Private Record Linkage (PRL) is the process of identifying and merging records that correspond to the same entity across different databases while cryptographically guaranteeing that no information about non-matching records is disclosed. Unlike traditional record linkage, which requires sharing plaintext identifiers, PRL uses private set intersection (PSI) and oblivious pseudorandom functions (OPRFs) to compute matching status solely on encrypted or hashed representations, ensuring that sensitive identifiers like names, medical record numbers, or social security numbers remain provably hidden from all parties except where a match is confirmed.
Glossary
Private Record Linkage

What is Private Record Linkage?
Private Record Linkage (PRL) is a cryptographic protocol that identifies and merges records referring to the same real-world entity across disparate databases without revealing the identities of non-matching records to any party.
PRL protocols typically employ Bloom filters encoded with q-gram similarity measures or homomorphic encryption to enable approximate matching on noisy real-world data, such as names with typographical errors or transposed dates. The technique is foundational in health informatics for linking patient records across hospitals without centralizing protected health information, and in fraud detection for identifying duplicate identities across financial institutions while maintaining strict compliance with GDPR and HIPAA data minimization requirements.
Key Features of Private Record Linkage
Private Record Linkage (PRL) enables organizations to identify and merge records referring to the same real-world entity across disparate databases without exposing the identities of non-matching records. These key features define the technical architecture and security guarantees of modern PRL protocols.
Privacy-Preserving Blocking
Reduces the quadratic comparison space by grouping candidate record pairs using blocking keys without revealing plaintext identifiers.
- Uses Bloom filter encoding of q-grams or phonetic codes to represent blocking keys as encrypted sets
- Enables private set intersection (PSI) on blocking key sets to identify candidate blocks across parties
- Prevents linkage attacks by ensuring blocking keys are never exchanged in plaintext
- Common techniques include phonetic blocking (Soundex, Double Metaphone) and token-based blocking on encrypted n-grams
- Dramatically reduces computational overhead from O(n²) to near-linear complexity while maintaining privacy guarantees
Bloom Filter Comparison
Encodes record attributes into probabilistic data structures that enable private similarity computation without revealing the underlying values.
- Each record's identifying fields (name, address, DOB) are tokenized into q-grams and hashed into a Bloom filter
- The Dice coefficient or Jaccard similarity between two Bloom filters approximates string similarity of the original plaintext
- False positives are controllable through filter parameters (length, number of hash functions)
- Hardening techniques like balancing, XOR-folding, and salting defend against frequency-based cryptanalysis
- Enables approximate matching for fuzzy record linkage while maintaining cryptographic privacy
Threshold-Based Classification
Applies decision models to the computed similarity scores to classify record pairs as matches, non-matches, or potential matches without human access to raw data.
- Uses deterministic thresholds where pairs exceeding a predefined similarity score are automatically linked
- Probabilistic classification employs Fellegi-Sunter models to estimate match probability based on agreement patterns across multiple fields
- Clerical review can be invoked for pairs falling in an indeterminate range, but reviewers only see masked or encrypted representations
- Thresholds are tuned using ground-truth data or synthetic datasets that mirror the statistical properties of the private data
- Supports transitive closure to resolve multi-database linkage chains without re-identifying intermediate records
Cryptographic Match Key Exchange
Enables the secure exchange of persistent pseudonymous identifiers for matched records so that linked data can be integrated without revealing original identifiers.
- After a match is confirmed, parties exchange cryptographic match keys derived via a one-way function rather than plaintext record IDs
- Uses keyed hash functions (HMAC) or oblivious pseudorandom functions (OPRF) to generate consistent, non-invertible identifiers
- Match keys are database-specific, preventing cross-database correlation by unauthorized parties
- Supports incremental linkage where new records can be matched against previously linked datasets using the same key derivation
- Ensures compliance with data minimization principles under GDPR and HIPAA by limiting exchanged information to what is strictly necessary
Adversarial Resilience
Incorporates defenses against cryptanalytic attacks that attempt to re-identify records from the encoded representations exchanged during linkage.
