Ágnes Kiss,Jian Liu,Thomas Schneider,N. Asokan,Benny Pinkas

DOI: https://doi.org/10.1515/popets-2017-0044

2017-01-01

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Private set intersection (PSI) is a cryptographic technique that is applicable to many privacy-sensitive scenarios. For decades, researchers have been focusing on improving its efficiency in both communication and computation. However, most of the existing solutions are inefficient for an unequal number of inputs, which is common in conventional client-server settings. In this paper, we analyze and optimize the efficiency of existing PSI protocols to support precomputation so that they can efficiently deal with such input sets. We transform four existing PSI protocols into the precomputation form such that in the setup phase the communication is linear only in the size of the larger input set, while in the online phase the communication is linear in the size of the smaller input set. We implement all four protocols and run experiments between two PCs and between a PC and a smartphone and give a systematic comparison of their performance. Our experiments show that a protocol based on securely evaluating a garbled AES circuit achieves the fastest setup time by several orders of magnitudes, and the fastest online time in the PC setting where AES-NI acceleration is available. In the mobile setting, the fastest online time is achieved by a protocol based on the Diffie-Hellman assumption.

Lifei Wei,Jihai Liu,Lei Zhang,Qin Wang,Wuji Zhang,Xiansong Qian

DOI: https://doi.org/10.1016/j.csi.2023.103764

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:Private set intersection (PSI) has attracted the researchers and the developers both from academia and industry in cooperating the private data to achieve privacy preserving. Traditional PSI protocols allow the two participants with each private sets interactively calculating the intersection without revealing any additional information. Multi-party private set intersection (MP-PSI) is quite different from the conventional two-party PSI, which could not directly obtain from the two-party PSI, and become an emerging topic in collaborative data analytics from different private data owners. However, the most of the existing MP-PSI protocols always consider the small number of the participants with large set size and the performance drops with the increasing number of participants. In addition, the participants with small set size also bring the heavy communication and computation overhead. To overcome the above drawbacks, we propose two efficient MP-PSI protocols for large number of participants and small set size, and formally prove secure against collision attack in the semi-honest model and malicious model. The experiments show that when the participant number increases from 5 to 50 and the set size scales from 2 7 to 2 10 , our protocols are faster than the most efficient MP-PSI protocol. Thus, our MP-PSI protocols are considering to be practical solutions, which fit the scenarios in small set size with increasing participants.

computer science, software engineering, hardware & architecture

Jiuheng Su,Zhili Chen,Xiaomin Yang

2024-01-23

Abstract:We present a new circuit-based protocol for multi-party private set intersection (PSI) that allows m parties to compute the intersection of their datasets without revealing any additional information about the items outside the intersection. Building upon the two-party Sort-Compare-Shuffle (SCS) protocol, we seamlessly extend it to a multi-party setting. Demonstrating its practicality through implementation, our protocol exhibits acceptable performance. Specifically, with 7 parties, each possessing a set size of 2^{12}, our protocol completes in just 19 seconds. Moreover, circuit-based protocols like ours have an advantage over using custom protocols to perform more complex computation. We substantiate this advantage by incorporating a module for calculating the Jaccard similarity metric of the private sets which can be used in the application domain of network traffic analysis for anomaly detection. This extension showcases the versatility of our protocol beyond set intersection computations, demonstrating its efficacy in preserving privacy while efficiently identifying abnormal patterns in network flow.

Cryptography and Security

Rasoul Akhavan Mahdavi,Nils Lukas,Faezeh Ebrahimianghazani,Thomas Humphries,Bailey Kacsmar,John Premkumar,Xinda Li,Simon Oya,Ehsan Amjadian,Florian Kerschbaum

2024-08-19

Abstract:Two parties with private data sets can find shared elements using a Private Set Intersection (PSI) protocol without revealing any information beyond the intersection. Circuit PSI protocols privately compute an arbitrary function of the intersection - such as its cardinality, and are often employed in an unbalanced setting where one party has more data than the other. Existing protocols are either computationally inefficient or require extensive server-client communication on the order of the larger set. We introduce Practically Efficient PSI or PEPSI, a non-interactive solution where only the client sends its encrypted data. PEPSI can process an intersection of 1024 client items with a million server items in under a second, using less than 5 MB of communication. Our work is over 4 orders of magnitude faster than an existing non-interactive circuit PSI protocol and requires only 10% of the communication. It is also up to 20 times faster than the work of Ion et al., which computes a limited set of functions and has communication costs proportional to the larger set. Our work is the first to demonstrate that non-interactive circuit PSI can be practically applied in an unbalanced setting.

