skip to main content
research-article
Public Access

Scalable Private Set Intersection Based on OT Extension

Published:02 January 2018Publication History
Skip Abstract Section

Abstract

Private set intersection (PSI) allows two parties to compute the intersection of their sets without revealing any information about items that are not in the intersection. It is one of the best studied applications of secure computation and many PSI protocols have been proposed. However, the variety of existing PSI protocols makes it difficult to identify the solution that performs best in a respective scenario, especially since they were not compared in the same setting. In addition, existing PSI protocols are several orders of magnitude slower than an insecure naïve hashing solution, which is used in practice.

In this article, we review the progress made on PSI protocols and give an overview of existing protocols in various security models. We then focus on PSI protocols that are secure against semi-honest adversaries and take advantage of the most recent efficiency improvements in Oblivious Transfer (OT) extension, propose significant optimizations to previous PSI protocols, and suggest a new PSI protocol whose runtime is superior to that of existing protocols. We compare the performance of the protocols, both theoretically and experimentally, by implementing all protocols on the same platform, give recommendations on which protocol to use in a particular setting, and evaluate the progress on PSI protocols by comparing them to the currently employed insecure naïve hashing protocol. We demonstrate the feasibility of our new PSI protocol by processing two sets with a billion elements each.

References

  1. A. Abadi, S. Terzis, and C. Dong. 2015. O-PSI: Delegated private set intersection on outsourced datasets. In ICT Systems Security and Privacy Protection (SEC’15) (IFIP AICT), Vol. 455. Springer, 3--17.Google ScholarGoogle Scholar
  2. A. Abadi, S. Terzis, and C. Dong. 2017. VD-PSI: Verifiable delegated private set intersection on outsourced private datasets. In Financial Cryptography and Data Security (FC’16)(LNCS), Vol. 9603. Springer, 149--168.Google ScholarGoogle Scholar
  3. M. R. Albrecht, C. Rechberger, T. Schneider, T. Tiessen, and M. Zohner. 2015. Ciphers for MPC and FHE. In Advances in Cryptology—EUROCRYPT’15 (LNCS), Vol. 9056. Springer, 430--454. Google ScholarGoogle ScholarCross RefCross Ref
  4. Y. Arbitman, M. Naor, and G. Segev. 2010. Backyard cuckoo hashing: Constant worst-case operations with a succinct representation. In Foundations of Computer Science (FOCS’10). IEEE, 787--796. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. 2013. More efficient oblivious transfer and extensions for faster secure computation. In Computer and Communications Security (CCS’13). ACM, 535--548. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. 2015. More efficient oblivious transfer extensions with security for malicious adversaries. In Advances in Cryptology—EUROCRYPT’15 (LNCS), Vol. 9056. Springer, 673--701. Google ScholarGoogle ScholarCross RefCross Ref
  7. N. Asokan, A. Dmitrienko, M. Nagy, E. Reshetova, A.-R. Sadeghi, T. Schneider, and S. Stelle. 2013. CrowdShare: Secure mobile resource sharing. In Applied Cryptography and Network Security (ACNS’13) (LNCS), Vol. 7954. Springer, 432--440.Google ScholarGoogle Scholar
  8. P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, and G. Tsudik. 2011. Countering GATTACA: Efficient and secure testing of fully-sequenced human genomes. In Computer and Communications Security (CCS’11). ACM, 691--702. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. R. W. Baldwin and W. C. Gramlich. 1985. Cryptographic protocol for trustable matchmaking. In Symposium on Security and Privacy (S8P’85). IEEE, 92--100.Google ScholarGoogle Scholar
