Financial crime has seen a surge in complexity over the past decades as a result of digitisation. This required better tools for detecting financial crime, creating a cat-and-mouse game between law enforcement and criminals. Anti-money laundering (AML) is the collective term desc
...
Financial crime has seen a surge in complexity over the past decades as a result of digitisation. This required better tools for detecting financial crime, creating a cat-and-mouse game between law enforcement and criminals. Anti-money laundering (AML) is the collective term describing these tools, as well as financial regulations designed to combat money laundering. The detection of fraud is done through data analysis. Typically, the financial data is a large set of transactions between accounts. Transactions have a sender, receiver, and an amount that is transferred from sender to receiver. This can be represented by a directed graph where nodes represent accounts and edges transactions between accounts. Methods for finding fraudulent transactions in transactional graphs are widely studied in both literature and industry. This usually assumes a centralised entity with full access to the data. At an international scale, the centralised approach is not suitable. Besides its massive scale posing a challenge, it is hard to imagine a global agreement on what capabilities such an entity should have. At the same time, organisations sharing financial data for analysis raises privacy concerns. We limit our scope to transactional cycles. These typically occur when criminals send money through a series of international bank accounts back to the original account. This lowers the chance of the money being traced back to its illicit source. We propose a privacy-preserving decentralised protocol which takes as input a parameter $\ell$ from any node and outputs all cycles of at most length $\ell$ containing the node. The protocol relies on the decisional Diffie-Hellman assumption, and we show the protocol is secure against a polynomially bounded adversary within our security model. The communication complexity of an instance is $O(n^{\ell})$, multiple instances can be ran in parallel. We implement the protocol and measure its performance on scale free graphs in terms of communication and computational costs. Lastly, we discuss our results and suggestions for future work.