Cryptography and Security

Jiuheng Su,Zhili Chen

DOI: https://doi.org/10.48550/arXiv.2309.07406

2023-09-14

Abstract:We propose a novel protocol for computing a circuit which implements the multi-party private set intersection functionality (PSI). Circuit-based approach has advantages over using custom protocols to achieve this task, since many applications of PSI do not require the computation of the intersection itself, but rather specific functional computations over the items in the intersection. Our protocol represents the pioneering circuit-based multi-party PSI protocol, which builds upon and optimizes the two-party SCS \cite{huang2012private} protocol. By using secure computation between two parties, our protocol sidesteps the complexities associated with multi-party interactions and demonstrates good scalability. In order to mitigate the high overhead associated with circuit-based constructions, we have further enhanced our protocol by utilizing simple hashing scheme and permutation-based hash functions. These tricks have enabled us to minimize circuit size by employing bucketing techniques while simultaneously attaining noteworthy reductions in both computation and communication expenses.

Cryptography and Security

Ziyuan Liang,Weiran Liu,Fan Zhang,Bingsheng Zhang,Jian Liu,Lei Zhang,Kui Ren

2020-01-01

Abstract:Private Set Intersection (PSI) is a specified protocol of secure Multi-Party Computation (MPC). PSI allows two parties to obtain the intersection of their private sets while nothing else is revealed. In contrast to the great demand for PSI in real-world applications, there is still no evaluation results of different general practical PSI framework. Most existing PSI implmentations are based on C/C++, which also makes them hard to compute in parallel. In this paper, we propose a generic Java-based PSI framework and implement all up-to-date OT-based PSI protocols within the framework until now. We evaluate these OT-based PSI protocols and the dependent cryptographic primitives and provide the best combination of primitives for constructing a best-performed OT-based PSI from the ground up. Additional optimizations are also applied to the protocols in our framework, including both generic and custom-tailored ones. We adopt filters to significantly reduce the communication of OT-based PSI protocols. The implementations in our framework support concurrence by using the natural feature of Java, which avoids to manurally allocate threads when using C/C++. We believe that our framework benefits a lot for future MPC and PSI researches and helps the promotion of PSI-based applications.

Benny Pinkas,Thomas Schneider,Michael Zohner

DOI: https://doi.org/10.1145/3154794

IF: 2.717

2018-02-24

ACM Transactions on Privacy and Security

Abstract:Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. It is one of the best studied applications of secure computation and many PSI protocols have been proposed. However, the variety of existing PSI protocols makes it difficult to identify the solution that performs best in a respective scenario, especially since they were not compared in the same setting. In addition, existing PSI protocols are several orders of magnitude slower than an insecure naïve hashing solution, which is used in practice. In this article, we review the progress made on PSI protocols and give an overview of existing protocols in various security models. We then focus on PSI protocols that are secure against semi-honest adversaries and take advantage of the most recent efficiency improvements in Oblivious Transfer (OT) extension, propose significant optimizations to previous PSI protocols, and suggest a new PSI protocol whose runtime is superior to that of existing protocols. We compare the performance of the protocols, both theoretically and experimentally, by implementing all protocols on the same platform, give recommendations on which protocol to use in a particular setting, and evaluate the progress on PSI protocols by comparing them to the currently employed insecure naïve hashing protocol. We demonstrate the feasibility of our new PSI protocol by processing two sets with a billion elements each.

computer science, information systems

Yizhao Zhu,Lanxiang Chen,Yi Mu

DOI: https://doi.org/10.1016/j.tcs.2024.114443

IF: 1.002

2024-02-15

Theoretical Computer Science

Abstract:We propose a novel two-party private set intersection (PSI) protocol, which achieves ideal and constant receiver-to-sender and linear sender-to-receiver communication overhead, linear computational complexity, along with receiver size-hiding and lightweight computation cost. In comparison with other PSI protocols, the proposed protocol is more practical as it does not require any fully homomorphic computation. We propose three variants to demonstrate efficiency optimization, size-hiding feature extension, and online/offline settings for real-world applications, respectively, to offer a practical control between security and efficiency. Finally, we prove that our proposed protocols are secure against malicious participants under our security model.

