) to compute the sum of gradients while each gradient remains encrypted or secret-shared.
- Purpose: Prevents a curious label owner from learning sensitive information about a specific feature owner's data by inspecting their individual gradient updates, complementing the privacy provided by entity alignment.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us