Private Set Operations from Oblivious Switching

Private set intersection reveals the intersection of two private sets, but many real-world applications require the parties to learn only partial information about the intersection. In this paper we introduce a new approach for computing arbitrary functions of the intersection, provided that it is safe to also reveal the cardinality of the intersection. In the most general case, our new protocol provides the participants with secret shares of the intersection, which can be fed into any generic 2PC protocol. Certain computations on the intersection can also be done even more directly and efficiently, avoiding this secret-sharing step. These cases include computing only the cardinality of intersection, or the “cardinality-sum” application proposed in Ion et al. (ePrint 2017). Compared to the state-of-the-art protocol for computing on intersection (Pinkas et al., Eurocrypt 2019), our protocol has about 2.5 − 3× less communication, and has faster running time on slower (50Mbps) networks. Our new techniques can also be used to privately compute the union of two sets as easily as computing the intersection. Our protocol concretely improves the leading private set union protocol (Kolesnikov et al., Asiacrypt 2020) by a factor of 2 − 2.5×, depending on the network speed. We then show how private set union can be used in a simple way to realize the “Private-ID” functionality suggested by Buddhavarapu et al. (ePrint 2020). Our protocol is significantly faster than the prior Private-ID protocol, especially on fast networks. All of our protocols are in the two-party setting and are secure against semi-honest adversaries.

[1]  Rolf Egert,et al.  Privately Computing Set-Union and Set-Intersection Cardinality via Bloom Filters , 2015, ACISP.

[2]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[3]  Changyu Dong,et al.  When private set intersection meets big data: an efficient and scalable protocol , 2013, CCS.

[4]  Tad Hogg,et al.  Enhancing privacy and trust in electronic communities , 1999, EC '99.

[5]  Moti Yung,et al.  Two-Sided Malicious Security for Private Intersection-Sum with Cardinality , 2020, IACR Cryptol. ePrint Arch..

[6]  Benny Pinkas,et al.  Faster Private Set Intersection Based on OT Extension , 2014, USENIX Security Symposium.

[7]  Vladimir Kolesnikov,et al.  Efficient Batched Oblivious PRF with Applications to Private Set Intersection , 2016, CCS.

[8]  Payman Mohassel,et al.  How to Hide Circuits in MPC: An Efficient Framework for Private Function Evaluation , 2013, IACR Cryptol. ePrint Arch..

[9]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[10]  Marina Blanton,et al.  Private and oblivious set and multiset operations , 2012, ASIACCS '12.

[11]  Vladimir Kolesnikov,et al.  Scalable Private Set Union from Symmetric-Key Techniques , 2019, IACR Cryptol. ePrint Arch..

[12]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[13]  Yehuda Lindell,et al.  More efficient oblivious transfer and extensions for faster secure computation , 2013, CCS.

[14]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators: Silent OT Extension and More , 2019, IACR Cryptol. ePrint Arch..

[15]  Benny Pinkas,et al.  Efficient Set Intersection with Simulation-Based Security , 2014, Journal of Cryptology.

[16]  Peter Rindal,et al.  Malicious-Secure Private Set Intersection via Dual Execution , 2017, CCS.

[17]  Benny Pinkas,et al.  Efficient Circuit-based PSI via Cuckoo Hashing , 2018, IACR Cryptol. ePrint Arch..

[18]  Catherine A. Meadows,et al.  A More Efficient Cryptographic Matchmaking Protocol for Use in the Absence of a Continuously Available Third Party , 1986, 1986 IEEE Symposium on Security and Privacy.

[19]  Ratna Dutta,et al.  Secure and Efficient Private Set Intersection Cardinality Using Bloom Filter , 2015, ISC.

[20]  Benny Pinkas,et al.  Efficient Circuit-based PSI with Linear Communication , 2019, IACR Cryptol. ePrint Arch..

[21]  Vladimir Kolesnikov,et al.  Improved OT Extension for Transferring Short Secrets , 2013, CRYPTO.

[22]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[23]  Claudio Orlandi,et al.  Combining Private Set-Intersection with Secure Two-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[24]  Dawn Xiaodong Song,et al.  Privacy-Preserving Set Operations , 2005, CRYPTO.

[25]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Complexity , 2010, Financial Cryptography.

[26]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[27]  Benny Pinkas,et al.  PSI from PaXoS: Fast, Malicious Private Set Intersection , 2020, IACR Cryptol. ePrint Arch..

[28]  Jan Camenisch,et al.  Private Intersection of Certified Sets , 2009, Financial Cryptography.

[29]  Payman Mohassel,et al.  Private Matching for Compute , 2020, IACR Cryptol. ePrint Arch..

[30]  Emiliano De Cristofaro,et al.  Fast and Private Computation of Cardinality of Set Intersection and Union , 2012, CANS.

[31]  Benny Pinkas,et al.  SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension , 2019, IACR Cryptol. ePrint Arch..

[32]  Chris Clifton,et al.  Secure set intersection cardinality with application to association rule mining , 2005, J. Comput. Secur..

[33]  Yuval Ishai,et al.  Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[34]  Rami G. Melhem,et al.  Arbitrary Size Benes Networks , 1997, Parallel Process. Lett..

[35]  Emiliano De Cristofaro,et al.  Experimenting with Fast Private Set Intersection , 2012, TRUST.

[36]  Melissa Chase,et al.  Private Set Intersection in the Internet Setting From Lightweight Oblivious PRF , 2020, IACR Cryptol. ePrint Arch..

[37]  Peter Rindal,et al.  Improved Private Set Intersection Against Malicious Adversaries , 2017, EUROCRYPT.

[38]  Moti Yung,et al.  On Deploying Secure Computing Commercially: Private Intersection-Sum Protocols and their Business Applications , 2019, IACR Cryptol. ePrint Arch..

[39]  David Evans,et al.  Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates , 2015, EUROCRYPT.

[40]  Peter Rindal,et al.  Fast Database Joins for Secret Shared Data , 2019, IACR Cryptol. ePrint Arch..

[41]  V. Benes Optimal rearrangeable multistage connecting networks , 1964 .