Abstract
Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. It is one of the best studied applications of secure computation and many PSI protocols have been proposed. However, the variety of existing PSI protocols makes it difficult to identify the solution that performs best in a respective scenario, especially since they were not compared in the same setting. In addition, existing PSI protocols are several orders of magnitude slower than an insecure naïve hashing solution, which is used in practice.
In this article, we review the progress made on PSI protocols and give an overview of existing protocols in various security models. We then focus on PSI protocols that are secure against semi-honest adversaries and take advantage of the most recent efficiency improvements in Oblivious Transfer (OT) extension, propose significant optimizations to previous PSI protocols, and suggest a new PSI protocol whose runtime is superior to that of existing protocols. We compare the performance of the protocols, both theoretically and experimentally, by implementing all protocols on the same platform, give recommendations on which protocol to use in a particular setting, and evaluate the progress on PSI protocols by comparing them to the currently employed insecure naïve hashing protocol. We demonstrate the feasibility of our new PSI protocol by processing two sets with a billion elements each.
- A. Abadi, S. Terzis, and C. Dong. 2015. O-PSI: Delegated private set intersection on outsourced datasets. In ICT Systems Security and Privacy Protection (SEC’15) (IFIP AICT), Vol. 455. Springer, 3--17.Google Scholar
- A. Abadi, S. Terzis, and C. Dong. 2017. VD-PSI: Verifiable delegated private set intersection on outsourced private datasets. In Financial Cryptography and Data Security (FC’16)(LNCS), Vol. 9603. Springer, 149--168.Google Scholar
- M. R. Albrecht, C. Rechberger, T. Schneider, T. Tiessen, and M. Zohner. 2015. Ciphers for MPC and FHE. In Advances in Cryptology—EUROCRYPT’15 (LNCS), Vol. 9056. Springer, 430--454. Google Scholar
Cross Ref
- Y. Arbitman, M. Naor, and G. Segev. 2010. Backyard cuckoo hashing: Constant worst-case operations with a succinct representation. In Foundations of Computer Science (FOCS’10). IEEE, 787--796. Google Scholar
Digital Library
- G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. 2013. More efficient oblivious transfer and extensions for faster secure computation. In Computer and Communications Security (CCS’13). ACM, 535--548. Google Scholar
Digital Library
- G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. 2015. More efficient oblivious transfer extensions with security for malicious adversaries. In Advances in Cryptology—EUROCRYPT’15 (LNCS), Vol. 9056. Springer, 673--701. Google Scholar
Cross Ref
- N. Asokan, A. Dmitrienko, M. Nagy, E. Reshetova, A.-R. Sadeghi, T. Schneider, and S. Stelle. 2013. CrowdShare: Secure mobile resource sharing. In Applied Cryptography and Network Security (ACNS’13) (LNCS), Vol. 7954. Springer, 432--440.Google Scholar
- P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, and G. Tsudik. 2011. Countering GATTACA: Efficient and secure testing of fully-sequenced human genomes. In Computer and Communications Security (CCS’11). ACM, 691--702. Google Scholar
Digital Library
- R. W. Baldwin and W. C. Gramlich. 1985. Cryptographic protocol for trustable matchmaking. In Symposium on Security and Privacy (S8P’85). IEEE, 92--100.Google Scholar
- D. Beaver. 1996. Correlated pseudorandomness and the complexity of private computations. In Symposium on Theory of Computing (STOC’96). ACM, 479--488. Google Scholar
Digital Library
- M. Bellare, V. Hoang, S. Keelveedhi, and P. Rogaway. 2013. Efficient garbling from a fixed-key blockcipher. In Symposium on Security and Privacy (S8P’13). IEEE, 478--492. Google Scholar
Digital Library
- M. Bellare and P. Rogaway. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Computer and Communications Security (CCS’93). ACM, 62--73. Google Scholar
Digital Library
- J. Boyar and R. Peralta. 2010. A new combinational logic minimization technique with applications to cryptology. In Symposium on Experimental Algorithms (SEA’10) (LNCS), Vol. 6049. Springer, 178--189. Google Scholar
Digital Library
- E. Bursztein, M. Hamburg, J. Lagarenne, and D. Boneh. 2011. OpenConflict: Preventing real time map hacks in online games. In Symposium on Security and Privacy (S8P’11). IEEE, 506--520.Google Scholar
