Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?

Cryptographic protocols for Private Set Intersection (PSI) are the basis for many important privacy-preserving applications. Over the past few years, intensive research has been devoted to designing custom protocols for PSI based on homomorphic encryption and other public-key techniques, apparently due to the belief that solutions using generic approaches would be impractical. This paper explores the validity of that belief. We develop three classes of protocols targeted to different set sizes and domains, all based on Yao’s generic garbled-circuit method. We then compare the performance of our protocols to the fastest custom PSI protocols in the literature. Our results show that a careful application of garbled circuits leads to solutions that can run on million-element sets on typical desktops, and that can be competitive with the fastest custom protocols. Moreover, generic protocols like ours can be used directly for performing more complex secure computations, something we demonstrate by adding a simple information-auditing mechanism to our PSI protocols.

[1]  A. Mullin,et al.  Mathematical Theory of Connecting Networks and Telephone Traffic. , 1966 .

[2]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[3]  Abraham Waksman,et al.  A Permutation Network , 1968, JACM.

[4]  János Komlós,et al.  An 0(n log n) sorting network , 1983, STOC.

[5]  E. Szemerédi,et al.  O(n LOG n) SORTING NETWORK. , 1983 .

[6]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[7]  B. Beauquier,et al.  On Arbitrary Waksman Networks and their Vulnerability , 1999 .

[8]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[9]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[10]  Bruno Beauquier,et al.  On Arbitrary Size Waksman Networks and Their Vulnerability , 2002, Parallel Process. Lett..

[11]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[12]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[13]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[14]  Benny Pinkas,et al.  Fairplay - Secure Two-Party Computation System (Awarded Best Student Paper!) , 2004 .

[15]  Dawn Xiaodong Song,et al.  Privacy-Preserving Set Operations , 2005, CRYPTO.

[16]  Vitaly Shmatikov,et al.  Efficient Two-Party Secure Computation on Committed Inputs , 2007, EUROCRYPT.

[17]  Vladimir Kolesnikov,et al.  A Practical Universal Circuit Construction and Secure Evaluation of Private Functions , 2008, Financial Cryptography.

[18]  Vladimir Kolesnikov,et al.  Improved Garbled Circuit: Free XOR Gates and Applications , 2008, ICALP.

[19]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[20]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[21]  Vitaly Shmatikov,et al.  Towards Practical Privacy for Genomic Computation , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[22]  Yehuda Lindell,et al.  Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries , 2008, SCN.

[23]  Yehuda Lindell,et al.  Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries , 2008, Journal of Cryptology.

[24]  Ahmad-Reza Sadeghi,et al.  Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima , 2009, IACR Cryptol. ePrint Arch..

[25]  Benny Pinkas,et al.  Secure Two-Party Computation is Practical , 2009, IACR Cryptol. ePrint Arch..

[26]  Jan Camenisch,et al.  Private Intersection of Certified Sets , 2009, Financial Cryptography.

[27]  Xiaomin Liu,et al.  Fast Secure Computation of Set Intersection , 2010, SCN.

[28]  Benny Pinkas,et al.  SCiFI - A System for Secure Face Identification , 2010, 2010 IEEE Symposium on Security and Privacy.

[29]  Ahmad-Reza Sadeghi,et al.  TASTY: tool for automating secure two-party computations , 2010, CCS '10.

[30]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Complexity , 2010, Financial Cryptography.

[31]  Emiliano De Cristofaro,et al.  Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model , 2010, ASIACRYPT.

[32]  Michael T. Goodrich,et al.  Randomized Shellsort: a simple oblivious sorting algorithm , 2009, SODA '10.

[33]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[34]  Abhi Shelat,et al.  Two-Output Secure Computation with Malicious Adversaries , 2011, EUROCRYPT.

[35]  Lior Malka,et al.  VMCrypt: modular software architecture for scalable secure computation , 2011, CCS '11.

[36]  Yehuda Lindell,et al.  Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer , 2011, Journal of Cryptology.

[37]  Carmit Hazay,et al.  Efficient Set Operations in the Presence of Malicious Adversaries , 2010, Journal of Cryptology.

[38]  Kristján Valur Jónsson,et al.  Secure Multi-Party Sorting and Applications , 2011, IACR Cryptol. ePrint Arch..

[39]  Moti Yung,et al.  Efficient robust private set intersection , 2012, Int. J. Appl. Cryptogr..

[40]  Emmanuel Aroms NIST Special Publication 800-55 Rev1 Security Metrics Guide for Information Technology Systems , 2012 .

[41]  Christoph Böhm,et al.  The Basic Applications , 2013 .

[42]  E. Kushilevitz Foundations of Cryptography Foundations of Cryptography , 2014 .

[43]  Yehuda Lindell,et al.  An Efficient Protocol for Secure Two-Party Computation in the Presence of Malicious Adversaries , 2007, Journal of Cryptology.