  10. D. Beaver. 1996. Correlated pseudorandomness and the complexity of private computations. In Symposium on Theory of Computing (STOC’96). ACM, 479--488. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Bellare, V. Hoang, S. Keelveedhi, and P. Rogaway. 2013. Efficient garbling from a fixed-key blockcipher. In Symposium on Security and Privacy (S8P’13). IEEE, 478--492. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Bellare and P. Rogaway. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Computer and Communications Security (CCS’93). ACM, 62--73. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Boyar and R. Peralta. 2010. A new combinational logic minimization technique with applications to cryptology. In Symposium on Experimental Algorithms (SEA’10) (LNCS), Vol. 6049. Springer, 178--189. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. E. Bursztein, M. Hamburg, J. Lagarenne, and D. Boneh. 2011. OpenConflict: Preventing real time map hacks in online games. In Symposium on Security and Privacy (S8P’11). IEEE, 506--520.Google ScholarGoogle Scholar
  15. H. Carter, C. Amrutkar, I. Dacosta, and P. Traynor. 2013. For your phone only: Custom protocols for efficient secure function evaluation on mobile devices. J. Secur. Commun. Netw. (2013).Google ScholarGoogle Scholar
  16. E. De Cristofaro, J. Kim, and G. Tsudik. 2010. Linear-complexity private set intersection protocols secure in malicious model. In Advances in Cryptology—ASIACRYPT’10 (LNCS), Vol. 6477. Springer, 213--231. Google ScholarGoogle ScholarCross RefCross Ref
  17. E. De Cristofaro and G. Tsudik. 2010. Practical private set intersection protocols with linear complexity. In Financial Cryptography and Data Security (FC’10) (LNCS), Vol. 6052. Springer, 143--159. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. S. K. Debnath and R. Dutta. 2015. Secure and efficient private set intersection cardinality using bloom filter. In Information Security Conference (ISC’15) (LNCS), Vol. 9290. Springer, 209--226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Demmler, T. Schneider, and M. Zohner. 2015. ABY: A framework for efficient mixed-protocol secure two-party computation. In Network and Distributed System Security (NDSS’15). The Internet Society. Google ScholarGoogle ScholarCross RefCross Ref
  20. G. Dessouky, F. Koushanfar, A.-R. Sadeghi, T. Schneider, S. Zeitouni, and M. Zohner. 2017. Pushing the communication barrier in secure computation using lookup tables. In Network and Distributed System Security (NDSS’17). The Internet Society. Google ScholarGoogle ScholarCross RefCross Ref
  21. M. Dietzfelbinger, A. Goerdt, M. Mitzenmacher, A. Montanari, R. Pagh, and M. Rink. 2010. Tight thresholds for cuckoo hashing via XORSAT. In International Colloquium on Automata, Languages and Programming (ICALP’10) (LNCS), Vol. 6198. Springer, 213--225. Google ScholarGoogle ScholarCross RefCross Ref
  22. C. Dong, L. Chen, and Z. Wen. 2013. When private set intersection meets big data: An efficient and scalable protocol. In Computer and Communications Security (CCS’13). ACM, 789--800. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. M. Fischlin, B. Pinkas, A.-R. Sadeghi, T. Schneider, and I. Visconti. 2011. Secure set intersection with untrusted hardware tokens. In Cryptographers’ Track at the RSA Conference (CT-RSA’11) (LNCS), Vol. 6558. Springer, 1--16. Google ScholarGoogle ScholarCross RefCross Ref