- H. Carter, C. Amrutkar, I. Dacosta, and P. Traynor. 2013. For your phone only: Custom protocols for efficient secure function evaluation on mobile devices. J. Secur. Commun. Netw. (2013).Google Scholar
- E. De Cristofaro, J. Kim, and G. Tsudik. 2010. Linear-complexity private set intersection protocols secure in malicious model. In Advances in Cryptology—ASIACRYPT’10 (LNCS), Vol. 6477. Springer, 213--231. Google Scholar
Cross Ref
- E. De Cristofaro and G. Tsudik. 2010. Practical private set intersection protocols with linear complexity. In Financial Cryptography and Data Security (FC’10) (LNCS), Vol. 6052. Springer, 143--159. Google Scholar
Digital Library
- S. K. Debnath and R. Dutta. 2015. Secure and efficient private set intersection cardinality using bloom filter. In Information Security Conference (ISC’15) (LNCS), Vol. 9290. Springer, 209--226. Google Scholar
Digital Library
- D. Demmler, T. Schneider, and M. Zohner. 2015. ABY: A framework for efficient mixed-protocol secure two-party computation. In Network and Distributed System Security (NDSS’15). The Internet Society. Google Scholar
Cross Ref
- G. Dessouky, F. Koushanfar, A.-R. Sadeghi, T. Schneider, S. Zeitouni, and M. Zohner. 2017. Pushing the communication barrier in secure computation using lookup tables. In Network and Distributed System Security (NDSS’17). The Internet Society. Google Scholar
Cross Ref
- M. Dietzfelbinger, A. Goerdt, M. Mitzenmacher, A. Montanari, R. Pagh, and M. Rink. 2010. Tight thresholds for cuckoo hashing via XORSAT. In International Colloquium on Automata, Languages and Programming (ICALP’10) (LNCS), Vol. 6198. Springer, 213--225. Google Scholar
Cross Ref
- C. Dong, L. Chen, and Z. Wen. 2013. When private set intersection meets big data: An efficient and scalable protocol. In Computer and Communications Security (CCS’13). ACM, 789--800. Google Scholar
Digital Library
- M. Fischlin, B. Pinkas, A.-R. Sadeghi, T. Schneider, and I. Visconti. 2011. Secure set intersection with untrusted hardware tokens. In Cryptographers’ Track at the RSA Conference (CT-RSA’11) (LNCS), Vol. 6558. Springer, 1--16. Google Scholar
Cross Ref
- M. J. Freedman, C. Hazay, K. Nissim, and B. Pinkas. 2016. Efficient set intersection with simulation-based security. J. Cryptol. 29, 1 (2016), 115--155. Google Scholar
Digital Library
- M. J. Freedman, Y. Ishai, B. Pinkas, and O. Reingold. 2005. Keyword search and oblivious pseudorandom functions. In Theory of Cryptography Conference (TCC’05) (LNCS), Vol. 3378. Springer, 303--324. Google Scholar
Digital Library
- M. J. Freedman, K. Nissim, and B. Pinkas. 2004. Efficient private matching and set intersection. In Advances in Cryptology—EUROCRYPT’04 (LNCS), Vol. 3027. Springer, 1--19. Google Scholar
Cross Ref
- O. Goldreich. 2004. Foundations of Cryptography. Vol. 2: Basic Applications. Cambridge University Press, Cambridge, UK. Google Scholar
Cross Ref
- O. Goldreich, S. Micali, and A. Wigderson. 1987. How to play any mental game or a completeness theorem for protocols with honest majority. In Symposium on Theory of Computing (STOC’87). ACM, 218--229.Google Scholar
- G. Gonnet. 1981. Expected length of the longest probe sequence in hash code searching. J. ACM 28, 2 (1981), 289--304. Google Scholar
Digital Library
- C. Hazay and Y. Lindell. 2008. Constructions of truly practical secure protocols using standard smartcards. In Computer and Communications Security (CCS’08). ACM, 491--500.Google Scholar
- W. Henecka and T. Schneider. 2013. Faster secure two-party computation with less memory. In Symposium on Information, Computer and Communications Security (ASIACCS’13). ACM, 437--446. Google Scholar
Digital Library
- Y. Huang, P. Chapman, and D. Evans. 2011. Privacy-preserving applications on smartphones. In Hot topics in Security (HotSec’11). USENIX.Google Scholar
- Y. Huang, D. Evans, and J. Katz. 2012. Private set intersection: Are garbled circuits better than custom protocols? In Network and Distributed System Security (NDSS’12). The Internet Society.Google Scholar
- Y. Huang, D. Evans, J. Katz, and L. Malka. 2011. Faster secure two-party computation using garbled circuits. In USENIX Security Symposium 2011. USENIX, 539--554.Google Scholar
- B. A. Huberman, M. Franklin, and T. Hogg. 1999. Enhancing privacy and trust in electronic communities. In ACM Conference on Electronic Commerce (EC’99). ACM, 78--86. Google Scholar