computer science, theory & methods

Ziyu Niu,Hao Wang,Zhi Li,Xiangfu Song

DOI: https://doi.org/10.1002/int.22420

IF: 8.993

2021-03-28

International Journal of Intelligent Systems

Abstract:<p>With the rapid development of Internet and the widespread application of distributed computing, people enjoy various conveniences while at the same time their privacy has also been threatened. Secure multiparty computation (MPC) can solve the problem of how data owners who do not trust each other jointly compute in distributed scenarios. Using MPC technique, people can not only realize data joint computing, but also ensure data privacy. In most data application scenarios, private data held by different parties can often be represented by sets. To complete the relevant statistical computations of the intersection of two private sets, we propose a suite of protocols based on MPC. These protocols can compute the statistical functions of the associated data of the intersection, including cardinality, sum, average, variance, range, and so forth, without revealing any additional information other than the result. To achieve these functions, we design a private membership test protocol with the result as the arithmetic sharing value, called the arithmetic shared private membership test (ASPMT) protocol. On the basis of the ASPMT protocol, the size and other statistics of the intersection can be computed securely and efficiently. All fundamental computations are constructed based on secret sharing and oblivious transfer techniques. Thanks to the use of precomputation technique, all protocols are highly efficient.</p>

computer science, artificial intelligence

Xinpeng Yang,Liang Cai,Yinghao Wang,Keting Yin,Lu Sun,Jingwei Hu

DOI: https://doi.org/10.1145/3634737.3657001

2024-01-01

Abstract:Multiparty private set intersection (mPSI) protocol is capable of finding the intersection of multiple sets securely without revealing any other information. However, its limitation lies in processing only those elements present in every participant's set, which proves inadequate in scenarios where certain elements are common to several, but not all, sets. In this paper, we introduce an innovative variant of the mPSI protocol named unbalanced quorum PSI to fill in the gaps of the mPSI protocol. Unlike the previous quorum-PSI proposals which detect elements present in at least.. out of.. equal sets, our protocol is particularly tailored for unbalanced cases where the size of the receiver's set is much smaller than the size of the senders' sets. Our work achieves logarithmic communication complexity in the semihonest setting, significantly surpassing previous work in efficiency. The benchmarks show that it takes 22.7 seconds in WAN and 14.7 seconds in LAN for online computation, and only 87.8 MB of total communication to intersect 5535 elements across 15 sets, each containing 2(24) elements. Compared to prior work, this is roughly an 87x reduction in communication and a 31x reduction in online time. Our protocols can be easily extended to the larger set with 228 elements which is nearly impractical for prior work.

You Chen,Ning Ding,Dawu Gu,Yang Bian

DOI: https://doi.org/10.3233/jcs-230091

2024-04-04

Journal of Computer Security

Abstract:Private set intersection cardinality (PSI-CA) and private intersection-sum with cardinality (PSI-CA-sum) are two primitives that enable data owners to learn the intersection cardinality of their data sets, with the difference that PSI-CA-sum additionally outputs the sum of the associated integer values of all the data that belongs to the intersection (i.e., intersection-sum). However, to the best of our knowledge, all existing multi-party PSI-CA (MPSI-CA) protocols are either limited by high computational cost or face security challenges under arbitrary collusion. As for multi-party PSI-CA-sum (MPSI-CA-sum), there is even no formalization for this notion at present, not to mention secure constructions for it. In this paper, we first present an efficient MPSI-CA protocol with two non-colluding parties. This protocol significantly decreases the number of parties involved in expensive interactive procedures, leading to a significant enhancement in runtime efficiency. Our numeric results demonstrate that the running time of this protocol is merely one-quarter of the time required by our proposed MPSI-CA protocol that is secure against arbitrary collusion. Therefore, in scenarios where performance is a priority, this protocol stands out as an excellent choice. Second, we successfully construct the first MPSI-CA protocol that achieves simultaneous practicality and security against arbitrary collusion. Additionally, we also conduct implementation to verify its practicality (while the previous results under arbitrary collusion only present theoretical analysis of performance, lacking real implementation). Numeric results show that by shifting the costly operations to an offline phase, the online computation can be completed in just 12.805 seconds, even in the dishonest majority setting, where 15 parties each hold a set of size 2 16 . Third, we formalize the concept of MPSI-CA-sum and present the first realization that ensures simultaneous practicality and security against arbitrary collusion. The computational complexity of this protocol is roughly twice that of our MPSI-CA protocol. Besides the main results, we introduce the concepts and efficient constructions of two novel building blocks: multi-party secret-shared shuffle and multi-party oblivious zero-sum check, which may be of independent interest.