  24. M. J. Freedman, C. Hazay, K. Nissim, and B. Pinkas. 2016. Efficient set intersection with simulation-based security. J. Cryptol. 29, 1 (2016), 115--155. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. J. Freedman, Y. Ishai, B. Pinkas, and O. Reingold. 2005. Keyword search and oblivious pseudorandom functions. In Theory of Cryptography Conference (TCC’05) (LNCS), Vol. 3378. Springer, 303--324. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. M. J. Freedman, K. Nissim, and B. Pinkas. 2004. Efficient private matching and set intersection. In Advances in Cryptology—EUROCRYPT’04 (LNCS), Vol. 3027. Springer, 1--19. Google ScholarGoogle ScholarCross RefCross Ref
  27. O. Goldreich. 2004. Foundations of Cryptography. Vol. 2: Basic Applications. Cambridge University Press, Cambridge, UK. Google ScholarGoogle ScholarCross RefCross Ref
  28. O. Goldreich, S. Micali, and A. Wigderson. 1987. How to play any mental game or a completeness theorem for protocols with honest majority. In Symposium on Theory of Computing (STOC’87). ACM, 218--229.Google ScholarGoogle Scholar
  29. G. Gonnet. 1981. Expected length of the longest probe sequence in hash code searching. J. ACM 28, 2 (1981), 289--304. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. C. Hazay and Y. Lindell. 2008. Constructions of truly practical secure protocols using standard smartcards. In Computer and Communications Security (CCS’08). ACM, 491--500.Google ScholarGoogle Scholar
  31. W. Henecka and T. Schneider. 2013. Faster secure two-party computation with less memory. In Symposium on Information, Computer and Communications Security (ASIACCS’13). ACM, 437--446. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Y. Huang, P. Chapman, and D. Evans. 2011. Privacy-preserving applications on smartphones. In Hot topics in Security (HotSec’11). USENIX.Google ScholarGoogle Scholar
  33. Y. Huang, D. Evans, and J. Katz. 2012. Private set intersection: Are garbled circuits better than custom protocols? In Network and Distributed System Security (NDSS’12). The Internet Society.Google ScholarGoogle Scholar
  34. Y. Huang, D. Evans, J. Katz, and L. Malka. 2011. Faster secure two-party computation using garbled circuits. In USENIX Security Symposium 2011. USENIX, 539--554.Google ScholarGoogle Scholar
  35. B. A. Huberman, M. Franklin, and T. Hogg. 1999. Enhancing privacy and trust in electronic communities. In ACM Conference on Electronic Commerce (EC’99). ACM, 78--86. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. 2003. Extending oblivious transfers efficiently. In Advances in Cryptology—CRYPTO’03 (LNCS), Vol. 2729. Springer, 145--161. Google ScholarGoogle ScholarCross RefCross Ref
  37. S. Kamara, P. Mohassel, M. Raykova, and S. Sadeghian. 2014. Scaling private set intersection to s-element sets. In Financial Cryptography and Data Security (FC’14) (LNCS), Vol. 8437. Springer, 195--215.Google ScholarGoogle Scholar
  38. A. Kirsch, M. Mitzenmacher, and U. Wieder. 2009. More robust hashing: Cuckoo hashing with a stash. SIAM J. Comput. 39, 4 (2009), 1543--1561. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Á. Kiss, J. Liu, T. Schneider, N. Asokan, and B. Pinkas. 2017. Private set intersection for unequal set sizes with mobile applications. Privacy Enhancing Technologies (PoPETs’17) 2017, 4 (2017), 97--117.Google ScholarGoogle Scholar
  40. L. Kissner and D. Song. 2005. Privacy-preserving set operations. In Advances in Cryptology—CRYPTO’05 (LNCS), Vol. 3621. Springer, 241--257. Google ScholarGoogle ScholarCross RefCross Ref
  41. V. Kolesnikov and R. Kumaresan. 2013. Improved OT extension for transferring short secrets. In Advances in Cryptology—CRYPTO’13 (2) (LNCS), Vol. 8043. Springer, 54--70. Google ScholarGoogle ScholarCross RefCross Ref
  42. V. Kolesnikov, R. Kumaresan, M. Rosulek, and N. Trieu. 2016. Efficient batched oblivious PRF with applications to private set intersection. In Computer and Communications Security (CCS’16). ACM, 818--829. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. V. Kolesnikov and T. Schneider. 2008. Improved garbled circuit: Free XOR gates and applications. In International Colloquium on Automata, Languages and Programming (ICALP’08) (LNCS), Vol. 5126. Springer, 486--498.Google ScholarGoogle Scholar
