This work addresses the privacy risks humanitarian organizations face when deduplicating beneficiary data across institutions. To this end, we propose and implement xDup, the first efficient privacy-preserving deduplication system tailored to real-world relief scenarios. Built upon fuzzy private set intersection (Fuzzy PSI), xDup identifies duplicate individuals without revealing their sensitive raw information. We introduce otFPSI, a novel Fuzzy PSI protocol designed for Hamming space that requires no assumptions about input distributions and integrates secure multiparty computation with cryptographic optimizations to achieve substantial performance gains. Experimental results demonstrate that xDup outperforms existing solutions by two orders of magnitude in speed while providing strong privacy guarantees, practicality, and scalability for deployment in operational humanitarian settings.

Humanitarian organizations help to ensure people's livelihoods in crisis situations. Typically, multiple organizations operate in the same region. To ensure that the limited budget of these organizations can help as many people as possible, organizations perform cross-organizational deduplication to detect duplicate registrations and ensure recipients receive aid from at most one organization. Current deduplication approaches risk privacy harm to vulnerable aid recipients by sharing their data with other organizations. We analyzed the needs of humanitarian organizations to identify the requirements for privacy-friendly cross-organizational deduplication fit for real-life humanitarian missions. We present xDup, a new practical deduplication system that meets the requirements of humanitarian organizations and is two orders of magnitude faster than current solutions. xDup builds on Fuzzy PSI, and we present otFPSI, a concretely efficient Fuzzy PSI protocol for Hamming Space without input assumptions. We show that it is more efficient than existing Fuzzy PSI protocols.