Digital Library
- Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. 2003. Extending oblivious transfers efficiently. In Advances in Cryptology—CRYPTO’03 (LNCS), Vol. 2729. Springer, 145--161. Google Scholar
Cross Ref
- S. Kamara, P. Mohassel, M. Raykova, and S. Sadeghian. 2014. Scaling private set intersection to s-element sets. In Financial Cryptography and Data Security (FC’14) (LNCS), Vol. 8437. Springer, 195--215.Google Scholar
- A. Kirsch, M. Mitzenmacher, and U. Wieder. 2009. More robust hashing: Cuckoo hashing with a stash. SIAM J. Comput. 39, 4 (2009), 1543--1561. Google Scholar
Digital Library
- Á. Kiss, J. Liu, T. Schneider, N. Asokan, and B. Pinkas. 2017. Private set intersection for unequal set sizes with mobile applications. Privacy Enhancing Technologies (PoPETs’17) 2017, 4 (2017), 97--117.Google Scholar
- L. Kissner and D. Song. 2005. Privacy-preserving set operations. In Advances in Cryptology—CRYPTO’05 (LNCS), Vol. 3621. Springer, 241--257. Google Scholar
Cross Ref
- V. Kolesnikov and R. Kumaresan. 2013. Improved OT extension for transferring short secrets. In Advances in Cryptology—CRYPTO’13 (2) (LNCS), Vol. 8043. Springer, 54--70. Google Scholar
Cross Ref
- V. Kolesnikov, R. Kumaresan, M. Rosulek, and N. Trieu. 2016. Efficient batched oblivious PRF with applications to private set intersection. In Computer and Communications Security (CCS’16). ACM, 818--829. Google Scholar
Digital Library
- V. Kolesnikov and T. Schneider. 2008. Improved garbled circuit: Free XOR gates and applications. In International Colloquium on Automata, Languages and Programming (ICALP’08) (LNCS), Vol. 5126. Springer, 486--498.Google Scholar
- M. Lambæk. 2016. Breaking and Fixing Private Set Intersection Protocols. Cryptology ePrint Archive, Report 2016/665. (2016). http://ia.cr/2016/665.Google Scholar
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. 2004. Fairplay—A secure two-party computation system. In USENIX Security Symposium 2004. USENIX, 287--302.Google Scholar
- C. Meadows. 1986. A more efficient cryptographic matchmaking protocol for use in the absence of a continuously available third party. In Symposium on Security and Privacy (S8P’86). IEEE, 134--137. Google Scholar
Cross Ref
- G. Mezzour, A. Perrig, V. D. Gligor, and P. Papadimitratos. 2009. Privacy-preserving relationship path discovery in social networks. In Cryptology and Network Security (CANS’09) (LNCS), Vol. 5888. Springer, 189--208. Google Scholar
Digital Library
- M. D. Mitzenmacher. 2001. The power of two choices in randomized load balancing. IEEE Trans. Parallel Distrib. Syst. 12, 10 (2001), 1094--1104. Google Scholar
Digital Library
- Robert H. Morelos-Zaragoza. 2006. The Art of Error Correcting Coding. Wiley, Hoboken (New Jersey), US. Code generation tools: http://eccpage.com.Google Scholar
- R. Motwani and P. Raghavan. 1995. Randomized Algorithms. Cambridge University Press, New York, NY. Google Scholar
Cross Ref
- S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov. 2010. BotGrep: Finding P2P bots with structured graph analysis. In USENIX Security Symposium 2010. USENIX, 95--110.Google Scholar
- M. Nagy, E. De Cristofaro, A. Dmitrienko, N. Asokan, and A.-R. Sadeghi. 2013. Do I know you? -- Efficient and privacy-preserving common friend-finder protocols and applications. In Annual Computer Security Applications Conference (ACSAC’13). ACM, 159--168.Google Scholar
- M. Naor and B. Pinkas. 2001. Efficient oblivious transfer protocols. In SIAM Symposium On Discrete Algorithms (SODA’01). Society for Industrial and Applied Mathematics (SIAM’01), 448--457.Google Scholar
- A. Narayanan, N. Thiagarajan, M. Lakhani, M. Hamburg, and D. Boneh. 2011. Location privacy via private proximity testing. In Network and Distributed System Security (NDSS’11). The Internet Society.Google Scholar
- J. B. Nielsen, P. S. Nordholt, C. Orlandi, and S. S. Burra. 2012. A new approach to practical active-secure two-party computation. In Advances in Cryptology -- CRYPTO’12 (LNCS), Vol. 7417. Springer, 681--700. Google Scholar
Digital Library
- NIST. 2012. NIST Special Publication 800-57, Recommendation for Key Management Part 1: General (Rev. 3). Technical Report. National Institute of Standards and Technology (NIST), Gaithersburg (Maryland), US.Google Scholar
