SMURF: Privacy-Preserving Multi-Party Graph Mining for AML
D. Gnanadhandayuthapani (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Z. Erkin – Mentor (TU Delft - Electrical Engineering, Mathematics and Computer Science)
N.M. Gürel – Graduation committee member (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Money launderers frequently obscure illicit funds by routing transactions across multiple financial institutions, creating complex “scatter-gather” (smurfing) patterns. Although these structural patterns are detectable within a centralised transaction graph, privacy regulations like GDPR prevent banks from directly merging their data. Existing privacy-preserving graph frameworks are limited to pairwise protocols that fail to capture laundering chains involving three or more institutions. To address this, we present SMURF (Scatter-gather Mining Using Randomised Functions), a privacy-preserving framework with a five-phase protocol enabling banks to jointly detect cross-institutional scatter-gather patterns without exposing raw account data. By combining Oblivious Pseudorandom Functions (OPRFs) and Homomorphic Encryption (HE), SMURF allows banks to locally extract transaction pairs, generate anonymous identifiers, and securely aggregate counts via a Central Coordinator entirely in the encrypted domain before collaboratively decrypting final totals to flag suspicious accounts. Empirical evaluations on the synthetic AMLWorld small (HI) dataset with approx. 5 million transactions and 369 scatter-gather accounts show that our system achieves an F1-score of 82.44% in less than 20 minutes when executed on a 64 core AMD EPYC processor.