Linear Complexity Private Set Intersection for Secure Two-Party Protocols

In this paper, we propose a new private set intersection (PSI) protocol that computes the following functionality. The two parties (P1 and P2) input two sets of items (X and Y , respectively) and one of the parties outputs a function of the intersection (f(X ∩Y )). This functionality is generally required when the PSI protocol is used as a part of a larger secure two-party secure computation. Pinkas et al. presented a PSI protocol at Eurocrypt 2019 for this functionality, which has linear complexity only in communication. While there are PSI protocols with linear computation and communication complexities in the classical PSI setting where the intersection itself is revealed to one party, to the best of our knowledge, there is no PSI protocol, which outputs a function of the intersection and satisfies linear complexity in both communication and computation. We present the first PSI protocol that outputs only a function of the intersection with linear communication and computation complexities. While creating the protocol, as a side contribution, we provide a one-time oblivious programmable pseudo-random function based on garbled Bloom filters. We also implemented our protocol and provide performance results.

[1]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[2]  Vladimir Kolesnikov,et al.  Efficient Batched Oblivious PRF with Applications to Private Set Intersection , 2016, CCS.

[3]  Benny Pinkas,et al.  Efficient Circuit-based PSI via Cuckoo Hashing , 2018, IACR Cryptol. ePrint Arch..

[4]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[5]  Moti Yung,et al.  On Deploying Secure Computing Commercially: Private Intersection-Sum Protocols and their Business Applications , 2019, IACR Cryptol. ePrint Arch..

[6]  Yuval Ishai,et al.  Efficient Pseudorandom Correlation Generators: Silent OT Extension and More , 2019, IACR Cryptol. ePrint Arch..

[7]  Catherine A. Meadows,et al.  A More Efficient Cryptographic Matchmaking Protocol for Use in the Absence of a Continuously Available Third Party , 1986, 1986 IEEE Symposium on Security and Privacy.

[8]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[9]  Emiliano De Cristofaro,et al.  Fast and Private Computation of Cardinality of Set Intersection and Union , 2012, CANS.

[10]  Yehuda Lindell,et al.  More efficient oblivious transfer and extensions for faster secure computation , 2013, CCS.

[11]  Benny Pinkas,et al.  Efficient Circuit-based PSI with Linear Communication , 2019, IACR Cryptol. ePrint Arch..

[12]  Changyu Dong,et al.  When private set intersection meets big data: an efficient and scalable protocol , 2013, CCS.

[13]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[14]  Sherman S. M. Chow,et al.  Can you find the one for me? Privacy-Preserving Matchmaking via Threshold PSI , 2018, IACR Cryptol. ePrint Arch..

[15]  Benny Pinkas,et al.  Practical Multi-party Private Set Intersection from Symmetric-Key Techniques , 2017, CCS.

[16]  Yuval Ishai,et al.  Efficient Two-Round OT Extension and Silent Non-Interactive Secure Computation , 2019, IACR Cryptol. ePrint Arch..

[17]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[18]  Yehuda Lindell,et al.  How To Simulate It - A Tutorial on the Simulation Proof Technique , 2016, IACR Cryptol. ePrint Arch..

[19]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[20]  Adi Shamir,et al.  On the Power of Commutativity in Cryptography , 1980, ICALP.

[21]  Ratna Dutta,et al.  Secure and Efficient Private Set Intersection Cardinality Using Bloom Filter , 2015, ISC.

[22]  Zekeriya Erkin,et al.  SET-OT: A Secure Equality Testing Protocol Based on Oblivious Transfer , 2019, ARES.

[23]  W. Marsden I and J , 2012 .

[24]  Benny Pinkas,et al.  Scalable Private Set Intersection Based on OT Extension , 2018, IACR Cryptol. ePrint Arch..

[25]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[26]  Carlos Cid,et al.  An Efficient Toolkit for Computing Private Set Operations , 2017, ACISP.

[27]  Yuval Ishai,et al.  Extending Oblivious Transfers Efficiently , 2003, CRYPTO.

[28]  Benny Pinkas,et al.  Faster Private Set Intersection Based on OT Extension , 2014, USENIX Security Symposium.

[29]  Rafail Ostrovsky,et al.  Private Set Intersection with Linear Communication from General Assumptions , 2019, IACR Cryptol. ePrint Arch..

[30]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Complexity , 2010, Financial Cryptography.

[31]  Claudio Orlandi,et al.  Combining Private Set-Intersection with Secure Two-Party Computation , 2018, IACR Cryptol. ePrint Arch..

[32]  Moti Yung,et al.  Private Intersection-Sum Protocol with Applications to Attributing Aggregate Ad Conversions , 2017, IACR Cryptol. ePrint Arch..

[33]  Peter Rindal,et al.  Improved Private Set Intersection Against Malicious Adversaries , 2017, EUROCRYPT.