- O. Oksuz, I. Leontiadis, S. Chen, A. Russell, Q. Tang, and B. Wang. 2017. SEVDSI: Secure, Efficient and Verifiable Data Set Intersection. Cryptology ePrint Archive, Report 2017/215. (2017). http://ia.cr/2017/215.Google Scholar
- M. Orrù, E. Orsini, and P. Scholl. 2017. Actively secure 1-out-of-N OT extension with application to private set intersection. In Topics in Cryptology—CT-RSA’17 (LNCS), Vol. 10159. Springer, 381--396.Google Scholar
- R. Pagh and F. F. Rodler. 2001. Cuckoo hashing. In European Symposium on Algorithms (ESA’01) (LNCS), Vol. 2161. Springer, 121--133. Google Scholar
Cross Ref
- R. Pagh and F. F. Rodler. 2004. Cuckoo hashing. J. Algorithms 51, 2 (2004), 122--144. Google Scholar
Digital Library
- B. Pinkas, T. Schneider, G. Segev, and M. Zohner. 2015. Phasing: Private set intersection using permutation-based hashing. In USENIX Security Symposium 2015. USENIX, 515--530. http://eprint.iacr.org/2015/634.Google Scholar
- B. Pinkas, T. Schneider, N. P. Smart, and S. C. Williams. 2009. Secure two-party computation is practical. In Advances in Cryptology—ASIACRYPT’09 (LNCS), Vol. 5912. Springer, 250--267. Google Scholar
Digital Library
- B. Pinkas, T. Schneider, and M. Zohner. 2014. Faster private set intersection based on OT extension. In USENIX Security Symposium 2014. USENIX, 797--812. http://eprint.iacr.org/2014/447.Google Scholar
- M. Raab and A. Steger. 1998. “Balls into bins”—A simple and tight analysis. In Randomization and Approximation Techniques in Computer Science (RANDOM’98) (LNCS), Vol. 1518. Springer, 159--170.Google Scholar
- P. Rindal and M. Rosulek. 2016. Faster malicious 2-party secure computation with online/offline dual execution. In USENIX Security Symposium 2016. USENIX.Google Scholar
- P. Rindal and M. Rosulek. 2017a. Improved private set intersection against malicious adversaries. In Advances in Cryptology—EUROCRYPT’17 (LNCS), Vol. 10210. Springer, 235--259. Google Scholar
Cross Ref
- P. Rindal and M. Rosulek. 2017b. Malicious-secure private set intersection via dual execution. Forthcoming. In Computer and Communications Security (CCS’17). ACM. Google Scholar
Digital Library
- T. Schneider and M. Zohner. 2013. GMW vs. Yao? Efficient secure two-party computation with low depth circuits. In Financial Cryptography and Data Security (FC’13) (LNCS), Vol. 7859. Springer, 275--292.Google Scholar
- R. Schürer and W. Schmid. 2006. Monte Carlo and Quasi-Monte Carlo Methods 2004. Springer, Chap. MinT: A Database for Optimal Net Parameters, 457--469.Google Scholar
- A. Shamir. 1980. On the power of commutativity in cryptography. In International Colloquium on Automata, Languages and Programming (ICALP’80) (LNCS), Vol. 85. Springer, 582--595. Google Scholar
Cross Ref
- S. Tamrakar, J. Liu, A. Paverd, J.-E. Ekberg, B. Pinkas, and N. Asokan. 2017. The circle game: Scalable private membership test using trusted hardware. In Computer and Communications Security (ASIACCS’17). ACM, 31--44. Google Scholar
Digital Library
- A. C. Yao. 1986. How to generate and exchange secrets. In Foundations of Computer Science (FOCS’86). IEEE, 162--167. Google Scholar
Digital Library
- S. Zahur, M. Rosulek, and D. Evans. 2015. Two halves make a whole: Reducing data transfer in garbled circuits using half gates. In Advances in Cryptology—EUROCRYPT’15 (LNCS), Vol. 9057. Springer, 220--250.Google Scholar
Index Terms
Scalable Private Set Intersection Based on OT Extension
Recommendations
Faster private set intersection based on OT extension
SEC'14: Proceedings of the 23rd USENIX conference on Security SymposiumPrivate set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. It is one of the best studied applications of secure computation and many PSI ...
Efficient Scalable Multi-party Private Set Intersection Using Oblivious PRF
Security and Trust ManagementAbstractIn this paper, we present a concretely efficient protocol for private set intersection (PSI) in the multi-party setting using oblivious pseudorandom function (OPRF). In fact, we generalize the approach used in the work of Chase and Miao [CRYPTO ...
Blazing Fast OT for Three-Round UC OT Extension
Public-Key Cryptography – PKC 2020AbstractOblivious Transfer (OT) is an important building block for multi-party computation (MPC). Since OT requires expensive public-key operations, efficiency-conscious MPC protocols use an OT extension (OTE) mechanism [Beaver 96, Ishai et al. 03] to ...






Comments