Jingyu Ning,Zhenhua Tan,Kaibing Zhang,Weizhong Ye

DOI: https://doi.org/10.1049/2024/6052651

2024-02-17

IET Information Security

Abstract:Two-party private set intersection (PSI) plays a pivotal role in secure two-party computation protocols. The communication cost in a PSI protocol is normally influenced by the sizes of the participating parties. However, for parties with unbalanced sets, the communication costs of existing protocols mainly depend on the size of the larger set, leading to high communication cost. In this paper, we propose a low communication-cost PSI protocol designed specifically for unbalanced two-party private sets, aiming to enhance the efficiency of communication. For each item in the smaller set, the receiver queries whether it belongs to the larger set, such that the communication cost depends solely on the smaller set. The queries are implemented by private information retrieval which is constructed with trapdoor hash function. Our investigation indicates that in each instance of invoking the trapdoor hash function, the receiver is required to transmit both a hash key and an encoding key to the sender, thus incurring significant communication cost. In order to address this concern, we propose the utilization of a seed hash key, a seed encoding key, and a Latin square. By employing these components, the sender can autonomously generate all the necessary hash keys and encoding keys, obviating the multiple transmissions of such keys. The proposed protocol is provably secure against a semihonest adversary under the Decisional Diffie–Hellman assumption. Through implementation demonstration, we showcase that when the sizes of the two sets are 2 8 and 2 14 , the communication cost of our protocol is only 3.3% of the state-of-the-art protocol and under 100 Kbps bandwidth, we achieve 1.46x speedup compared to the state-of-the-art protocol. Our source code is available on GitHub: https://github.com/TAN-OpenLab/Unbanlanced-PSI.

computer science, information systems, theory & methods

Zhusheng Wang,Karim Banawan,Sennur Ulukus

DOI: https://doi.org/10.1109/tit.2021.3125006

IF: 2.5

2022-03-01

IEEE Transactions on Information Theory

Abstract:We study the problem of private set intersection (PSI). In this problem, there are two entities $E_{i}$ , for $i=1, 2$ , each storing a set $\mathcal {P}_{i}$ , whose elements are picked from a finite set $\mathbb {S}_{K}$ , on $N_{i}$ replicated and non-colluding databases. It is required to determine the set intersection ${\mathcal {P}}_{1} \cap {\mathcal {P}} _{2}$ without leaking any information about the remaining elements to the other entity, and to do this with the least amount of downloaded bits. We first show that the PSI problem can be recast as a multi-message symmetric private information retrieval (MM-SPIR) problem with certain added restrictions. Next, as a stand-alone result, we derive the information-theoretic sum capacity of MM-SPIR, $C_{MM-SPIR}$ . We show that with $K$ messages, $N$ databases, and a given size of the desired message set $P$ , the exact capacity of MM-SPIR is $C_{MM-SPIR} = 1 - \frac {1}{N}$ when $P \leq K-1$ , provided that the entropy of the common randomness $S$ satisfies $H(S) \geq \frac {P}{N-1}$ per desired symbol. When $P = K$ , the MM-SPIR capacity is trivially 1 without the need for any common randomness $S$ . This result implies that there is no gain for MM-SPIR over successive single-message SPIR (SM-SPIR). For the MM-SPIR problem, we present a novel capacity-achieving scheme which builds seamlessly over the near-optimal scheme of Banawan-Ulukus originally proposed for the multi-message PIR (MM-PIR) problem without any database privacy constraints. Surprisingly, our scheme here is exactly optimal for the MM-SPIR problem for any $P$ , in contrast to the scheme for the MM-PIR problem, which was proved only to be near-optimal. Our scheme is an alternative to the successive usage of the SM-SPIR scheme of Sun-Jafar. Based on this capacity result for the MM-SPIR problem, and after addressing the added requirements in its conversion to the PSI problem, we show that the optimal download cost for the PSI problem is given by $\min \left \{{\left \lceil{ \frac {P_{1} N_{2}}{N_{2}-1}}\right \rceil, \left \lceil{ \frac {P_{2} N_{1}}{N_{1}-1}}\right \rceil }\right \}$ , where $P_{i}$ is the cardinality of set ${\mathcal {P}}_{i}$ .

computer science, information systems,engineering, electrical & electronic

Ruochen Wang,Jun Zhou,Zhenfu Cao,Xiaolei Dong,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tifs.2024.3461475