- Frequency-based attacks exploit non-uniform distribution of Bloom filter bit positions; countered by balancing (setting additional random bits to achieve uniform bit density)
- Pattern mining attacks identify co-occurring q-gram patterns; mitigated by salting with record-specific secrets and XOR-folding to collapse the filter space
- Dictionary attacks attempt to brute-force encoded values by hashing common names; defended by keyed hashing where the hash key is kept secret between parties
- Composability analysis ensures that multiple linkage runs do not leak incremental information beyond the intersection result
- Formal security proofs in the semi-honest and malicious adversary models provide guarantees about what information is provably protected
Multi-Party Linkage Protocols
Extends private record linkage beyond two parties to enable collaborative entity resolution across multiple organizations without a trusted central party.
- Uses multi-party PSI protocols to identify records present in all or a threshold number of databases
- Secure multi-party computation (MPC) enables joint similarity computation across three or more parties without revealing individual contributions
- Supports star topology (central coordinator with pairwise links) and peer-to-peer topology (fully distributed) architectures
- Deduplication across multiple sources ensures that the final linked dataset contains each real-world entity only once
- Critical for public health surveillance, anti-money laundering, and fraud detection consortia where multiple institutions must collaborate without exposing their full customer bases
Frequently Asked Questions
Clear answers to common questions about the cryptographic techniques used to match records across databases without exposing sensitive identities.
Private Record Linkage (PRL) is a cryptographic process that identifies and merges records referring to the same real-world entity across different databases without revealing the identities of non-matching records to the other party. It works by encoding personally identifiable information (PII) like names, addresses, or dates of birth into privacy-preserving representations—typically using techniques like Bloom filters with cryptographic hash functions or oblivious pseudorandom functions (OPRFs). These encoded representations are then compared using a similarity metric, such as Dice coefficient or Jaccard similarity, to determine if two records match. The core mechanism often relies on Private Set Intersection (PSI) protocols, where each party computes an encrypted version of their dataset and only the intersection—the matching records—is revealed. For example, two hospitals can discover shared patients for a clinical study without exposing their entire patient registries to each other. The process typically involves three phases: blocking (reducing the comparison space by grouping similar records), comparison (computing similarity on encoded fields), and classification (deciding if a pair is a match based on a threshold).
Real-World Applications
Private Record Linkage (PRL) moves beyond theoretical cryptography to solve critical data integration challenges in sectors where privacy is non-negotiable. These applications demonstrate how organizations can merge records across silos without exposing the identities of non-matching entities.
Clinical Trial Cohort Expansion
Pharmaceutical companies use PRL to identify overlapping patients across hospital networks and research databases without exposing the full patient rosters of either institution.
- Links patients across disparate Electronic Health Record (EHR) systems
- Enables recruitment for rare disease trials by finding patients matching complex criteria
- Maintains HIPAA compliance by never revealing non-matching patient identities
- Reduces cohort identification time from months to days
Cross-Border Financial Crime Detection
Financial intelligence units use PRL to link suspicious entities across international transaction databases without violating data sovereignty laws.
- Matches sanctioned individuals across disparate banking ledgers
- Identifies money laundering rings by linking shell company records
- Preserves investigative confidentiality by hiding non-suspect records
- Enables collaborative analytics between competing financial institutions
National Health Data Linkage
Government health agencies use PRL to merge census data with hospital records for epidemiological studies without exposing citizen identities.
- Links birth registries with immunization databases to measure vaccination coverage
- Connects cancer registries across state lines without centralizing sensitive data
- Enables population health analytics while maintaining strict citizen privacy guarantees
- Supports evidence-based health policy without compromising individual confidentiality
Deduplication in Cloud Data Lakes
Enterprises migrating to cloud infrastructure use PRL to identify duplicate customer records across legacy systems without exposing the full dataset to the migration tool.
- Matches customer profiles across acquired company databases during M&A integration
- Identifies redundant records in multi-tenant cloud environments
- Preserves data compartmentalization between business units
- Reduces storage costs by eliminating duplicates before migration
Academic Research Collaboration
Universities use PRL to link longitudinal study participants across institutions without revealing the full cohort to collaborators.
- Matches participants in multi-site public health studies
- Enables joint research on sensitive topics while protecting subject anonymity
- Preserves institutional review board (IRB) compliance across jurisdictions
- Facilitates open science without compromising participant trust
Insurance Fraud Ring Detection
Claims databases across competing insurers are linked via PRL to identify organized fraud rings filing coordinated claims without exposing legitimate policyholder data.