  44. M. Lambæk. 2016. Breaking and Fixing Private Set Intersection Protocols. Cryptology ePrint Archive, Report 2016/665. (2016). http://ia.cr/2016/665.Google ScholarGoogle Scholar
  45. D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. 2004. Fairplay—A secure two-party computation system. In USENIX Security Symposium 2004. USENIX, 287--302.Google ScholarGoogle Scholar
  46. C. Meadows. 1986. A more efficient cryptographic matchmaking protocol for use in the absence of a continuously available third party. In Symposium on Security and Privacy (S8P’86). IEEE, 134--137. Google ScholarGoogle ScholarCross RefCross Ref
  47. G. Mezzour, A. Perrig, V. D. Gligor, and P. Papadimitratos. 2009. Privacy-preserving relationship path discovery in social networks. In Cryptology and Network Security (CANS’09) (LNCS), Vol. 5888. Springer, 189--208. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. M. D. Mitzenmacher. 2001. The power of two choices in randomized load balancing. IEEE Trans. Parallel Distrib. Syst. 12, 10 (2001), 1094--1104. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Robert H. Morelos-Zaragoza. 2006. The Art of Error Correcting Coding. Wiley, Hoboken (New Jersey), US. Code generation tools: http://eccpage.com.Google ScholarGoogle Scholar
  50. R. Motwani and P. Raghavan. 1995. Randomized Algorithms. Cambridge University Press, New York, NY. Google ScholarGoogle ScholarCross RefCross Ref
  51. S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov. 2010. BotGrep: Finding P2P bots with structured graph analysis. In USENIX Security Symposium 2010. USENIX, 95--110.Google ScholarGoogle Scholar
  52. M. Nagy, E. De Cristofaro, A. Dmitrienko, N. Asokan, and A.-R. Sadeghi. 2013. Do I know you? -- Efficient and privacy-preserving common friend-finder protocols and applications. In Annual Computer Security Applications Conference (ACSAC’13). ACM, 159--168.Google ScholarGoogle Scholar
  53. M. Naor and B. Pinkas. 2001. Efficient oblivious transfer protocols. In SIAM Symposium On Discrete Algorithms (SODA’01). Society for Industrial and Applied Mathematics (SIAM’01), 448--457.Google ScholarGoogle Scholar
  54. A. Narayanan, N. Thiagarajan, M. Lakhani, M. Hamburg, and D. Boneh. 2011. Location privacy via private proximity testing. In Network and Distributed System Security (NDSS’11). The Internet Society.Google ScholarGoogle Scholar
  55. J. B. Nielsen, P. S. Nordholt, C. Orlandi, and S. S. Burra. 2012. A new approach to practical active-secure two-party computation. In Advances in Cryptology -- CRYPTO’12 (LNCS), Vol. 7417. Springer, 681--700. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. NIST. 2012. NIST Special Publication 800-57, Recommendation for Key Management Part 1: General (Rev. 3). Technical Report. National Institute of Standards and Technology (NIST), Gaithersburg (Maryland), US.Google ScholarGoogle Scholar
  57. O. Oksuz, I. Leontiadis, S. Chen, A. Russell, Q. Tang, and B. Wang. 2017. SEVDSI: Secure, Efficient and Verifiable Data Set Intersection. Cryptology ePrint Archive, Report 2017/215. (2017). http://ia.cr/2017/215.Google ScholarGoogle Scholar
  58. M. Orrù, E. Orsini, and P. Scholl. 2017. Actively secure 1-out-of-N OT extension with application to private set intersection. In Topics in Cryptology—CT-RSA’17 (LNCS), Vol. 10159. Springer, 381--396.Google ScholarGoogle Scholar
  59. R. Pagh and F. F. Rodler. 2001. Cuckoo hashing. In European Symposium on Algorithms (ESA’01) (LNCS), Vol. 2161. Springer, 121--133. Google ScholarGoogle ScholarCross RefCross Ref