IF: 7.231

2024-09-27

IEEE Transactions on Information Forensics and Security

Abstract:Private set intersection (PSI) facilitates the computation of intersection between the private sets of two parties, ensuring that no additional information beyond the intersection itself is revealed. However, most state-of-the-art are limited to static PSI, leaving updatable PSI untouched. Existing PSI protocols will cost huge computational resources to compute intersection on updated sets. More seriously, none of the existing updatable PSI approaches can achieve both secure addition and deletion operations in once update. To address these challenges, we propose Forward Private Updatable PSI (FUPSI) for two-party setting. FUPSI is designed to support addition and deletion simultaneously, while ensuring forward privacy against semi-honest adversaries. In this work, we analyze the infeasibility of secure synchronous addition and deletion in the existing updatable PSI approaches, by presenting a practical attack which would lead to privacy leakages while deletion function is performed. Then, to resist this attack against semi-honest adversaries, we demonstrate how FUPSI can protect the forward privacy of user sets, by utilizing a variant of keyword Private Information Retrieval (PIR) to hide sensitive intermediate parameters. Specifically in FUPSI, two parties execute keyword PIR to retrieve a flag indicating that the current element is added or deleted so as to determine whether it is in the participants' datasets. Finally, we provide the formal security proof for our proposed FUPSI, and extensive experimental results demonstrate efficiency and the practicality of our proposal. For instance, the communication complexity of our proposal is only logarithmically related to the size of update sets and the computational overhead is mainly composed of logarithmical times PIR calculations. Owing to the variant of keyword PIR, our work also incurs minimal communication overhead even for enormous datasets, which performs well in updatable settings and slow networks.

computer science, theory & methods,engineering, electrical & electronic

Minglang Dong,Yu Chen,Cong Zhang,Yujie Bai

2024-07-01

Abstract:Multi-party private set union (MPSU) protocol enables $m$ $(m > 2)$ parties, each holding a set, to collectively compute the union of their sets without revealing any additional information to other parties. There are two main categories of MPSU protocols: The first builds on public-key techniques. All existing works in this category involve a super-linear number of public-key operations, resulting in poor practical efficiency. The second builds on oblivious transfer and symmetric-key techniques. The only existing work in this category is proposed by Liu and Gao (ASIACRYPT 2023), which features the best concrete performance among all existing protocols, despite its super-linear computation and communication. Unfortunately, it does not achieve the standard semi-honest security, as it inherently relies on a non-collusion assumption, which is unlikely to hold in practice. Therefore, the problem of constructing a practical MPSU protocol based on oblivious transfer and symmetric-key techniques in standard semi-honest model remains open. Furthermore, there is no MPSU protocol achieving both linear computation and linear communication complexity, which leaves another unresolved problem. In this work, we resolve these two open problems. We propose the first MPSU protocol based on oblivious transfer and symmetric-key techniques in the standard semi-honest model. This protocol is $4.9-9.3 \times$ faster than Liu and Gao in the LAN setting. Concretely, our protocol requires only $3.6$ seconds in online phase for 3 parties with sets of $2^{20}$ items each. We propose the first MPSU protocol achieving both linear computation and linear communication complexity, based on public-key operations. This protocol has the lowest overall communication costs and shows a factor of $3.0-36.5\times$ improvement in terms of overall communication compared to Liu and Gao.

Cryptography and Security

Yuanhao Wang,Qiong Huang,Hongbo Li,Meiyan Xiao,Sha Ma,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2021.3101059

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Thanks to its convenience and cost-savings feature, cloud computing ushers a new era. Yet its security and privacy issues must not be neglected. Private set intersection (PSI) is useful and important in many cloud computing applications, such as document similarity, genetic paternity and data mining. The cloud server performs intersection operations on two outsourced encrypted datasets of data owners. In the existing protocols, however, data owners cannot decide whether to use all or part of their encrypted data to compute the intersection, nor can they specify whom to compare with. In this paper, we introduce an enhanced notion of outsourced PSI, called authorized PSI (APSI), which supports flexible authorization and cross-type authorized comparison of datasets. To demonstrate this notion, we propose a concrete APSI protocol, and prove it to be secure in the random oracle model based on simple number-theoretic assumptions. Experimental results show that our APSI protocol has performance comparable with existing related outsourced PSI protocols.

