Ágnes Kiss,Jian Liu,Thomas Schneider,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1515/popets-2017-0044

2017-01-01

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Private set intersection (PSI) is a cryptographic technique that is applicable to many privacy-sensitive scenarios. For decades, researchers have been focusing on improving its efficiency in both communication and computation. However, most of the existing solutions are inefficient for an unequal number of inputs, which is common in conventional client-server settings. In this paper, we analyze and optimize the efficiency of existing PSI protocols to support precomputation so that they can efficiently deal with such input sets. We transform four existing PSI protocols into the precomputation form such that in the setup phase the communication is linear only in the size of the larger input set, while in the online phase the communication is linear in the size of the smaller input set. We implement all four protocols and run experiments between two PCs and between a PC and a smartphone and give a systematic comparison of their performance. Our experiments show that a protocol based on securely evaluating a garbled AES circuit achieves the fastest setup time by several orders of magnitudes, and the fastest online time in the PC setting where AES-NI acceleration is available. In the mobile setting, the fastest online time is achieved by a protocol based on the Diffie-Hellman assumption.

Lifei Wei,Jihai Liu,Lei Zhang,Qin Wang,Wuji Zhang,Xiansong Qian

DOI: https://doi.org/10.1016/j.csi.2023.103764

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:Private set intersection (PSI) has attracted the researchers and the developers both from academia and industry in cooperating the private data to achieve privacy preserving. Traditional PSI protocols allow the two participants with each private sets interactively calculating the intersection without revealing any additional information. Multi-party private set intersection (MP-PSI) is quite different from the conventional two-party PSI, which could not directly obtain from the two-party PSI, and become an emerging topic in collaborative data analytics from different private data owners. However, the most of the existing MP-PSI protocols always consider the small number of the participants with large set size and the performance drops with the increasing number of participants. In addition, the participants with small set size also bring the heavy communication and computation overhead. To overcome the above drawbacks, we propose two efficient MP-PSI protocols for large number of participants and small set size, and formally prove secure against collision attack in the semi-honest model and malicious model. The experiments show that when the participant number increases from 5 to 50 and the set size scales from 2 7 to 2 10 , our protocols are faster than the most efficient MP-PSI protocol. Thus, our MP-PSI protocols are considering to be practical solutions, which fit the scenarios in small set size with increasing participants.

computer science, software engineering, hardware & architecture

Shen Liyan,Chen Xiaojun,Shi Jinqiao,Hu Lanlan

DOI: https://doi.org/10.7544/issn1000-1239.2017.20170461

2017-01-01

Journal of Computer Research and Development

Abstract:The private set intersection (PSI) is a specific application problem that belongs to the field of secure multi-party computation .It not only has important theoretical significance but also has many application scenarios .In the era of big data ,the research on this problem is in accord with people's increasing privacy preserving demands at the same time to enjoy a variety of services . This paper briefly introduces the basic theory of secure multi-party computation , and highlights the two categories of current mainstream research methods of PSI under the framework of secure multi-party computation :the traditional PSI protocols based on the public key encryption mechanism ,garbled circuit ,oblivious transfer and the outsourced PSI protocols based on the untrusted third party service provider .Besides , we have briefly summarized the characteristic , applicability and complexity of those protocols .At the same time , the application scenarios of privacy preserving set intersection problem are also explained in detail ,which further reflects the practical research value of the problem . With the deep research on the PSI problem ,researchers have designed a set of private protocols that can quickly complete set intersection of millions of elements in the semi-honest model .

Hao Zhao,Wenqi Zhang,Xiong Li,Shuai Shang,Ke Huang,Xiaosong Zhang

DOI: https://doi.org/10.1109/cscwd61410.2024.10580653

2024-01-01

Abstract:Private set intersection cardinality (PSI-CA) can compute the intersection cardinality of sets held by two participants in a privacy-preserving manner, and it has a wide range of applications in life. Since the existing PSI-CA protocol is often difficult to apply in real life due to its high communication overhead and computational cost, we designed an efficient PSI-CA protocol based on technologies such as PRF and OKVS. The security analysis shows that our PSI-CA protocol is secure under the semi-honest security model and does not leak the private information of the participants. Extensive experiments and performance evaluation analysis show that our protocol is much more efficient than other related protocols in terms of communication and computation. Specifically, for the intersection cardinality computation of two sets both of size 2 20 , the running time (62.2s) of our PSI-CA protocol is only 3.3% (1854s) and 10.3% (601s) of other PSI-CA protocols, and the communication overhead of our PSI-CA protocol is 48.5% and 48.7% of related protocols.