- Matches claimant identities across insurers without revealing full customer bases
- Detects patterns of staged accidents and inflated medical claims
- Maintains competitive data confidentiality between participating carriers
- Reduces false positive fraud flags by correlating cross-insurer signals
Private Record Linkage vs. Related Techniques
A comparison of cryptographic and statistical techniques used to identify matching records across disparate databases without exposing non-matching identities.
| Feature | Private Record Linkage | Private Set Intersection | De-identification Pipelines |
|---|---|---|---|
Primary Objective | Match records referring to same real-world entity | Discover common elements between two sets | Remove or obscure identifiers from a single dataset |
Output Revealed | Matched record pairs and their attributes | Intersecting set elements or cardinality | Sanitized dataset for downstream use |
Handles Approximate Matching | |||
Reveals Non-Matching Records | |||
Typical Use Case | Health data linkage across hospitals | Contact discovery in messaging apps | Preparing training data for ML models |
Cryptographic Foundation | Bloom filters, PSI, Homomorphic Encryption | OT Extension, OPRF, Diffie-Hellman | K-anonymity, differential privacy, masking |
Parties Involved | 2 or more data custodians | 2 parties (or multiparty extension) | 1 data controller |
False Positive Tolerance | Configurable via Bloom filter parameters | Protocol-dependent, often near-zero | Application-dependent |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Private Record Linkage relies on a stack of cryptographic primitives and protocols to match records without exposing raw identifiers. These related terms form the technical backbone of privacy-preserving entity resolution.
Bloom Filter
A space-efficient probabilistic data structure used to test whether an element is a member of a set. In PPRL, Bloom filters encode sensitive identifiers (e.g., names, dates of birth) into bit arrays, allowing approximate matching via set similarity metrics like Dice coefficient or Jaccard index.
- No false negatives: If the filter says an element is absent, it definitely is.
- Controllable false positives: Tuning the filter size and number of hash functions balances privacy against linkage accuracy.
- Privacy limitation: Bloom filters are vulnerable to frequency-based cryptanalysis attacks, necessitating additional hardening techniques like XOR-folding or adding random noise.
Cuckoo Hashing
A hashing scheme that resolves collisions by relocating existing keys using two or more hash functions. In PSI and PPRL protocols, Cuckoo hashing is used to optimize the placement of one party's set elements into bins, drastically reducing the communication and computational overhead of the subsequent secure comparison.
- How it works: Each element is assigned to one of two possible bins. If a bin is full, the occupying element is evicted and moved to its alternate location, potentially triggering a cascade.
- Stash: A small overflow area for elements that cannot be placed without cycles, typically sized for a negligible fraction of the input.
- Benefit: Ensures that each bin contains at most one element from the sender's set, allowing the receiver to perform only a single comparison per bin.
Fuzzy PSI
A variant of Private Set Intersection that identifies approximate matches between elements rather than requiring exact equality. This is essential for record linkage because real-world identifiers often contain typographical errors, phonetic variations, or formatting inconsistencies.
- Distance metrics: Uses edit distance (Levenshtein), Jaccard similarity on q-gram sets, or phonetic encodings (Soundex, Double Metaphone) to quantify closeness.
- Threshold tuning: Parties agree on a similarity threshold above which records are considered a match, balancing precision and recall.
- Challenge: Securely computing approximate matching is significantly more complex than exact matching, often requiring garbled circuits or homomorphic encryption to evaluate the distance function privately.
Malicious Security
A cryptographic security model that guarantees protocol correctness and privacy even when an adversary arbitrarily deviates from the protocol specification. For PPRL in adversarial environments, malicious security prevents a corrupt party from learning extra information by sending malformed messages or aborting early.
- Real-world necessity: Essential when linking records between mutually distrustful organizations, such as competing financial institutions or intelligence agencies.
- Cost: Maliciously secure protocols are typically 2-10x slower than their semi-honest counterparts due to additional consistency checks and zero-knowledge proofs.
- Techniques: Cut-and-choose, authenticated garbling, and SPDZ-style MACs are common approaches to upgrading semi-honest protocols to malicious security.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us