  60. R. Pagh and F. F. Rodler. 2004. Cuckoo hashing. J. Algorithms 51, 2 (2004), 122--144. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. B. Pinkas, T. Schneider, G. Segev, and M. Zohner. 2015. Phasing: Private set intersection using permutation-based hashing. In USENIX Security Symposium 2015. USENIX, 515--530. http://eprint.iacr.org/2015/634.Google ScholarGoogle Scholar
  62. B. Pinkas, T. Schneider, N. P. Smart, and S. C. Williams. 2009. Secure two-party computation is practical. In Advances in Cryptology—ASIACRYPT’09 (LNCS), Vol. 5912. Springer, 250--267. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. B. Pinkas, T. Schneider, and M. Zohner. 2014. Faster private set intersection based on OT extension. In USENIX Security Symposium 2014. USENIX, 797--812. http://eprint.iacr.org/2014/447.Google ScholarGoogle Scholar
  64. M. Raab and A. Steger. 1998. “Balls into bins”—A simple and tight analysis. In Randomization and Approximation Techniques in Computer Science (RANDOM’98) (LNCS), Vol. 1518. Springer, 159--170.Google ScholarGoogle Scholar
  65. P. Rindal and M. Rosulek. 2016. Faster malicious 2-party secure computation with online/offline dual execution. In USENIX Security Symposium 2016. USENIX.Google ScholarGoogle Scholar
  66. P. Rindal and M. Rosulek. 2017a. Improved private set intersection against malicious adversaries. In Advances in Cryptology—EUROCRYPT’17 (LNCS), Vol. 10210. Springer, 235--259. Google ScholarGoogle ScholarCross RefCross Ref
  67. P. Rindal and M. Rosulek. 2017b. Malicious-secure private set intersection via dual execution. Forthcoming. In Computer and Communications Security (CCS’17). ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. T. Schneider and M. Zohner. 2013. GMW vs. Yao? Efficient secure two-party computation with low depth circuits. In Financial Cryptography and Data Security (FC’13) (LNCS), Vol. 7859. Springer, 275--292.Google ScholarGoogle Scholar
  69. R. Schürer and W. Schmid. 2006. Monte Carlo and Quasi-Monte Carlo Methods 2004. Springer, Chap. MinT: A Database for Optimal Net Parameters, 457--469.Google ScholarGoogle Scholar
  70. A. Shamir. 1980. On the power of commutativity in cryptography. In International Colloquium on Automata, Languages and Programming (ICALP’80) (LNCS), Vol. 85. Springer, 582--595. Google ScholarGoogle ScholarCross RefCross Ref
  71. S. Tamrakar, J. Liu, A. Paverd, J.-E. Ekberg, B. Pinkas, and N. Asokan. 2017. The circle game: Scalable private membership test using trusted hardware. In Computer and Communications Security (ASIACCS’17). ACM, 31--44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  72. A. C. Yao. 1986. How to generate and exchange secrets. In Foundations of Computer Science (FOCS’86). IEEE, 162--167. Google ScholarGoogle ScholarDigital LibraryDigital Library
  73. S. Zahur, M. Rosulek, and D. Evans. 2015. Two halves make a whole: Reducing data transfer in garbled circuits using half gates. In Advances in Cryptology—EUROCRYPT’15 (LNCS), Vol. 9057. Springer, 220--250.Google ScholarGoogle Scholar

Index Terms

  1. Scalable Private Set Intersection Based on OT Extension

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Privacy and Security
      ACM Transactions on Privacy and Security  Volume 21, Issue 2
      May 2018
      159 pages
      ISSN:2471-2566
      EISSN:2471-2574
      DOI:10.1145/3175499
      Issue’s Table of Contents

      Copyright © 2018 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 2 January 2018
      • Accepted: 1 October 2017
      • Revised: 1 September 2017
      • Received: 1 September 2016
      Published in tops Volume 21, Issue 2

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Research
      • Refereed

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!