Zi-Xian Li,Wen-Jie Liu,Bing-Mei Su

DOI: https://doi.org/10.1140/epjqt/s40507-024-00268-4

IF: 6.9997

2024-09-12

EPJ Quantum Technology

Abstract:Private set intersection (PSI) has important application value, however, current quantum PSI protocols are either unsuitable for multi-party scenarios or inefficient. Recently, Imran (arXiv:2303.17196v3, 2023) proposed two quantum secure multi-party greatest common divisor (GCD) protocols that can be used for PSI, but with the downside of information leakage and resource consumption. In this paper, we propose a novel quantum secure multi-party GCD protocol that has higher security and lower complexity. To hide privacy, each party randomly selects a coefficient within a range determined by his input integer, and with the assistance of a semi-honest third party TP, all parties secretly calculate the linear combination of their inputs under these coefficients. Once enough linear combinations are collected, TP calculates the GCD of these combinations, which is equal to the GCD of all input integers. To verify the honesty of participants, a quantum zero-knowledge proof sub-protocol is designed. Analysis shows that our GCD protocol is correct and has security against malicious attacks. Moreover, its complexity is polynomial level and lower than Imran's. Furthermore, we demonstrate the scalability of our GCD protocol in private set operations, such as private set intersection, private set intersection cardinality, private multi-set intersection, etc.

optics,physics, atomic, molecular & chemical,quantum science & technology

Quanyu Zhao,Bingbing Jiang,Yuan Zhang,Heng Wang,Yunlong Mao,Sheng Zhong

DOI: https://doi.org/10.1007/s11432-022-3717-9

2024-02-09

Science China Information Sciences

Abstract:The private set intersection (PSI) protocol allows two parties holding a set of integers to compute the intersection of their sets without revealing any additional information to each other. The unbalanced PSI schemes consider a specific setting where a client holds a small set of the size n and a server holds a much larger set of the size m ( n ≪ m ). The communication overhead of state-of-the-art balanced PSI schemes is O ( m + n ) and the unbalanced PSI schemes are O ( n log m ). In this paper, we propose a novel secure unbalanced PSI protocol based on a hash proof system. The communication complexity of our protocol grows only linearly with the size of the small set. In other words, our protocol achieves communication overhead of O ( n ). We test the performance on a personal computer (PC) machine with a local area network (LAN) setting for the network. The experimental results demonstrate that the client only takes 2.01 s of online computation, 4.27 MB of round trip communication to intersect 1600 pieces of 32-bit integers with 2 20 pieces of 32-bit integers with the security parameter λ = 512. Our protocol is efficient and can be applied to resource-constrained devices, such as cell phones.

computer science, information systems,engineering, electrical & electronic

Yu-Chi Chen,Kuan-Chun Huang

DOI: https://doi.org/10.1109/tifs.2023.3295941

IF: 7.231

2023-08-05

IEEE Transactions on Information Forensics and Security

Abstract:In the era of big data with an ever-increasing amount of data, the demand for data processing is increasing, and various computing service agreements have also been created. While data are widely used, data providers worry that their privacy will be infringed, so the security of the data has also received more attention. Private set intersection (PSI) allows two data-owning parties to jointly compute the intersection of private datasets. The party cannot obtain any other information except for the intersection results. However, Bloom filter (BF) is a naive solution that can be used to potentially obtain PSI, but the verifiability of using BF is usually a concern for effectiveness. Hence, garbled Bloom filter is indeed expected to overcome this concern in two-party setting. We aim for the outsourced scenario where there are many data-owning parties in distributed setting. These parties would like to jointly obtain the set intersection in a private manner supported by an outsourced cloud, and further to obtain data integration. The main challenges are that the previous solutions cannot be directly transformed into an outsourced scenario. In this paper, the proposed joint and effective privacy preserving outsourced set intersection and data integration protocols are called . They are generic constructions. We start by introducing a basic outsourced PSI protocol from the cryptographic building blocks and new BF and GBF techniques. Then, we modify the basic protocol and propose the full-fledged scheme to achieve an outsourced multi-party PSI protocol. Finally, we analyze the security and execution efficiency aspects to ensure usability.

computer science, theory & methods,engineering, electrical & electronic

Aydin Abadi

2024-04-26

Abstract:In Private Set Intersection protocols (PSIs), a non-empty result always reveals something about the private input sets of the parties. Moreover, in various variants of PSI, not all parties necessarily receive or are interested in the result. Nevertheless, to date, the literature has assumed that those parties who do not receive or are not interested in the result still contribute their private input sets to the PSI for free, although doing so would cost them their privacy. In this work, for the first time, we propose a multi-party PSI, called "Anesidora", that rewards parties who contribute their private input sets to the protocol. Anesidora is efficient; it mainly relies on symmetric key primitives and its computation and communication complexities are linear with the number of parties and set cardinality. It remains secure even if the majority of parties are corrupted by active colluding adversaries.

Cryptography and Security