This work addresses critical security flaws in identity transformation mechanisms within OIDC-compliant privacy-preserving single sign-on (SSO), which enable IdP login tracking and cross-RP identity linkage. We establish, for the first time, a rigorous theoretical connection between identity transformation and oblivious pseudorandom functions (OPRFs). To formally capture SSO-specific privacy requirements, we propose a dedicated security model defining three core properties: key-identifier independence, RP specificity, and user identifiability. Based on this model, we construct the first OPRF-based identity transformation scheme and systematically characterize the OPRF variant requirements tailored to SSO. We formally verify that several existing OPRF protocols satisfy our model, thereby providing both a sound theoretical foundation and a practical, implementable paradigm for privacy-enhancing OIDC deployments.

OpenID Connect (OIDC) enables a user with commercial-off-the-shelf browsers to log into multiple websites, called relying parties (RPs), by her username and credential set up in another trusted web system, called the identity provider (IdP). Identity transformations are proposed in UppreSSO to provide OIDC-compatible SSO services, preventing both IdP-based login tracing and RP-based identity linkage. While security and privacy of SSO services in UppreSSO have been proved, several essential issues of this identity-transformation approach are not well studied. In this paper, we comprehensively investigate the approach as below. Firstly, several suggestions for the efficient integration of identity transformations in OIDC-compatible SSO are explained. Then, we uncover the relationship between identity-transformations in SSO and oblivious pseudo-random functions (OPRFs), and present two variations of the properties required for SSO security as well as the privacy requirements, to analyze existing OPRF protocols. Finally, new identity transformations different from those designed in UppreSSO, are constructed based on OPRFs, satisfying different variations of SSO security requirements. To the best of our knowledge, this is the first time to uncover the relationship between identity transformations in OIDC-compatible privacy-preserving SSO services and OPRFs, and prove the SSO-related properties (i.e., key-identifier freeness, RP designation and user identification) of OPRF protocols, in addition to the basic properties of correctness, obliviousness and pseudo-randomness.