Efficient and secure protocols for privacy-preserving set operations

Many applications require performing set operations without publishing individual datesets. In this article, we address this problem for five fundamental set operations including set intersection, cardinality of set intersection, element reduction, overthreshold set-union, and subset relation. Our protocols are obtained in the universally composable security framework, in the assumption of the probabilistic polynomial time bounded adversary, which actively controls a fixed set of t parties and the assumption of an authenticated broadcast channel. Our constructions utilize building blocks of nonmalleable NonInteractive Zero-Knowledge (NIZK) arguments, which are based on a (t + 1,N)-threshold version (N is the number of parties in the protocol) of the boneh-goh-nissim (BGN) cryptosystem whose underlying group supports bilinear maps, in the assumption that the public key and shares of the secret key have been generated by a trusted dealer. The previous studies were all based on the stand-alone model with the same assumptions on the adversary, broadcast channel, and key generation. For the first four operations, we propose protocols that improve the previously known results by an O(N) factor in the computation and communication complexities. For the subset relation, our protocol is the first one secure against the active adversary. Our constructions of NIZK have independent interest in that, though also mentioned as building blocks, the previous work did not illustrate how to construct them. We construct these NIZK with an additional nonmalleable property, the same complexity as claimed in the previous work, and also an improvement on the communication complexity.

[1]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[2]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[3]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[4]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[5]  Hong Shen,et al.  Privacy Preserving Set Intersection Protocol Secure against Malicious Behaviors , 2007, Eighth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2007).

[6]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[7]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[8]  Naixue Xiong,et al.  Efficient Protocols for Privacy Preserving Matching Against Distributed Datasets , 2006, ICICS.

[9]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[10]  Taiichi Saito,et al.  Private Information Retrieval Based on the Subgroup Membership Problem , 2001, ACISP.

[11]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[12]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[13]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[14]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[15]  Jung Hee Cheon,et al.  Analysis of Privacy-Preserving Element Reduction of Multiset , 2006, IACR Cryptol. ePrint Arch..

[16]  Chuankun Wu,et al.  An Unconditionally Secure Protocol for Multi-Party Set Intersection , 2007, ACNS.

[17]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[18]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[19]  Susan Hohenberger,et al.  Honest-Verifier Private Disjointness Testing Without Random Oracles , 2006, Privacy Enhancing Technologies.

[20]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[21]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[22]  Steven D. Galbraith,et al.  Elliptic Curve Paillier Schemes , 2001, Journal of Cryptology.

[23]  Hong Shen,et al.  Privacy preserving set intersection based on bilinear groups , 2008, ACSC.

[24]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[25]  Dawn Xiaodong Song,et al.  Privacy-Preserving Set Operations , 2005, CRYPTO.

[26]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[27]  Hong Shen,et al.  Privacy Preserving Set Intersection Protocol Secure against Malicious Behaviors , 2007 .

[28]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[29]  Matthew K. Franklin,et al.  Efficient Polynomial Operations in the Shared-Coefficients Setting , 2006, Public Key Cryptography.

[30]  Keith B. Frikken Privacy-Preserving Set Union , 2007, ACNS.

[31]  Gu Si-yang,et al.  Privacy preserving association rule mining in vertically partitioned data , 2006 .

[32]  Benny Pinkas,et al.  Secure Computation of the k th-Ranked Element , 2004, EUROCRYPT.

[33]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[34]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[35]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[36]  Ben Adida,et al.  How to Shuffle in Public , 2007, TCC.

[37]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[38]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.