Ping Zhang,Tengfei Ma,Qing Zhang,Ji Zhang,Jiechang Wang

DOI: https://doi.org/10.3390/app14020813

2024-01-01

Abstract:Private Set Intersection Cardinality (PSI-CA) and Private Set Union Cardinality (PSU-CA) are two cryptographic primitives whereby two or more parties are able to obtain the cardinalities of the intersection and the union of their respective private sets, and the privacy of their sets is preserved. In this paper, we propose a new privacy protection intersection cardinality protocol, which can quickly deal with set inequality and asymmetry problems and can obtain 100% correct results, and, in terms of efficiency, we are much faster than using the polynomial method. Our protocol adopts the Paillier addition homomorphic encryption scheme and applies the identifier guidance technology, using identifier determination, to the semi-homomorphic encryption ciphertext environment, excluding a large number of different options and quickly finding the base of the intersection of two sides.

Yuanhao Wang,Qiong Huang,Hongbo Li,Meiyan Xiao,Sha Ma,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2021.3101059

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Thanks to its convenience and cost-savings feature, cloud computing ushers a new era. Yet its security and privacy issues must not be neglected. Private set intersection (PSI) is useful and important in many cloud computing applications, such as document similarity, genetic paternity and data mining. The cloud server performs intersection operations on two outsourced encrypted datasets of data owners. In the existing protocols, however, data owners cannot decide whether to use all or part of their encrypted data to compute the intersection, nor can they specify whom to compare with. In this paper, we introduce an enhanced notion of outsourced PSI, called authorized PSI (APSI), which supports flexible authorization and cross-type authorized comparison of datasets. To demonstrate this notion, we propose a concrete APSI protocol, and prove it to be secure in the random oracle model based on simple number-theoretic assumptions. Experimental results show that our APSI protocol has performance comparable with existing related outsourced PSI protocols.

Liyao Xiong,Zoe L. Jiang,Yi Huang,Jianzong Wang,Jing Xiao,Weizhe Zhang,Xuan Wang

DOI: https://doi.org/10.1109/ICDIS55630.2022.00009

2022-01-01

Abstract:Private Set Intersection (PSI) is a protocol that allows two parties (sender and receiver) to communicate and calculate the intersection of their sets without revealing any other information about their sets. In a typical case, PSI protocol runs on the unbalanced setting where the size of one party's set far exceeds that of the other. In this paper, we focus on the scenario of the receiver having a more extensive set with more substantial arithmetic power, which is essential in disease close contact tracing. In contrast, most of the current work focuses on the opposite scenario. We propose a PSI protocol that can compute efficiently in the unbalanced setting, and the communication only increases with the size of the smaller set owned by the sender. Specifically, to implement the PSI protocol, we construct a functional encryption scheme for the equivalence testing function. Then use cuckoo hash to optimize the comparison operation between elements. The benchmarks show that the PSI protocol takes 46 seconds and 20MB communication cost to compute the intersection with 16 million elements in the receiver's set and 5,000 elements in the sender's set. It achieves 1.93 × reduction in communication cost and 2.57 × reduction in computation cost compared to prior work.

Guowei Ling,Fei Tang,Chaochao Cai,Jinyong Shan,Haiyang Xue,Wulu Li,Peng Tang,Xinyi Huang,Weidong Qiu

DOI: https://doi.org/10.1109/tifs.2023.3343973

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Private Set Intersection (PSI) protocols can securely compute the intersection of the private sets on the server and the client without revealing additional data. This work introduces the concept of Privacy-Preserving Feature Retrieved Private Set Intersection ((PFRPSI)-F-2). In (PFRPSI)-F-2 protocols, the client can obtain the intersection that satisfies a given predicate without revealing the predicate and additional data. We formally define the (PFRPSI)-F-2 protocol, including its inputs, outputs, functionality, and security. To achieve the privacy guarantee in (PFRPSI)-F-2 protocols, a new two-party protocol is designed, namely Secure Secret Shared Retrieval ((SR)-R-3), which can be used to securely determine whether each item on the server satisfies the predicate. We construct an (SR)-R-3 protocol and prove its security in the semi-honest model. On the basis of this, we design an efficient OT-based (PFRPSI)-F-2 protocol and an easy-to-implement DH-based (PFRPSI)-F-2 protocol and prove that they are secure in the semi-honest model. Our implementation shows that the OT-based (PFRPSI)-F-2 protocol can perform the matching for about 1000K items in 3.8 seconds with a single thread. Moreover, the DH-based (PFRPSI)-F-2 can perform the matching for about 7000K items in one hour with four threads, with communication totaling 1456 MB, while the OT-based (PFRPSI)-F-2 protocol requires 1673 MB.

