Verifiable Delegated Set Intersection Operations on Outsourced Encrypted Data

We initiate the study of the following problem: Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsourced cipher texts, decrypt the cipher texts locally, and then execute a commodity two-party set intersection protocol. Unfortunately, this solution is not practical. We therefore motivate and introduce the novel notion of Verifiable Delegated Set Intersection on outsourced encrypted data (VDSI). The basic idea is to delegate the set intersection operation to the cloud, while (i) not giving the decryption capability to the cloud, and (ii) being able to hold the misbehaving cloud accountable. We formalize security properties of VDSI and present a construction. In our solution, the computational and communication costs on the users are linear to the size of the intersection set, meaning that the efficiency is optimal up to a constant factor.

[1]  Guang Gong,et al.  Verifiable symmetric searchable encryption for semi-honest-but-curious cloud servers , 2012, 2012 IEEE International Conference on Communications (ICC).

[2]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[3]  Florian Kerschbaum,et al.  Collusion-resistant outsourcing of private set intersection , 2012, SAC '12.

[4]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Complexity , 2010, Financial Cryptography.

[5]  Dawn Xiaodong Song,et al.  Privacy-Preserving Set Operations , 2005, CRYPTO.

[6]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[7]  Elaine Shi,et al.  TRUESET: Faster Verifiable Set Computations , 2014, USENIX Security Symposium.

[8]  Yehuda Lindell,et al.  Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries , 2008, Journal of Cryptology.

[9]  Elaine Shi,et al.  Signatures of Correct Computation , 2013, TCC.

[10]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[11]  Yunhao Liu,et al.  Verifiable private multi-party computation: Ranging and ranking , 2013, 2013 Proceedings IEEE INFOCOM.

[12]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[13]  Martín Abadi,et al.  Message-Locked Encryption for Lock-Dependent Messages , 2013, IACR Cryptol. ePrint Arch..

[14]  Ivan Damgård,et al.  Supporting Non-membership Proofs with Bilinear-map Accumulators , 2008, IACR Cryptol. ePrint Arch..

[15]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[16]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[17]  Rosario Gennaro,et al.  Publicly verifiable delegation of large polynomials and matrix computations, with applications , 2012, IACR Cryptol. ePrint Arch..

[18]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[19]  Omer Paneth,et al.  Verifiable Set Operations over Outsourced Databases , 2014, IACR Cryptol. ePrint Arch..

[20]  Jan Camenisch,et al.  Private Intersection of Certified Sets , 2009, Financial Cryptography.

[21]  Emiliano De Cristofaro,et al.  Practical Private Set Intersection Protocols with Linear Computational and Bandwidth Complexity , 2009, IACR Cryptol. ePrint Arch..

[22]  Emiliano De Cristofaro,et al.  (If) Size Matters: Size-Hiding Private Set Intersection , 2011, IACR Cryptol. ePrint Arch..

[23]  Roberto Tamassia,et al.  Optimal Verification of Operations on Dynamic Sets , 2011, CRYPTO.

[24]  Changyu Dong,et al.  When private set intersection meets big data: an efficient and scalable protocol , 2013, CCS.

[25]  Jonathan Katz,et al.  Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? , 2012, NDSS.

[26]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[27]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[28]  Emiliano De Cristofaro,et al.  Countering GATTACA: efficient and secure testing of fully-sequenced human genomes , 2011, CCS '11.

[29]  Carmit Hazay,et al.  Efficient Set Operations in the Presence of Malicious Adversaries , 2010, Journal of Cryptology.

[30]  Panagiotis Papadimitratos,et al.  Privacy-Preserving Relationship Path Discovery in Social Networks , 2009, CANS.

[31]  Florian Kerschbaum,et al.  Outsourced private set intersection using homomorphic encryption , 2012, ASIACCS '12.

[32]  Stuart Haber,et al.  Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases , 2009, Privacy Enhancing Technologies.

[33]  Ming Li,et al.  Computing encrypted cloud data efficiently under multiple keys , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[34]  Benny Pinkas,et al.  Faster Private Set Intersection Based on OT Extension , 2014, USENIX Security Symposium.

[35]  Georg Fuchsbauer,et al.  Plaintext-Checkable Encryption , 2012, CT-RSA.

[36]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[37]  Moti Yung,et al.  Efficient robust private set intersection , 2009, Int. J. Appl. Cryptogr..

[38]  Tolga Acar,et al.  Accumulators and U-Prove Revocation , 2013, Financial Cryptography.

[39]  Qiang Tang,et al.  Towards Public Key Encryption Scheme Supporting Equality Test with Fine-Grained Authorization , 2011, ACISP.

[40]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[41]  Yevgeniy Vahlis,et al.  Verifiable Delegation of Computation over Large Datasets , 2011, IACR Cryptol. ePrint Arch..

[42]  Craig Gentry,et al.  Computing arbitrary functions of encrypted data , 2010, CACM.

[43]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[44]  Guomin Yang,et al.  Probabilistic Public Key Encryption with Equality Test , 2010, CT-RSA.

[45]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[46]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[47]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.