Abstract
Sharing Cyber Threat Intelligence (CTI) in the financial sector is critical but hindered by privacy, regulatory, and competitive concerns. This paper proposes a novel secure and anonymous CTI sharing protocol leveraging Multi-Key Homomorphic Encryption (MK-HE). The protocol allows heterogeneous financial institutions to encrypt their threat indicators (e.g., IP addresses, malware signatures, attack vectors) using their own public keys, aggregate them securely via an untrusted central relayer, and perform collaborative analysis without decrypting individual contributions. To guarantee anonymity, we integrate a decentralized threshold decryption mechanism and an anonymous routing layer. Security analysis demonstrates that the protocol achieves semantic security against semi-honest colluding adversaries. Experimental evaluations using a simulated network of 15 financial nodes show that joint threat correlation queries (such as intersection and frequency counting) can be executed within acceptable computational overheads, proving the feasibility of the protocol for real-world collaborative defense.