Yuanyuan He,Xinyu Tan,Jianbing Ni,Laurence T. Yang,Xianjun Deng

DOI: https://doi.org/10.1109/tifs.2022.3207911

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Private Set Intersection (PSI) is typically used to achieve ID alignment with protection of IDs in the preparation phase of Vertical Federated Learning (VFL). However, existing PSI approaches are limited to protecting IDs that are outside the intersection of participants, and most ignore the sensitivity of intersection for a weak party in an asymmetrical ID alignment. Since the set size of the strong party is much greater than the weak party's in an asymmetrical federation, and the intersection usually accounts for a substantial part of the weak party set, the weak party's sensitive sample IDs would be severely compromised through sharing the intersection. To address this issue, we propose Differentially private PSI Cardinality and PSI (DPSI-CA, DPSI) protocols, which protect the intersection cardinality and sensitive IDs inside the intersection for the weak party, respectively. First, DPSI-CA encodes IDs in binary notation, and combines them with the GM encryption, to perform the ID-matchmaking by executing bitwise plaintext XOR. Then, the encrypted matching results are independently perturbed using randomized responses to produce differentially private outputs for PSI-CA, and its unbiased estimate is added to remove the deviation brought by the randomization. Furthermore, DPSI fuses Pseudo-Random Function (PRF)-based zero sharing, garbled Bloom filter, and Oblivious PRF (OPRF)-based shares reconstruction, to successfully reconstruct the shares corresponding to sampled IDs in the intersection. Meanwhile, a randomized response is used to sample the inputs and perturb the outputs of the OPRF-based shares reconstruction, producing a randomly sampled intersection for the weak party and differentially private intersection for the strong party. Finally, the privacy analysis shows that our protocols provide differential privacy for the weak party's sensitive sample IDs, and extensive experiment results illustrate the feasibility of the asymmetrical ID alignment involving millions of IDs.

Yizhao Zhu,Lanxiang Chen,Yi Mu

DOI: https://doi.org/10.1016/j.tcs.2024.114443

IF: 1.002

2024-02-15

Theoretical Computer Science

Abstract:We propose a novel two-party private set intersection (PSI) protocol, which achieves ideal and constant receiver-to-sender and linear sender-to-receiver communication overhead, linear computational complexity, along with receiver size-hiding and lightweight computation cost. In comparison with other PSI protocols, the proposed protocol is more practical as it does not require any fully homomorphic computation. We propose three variants to demonstrate efficiency optimization, size-hiding feature extension, and online/offline settings for real-world applications, respectively, to offer a practical control between security and efficiency. Finally, we prove that our proposed protocols are secure against malicious participants under our security model.

computer science, theory & methods

Guangshang Jiang,Hanlin Zhang,Jie Lin,Fanyu Kong,Leyun Yu

DOI: https://doi.org/10.1016/j.cose.2024.103822

IF: 5.105

2024-01-01

Computers & Security

Abstract:Private Set Intersection (PSI) has been applied in various fields, such as human genome research, advertising conversion rate analysis, etc. Traditional PSI has the drawback of requiring local devices to be constantly online and needing high storage capacity of the devices. To overcome these issues, many researchers have focused on delegating PSI computation to cloud servers. However, third-party clouds may bring many new challenges. One of the primary concerns is ensuring that the cloud server does not obtain sensitive data when the client outsources their dataset. Additionally, ensuring clients verify the correctness of the results is also a critical issue. In this paper, we propose the optimized verifiable delegated private set intersection protocol on outsourced private datasets (VO-PSI). Our protocol enables clients to verify the correctness of intersection with a negligible probability of incorrect results while being able to guarantee data privacy. Compared with previous research, the verifiability of the protocol has been dramatically improved. We analyze the security of the protocol under the malicious model and conduct experiments to evaluate its efficiency and feasibility.

Yu-Chi Chen,Kuan-Chun Huang

DOI: https://doi.org/10.1109/tifs.2023.3295941

IF: 7.231

2023-08-05

IEEE Transactions on Information Forensics and Security

Abstract:In the era of big data with an ever-increasing amount of data, the demand for data processing is increasing, and various computing service agreements have also been created. While data are widely used, data providers worry that their privacy will be infringed, so the security of the data has also received more attention. Private set intersection (PSI) allows two data-owning parties to jointly compute the intersection of private datasets. The party cannot obtain any other information except for the intersection results. However, Bloom filter (BF) is a naive solution that can be used to potentially obtain PSI, but the verifiability of using BF is usually a concern for effectiveness. Hence, garbled Bloom filter is indeed expected to overcome this concern in two-party setting. We aim for the outsourced scenario where there are many data-owning parties in distributed setting. These parties would like to jointly obtain the set intersection in a private manner supported by an outsourced cloud, and further to obtain data integration. The main challenges are that the previous solutions cannot be directly transformed into an outsourced scenario. In this paper, the proposed joint and effective privacy preserving outsourced set intersection and data integration protocols are called . They are generic constructions. We start by introducing a basic outsourced PSI protocol from the cryptographic building blocks and new BF and GBF techniques. Then, we modify the basic protocol and propose the full-fledged scheme to achieve an outsourced multi-party PSI protocol. Finally, we analyze the security and execution efficiency aspects to ensure usability.

computer science, theory & methods,engineering, electrical & electronic

Liyan Shen,Xiaojun Chen,Jinqiao Shi,Binxing Fang

DOI: https://doi.org/10.1109/icc.2019.8761417

2019-01-01

Abstract:Private set intersection (PSI) is a specific application problem in the field of secure multi-party computation. It allows the participants to compute set intersection collaboratively without learning any additional information about the sets. It is a building block for many real-world privacy-related applications. The state-of-the-art PSI protocol is mainly based on Random Oblivious Transfer (ROT) and cuckoo hash. It is efficient enough in computation but needs high communication cost and high network bandwidth. In this paper, we describe a novel PSI protocol based on ROT and balance hash under semi-honest adversary model. Experiments demonstrate that our protocol has better performance than the cuckoo hash based PSI at the expense of leaking a part of the indexes of hash bucket. We have proved that the impact of information leakage on security is almost negligible. In addition, for the purpose of reducing the communication overhead, we utilize cuckoo filter to optimize our protocol.

Benny Pinkas,Thomas Schneider,Michael Zohner

DOI: https://doi.org/10.1145/3154794

IF: 2.717

2018-02-24

ACM Transactions on Privacy and Security

Abstract:Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. It is one of the best studied applications of secure computation and many PSI protocols have been proposed. However, the variety of existing PSI protocols makes it difficult to identify the solution that performs best in a respective scenario, especially since they were not compared in the same setting. In addition, existing PSI protocols are several orders of magnitude slower than an insecure naïve hashing solution, which is used in practice. In this article, we review the progress made on PSI protocols and give an overview of existing protocols in various security models. We then focus on PSI protocols that are secure against semi-honest adversaries and take advantage of the most recent efficiency improvements in Oblivious Transfer (OT) extension, propose significant optimizations to previous PSI protocols, and suggest a new PSI protocol whose runtime is superior to that of existing protocols. We compare the performance of the protocols, both theoretically and experimentally, by implementing all protocols on the same platform, give recommendations on which protocol to use in a particular setting, and evaluate the progress on PSI protocols by comparing them to the currently employed insecure naïve hashing protocol. We demonstrate the feasibility of our new PSI protocol by processing two sets with a billion elements each.

computer science, information systems

Lei Luo,XiaoLei Dong,JiaChen Shen,ZhenFu Cao

DOI: https://doi.org/10.1117/12.2661220

2023-01-01

Abstract:Due to the storage and computing ability of cloud technology, many protocols are suitable for deployment on cloud servers. Private set intersection (PSI) is practical technology in data mining, similar document detection and so on. In some cloud-based IoT system and mobile devices have poor ability to calculate the intersection. In this scenario, we design a protocol make the part of the computing intersection execute on the cloud server, called Efficient-DPSI, which supports flexible parameters. Experimental results show that our Efficient-DPSI protocol is more efficient with existing related delegated PSI protocols.

Ruochen Wang,Jun Zhou,Zhenfu Cao,Xiaolei Dong,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tifs.2024.3461475

IF: 7.231

2024-09-27

IEEE Transactions on Information Forensics and Security

Abstract:Private set intersection (PSI) facilitates the computation of intersection between the private sets of two parties, ensuring that no additional information beyond the intersection itself is revealed. However, most state-of-the-art are limited to static PSI, leaving updatable PSI untouched. Existing PSI protocols will cost huge computational resources to compute intersection on updated sets. More seriously, none of the existing updatable PSI approaches can achieve both secure addition and deletion operations in once update. To address these challenges, we propose Forward Private Updatable PSI (FUPSI) for two-party setting. FUPSI is designed to support addition and deletion simultaneously, while ensuring forward privacy against semi-honest adversaries. In this work, we analyze the infeasibility of secure synchronous addition and deletion in the existing updatable PSI approaches, by presenting a practical attack which would lead to privacy leakages while deletion function is performed. Then, to resist this attack against semi-honest adversaries, we demonstrate how FUPSI can protect the forward privacy of user sets, by utilizing a variant of keyword Private Information Retrieval (PIR) to hide sensitive intermediate parameters. Specifically in FUPSI, two parties execute keyword PIR to retrieve a flag indicating that the current element is added or deleted so as to determine whether it is in the participants' datasets. Finally, we provide the formal security proof for our proposed FUPSI, and extensive experimental results demonstrate efficiency and the practicality of our proposal. For instance, the communication complexity of our proposal is only logarithmically related to the size of update sets and the computational overhead is mainly composed of logarithmical times PIR calculations. Owing to the variant of keyword PIR, our work also incurs minimal communication overhead even for enormous datasets, which performs well in updatable settings and slow networks.

computer science, theory & methods,engineering, electrical & electronic

Ruofan Li,Zhenfu Cao,Xiaolei Dong,Jiachen Shen,Yunbo Yang

DOI: https://doi.org/10.1109/ic-c62826.2024.00011

2024-01-01

Abstract:With the development of cloud service technology, more and more organizations are attracted by its convenience and cost-effectiveness. However, it raises substantial security concerns, particularly around the secure execution of SQL state-ments on outsourced platforms. This paper delves into private set intersection (PSI) with an emphasis on cardinality(PSI-CA). We aim to propose a novel PSI-CA scheme, a two-party PSI protocol without the homomorphic encryption method. A highlight of our contribution is the introduction of an innovative oblivious pseudo-random function (OPRF) designed to minimize computational and communication burdens.

Xuefei Cao,Hui. Li,Lanjun Dang,Yin Lin

DOI: https://doi.org/10.1016/j.csi.2016.08.004

2017-01-01

Abstract:Set intersection is a fundamental operation in data mining and cloud computing. In this paper, a protocol is proposed to determine the intersection between two datasets while preserving the privacy of each set. Malicious participants are considered and the misbehavior of participants is prevented. Our method is based on a combination of commutative encryption and hash-based commitments. Performance evaluation demonstrates the effectiveness of the protocol. Security discussion is given showing that the protocol provides data privacy, secure set intersection and tolerance to participants cheating.

Atsuko Miyaji,Kazuhisa Nakasho,Shohei Nishida

DOI: https://doi.org/10.1007/s10916-016-0657-4

IF: 4.92

2017-01-16

Journal of Medical Systems

Abstract:Medical data are often maintained by different organizations. However, detailed analyses sometimes require these datasets to be integrated without violating patient or commercial privacy. Multiparty Private Set Intersection (MPSI), which is an important privacy-preserving protocol, computes an intersection of multiple private datasets. This approach ensures that only designated parties can identify the intersection. In this paper, we propose a practical MPSI that satisfies the following requirements: The size of the datasets maintained by the different parties is independent of the others, and the computational complexity of the dataset held by each party is independent of the number of parties. Our MPSI is based on the use of an outsourcing provider, who has no knowledge of the data inputs or outputs. This reduces the computational complexity. The performance of the proposed MPSI is evaluated by implementing a prototype on a virtual private network to enable parallel computation in multiple threads. Our protocol is confirmed to be more efficient than comparable existing approaches.

health care sciences & services,medical informatics

Yunbo Yang,Xiaolei Dong,Zhenfu Cao,Jiachen Shen,Ruofan Li,Yihao Yang,Shangmin Dou

DOI: https://doi.org/10.1007/s11704-022-2269-0

IF: 2.6688

2024-01-01

Frontiers of Computer Science

Abstract:Multiparty private set intersection (PSI) allows several parties, each holding a set of elements, to jointly compute the intersection without leaking any additional information. With the development of cloud computing, PSI has a wide range of applications in privacy protection. However, it is complex to build an efficient and reliable scheme to protect user privacy.To address this issue, we propose EMPSI, an efficient PSI (with cardinality) protocol in a multiparty setting. EMPSI avoids using heavy cryptographic primitives (mainly rely on symmetric-key encryption) to achieve better performance. In addition, both PSI and PSI with the cardinality of EMPSI are secure against semi-honest adversaries and allow any number of colluding clients (at least one honest client). We also do experiments to compare EMPSI with some state-of-the-art works. The experimental results show that proposed EMPSI(-CA) has better performance and is scalable in the number of clients and the set size.