Abstract
We introduce cryptographic protocols for securely and efficiently computing the cardinality of set union and set intersection. Our private set-cardinality protocols (PSC) are designed for the setting in which a large set of parties in a distributed system makes observations, and a small set of parties with more resources and higher reliability aggregates the observations. PSC allows for secure and useful statistics gathering in privacy-preserving distributed systems. For example, it allows operators of anonymity networks such as Tor to securely answer the questions: How many unique users are using the network? and How many hidden services are being accessed?
We prove the correctness and security of PSC in the Universal Composability framework against an active adversary that compromises all but one of the aggregating parties. Although successful output cannot be guaranteed in this setting, PSC either succeeds or terminates with an abort, and we furthermore make the adversary accountable for causing an abort by blaming at least one malicious party. We also show that PSC prevents adaptive corruption of the data parties from revealing past observations, which prevents them from being victims of targeted compromise, and we ensure safe measurements by making outputs differentially private.
We present a proof-of-concept implementation of PSC and use it to demonstrate that PSC operates with low computational overhead and reasonable bandwidth. It can count tens of thousands of unique observations from tens to hundreds of data-collecting parties while completing within hours. PSC is thus suitable for daily measurements in a distributed system.
- [1] . 2017. A full proof of the BGW protocol for perfectly secure multiparty computation. Journal of Cryptology 30, 1 (2017).Google Scholar
Digital Library
- [2] . 2016. Efficient secure multiparty computation with identifiable abort. In Theory of Cryptography Conference (TCC’16).Google Scholar
Digital Library
- [3] . 2020. Efficient constant-round MPC with identifiable abort and public verifiability. In Annual International Cryptology Conference (Crypto’20).Google Scholar
Digital Library
- [4] . 2012. Efficient zero-knowledge argument for correctness of a shuffle. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt).Google Scholar
Digital Library
- [5] . 1993. Random oracles are practical: A paradigm for designing efficient protocols. In ACM Conference on Computer and Communications Security (CCS’93).Google Scholar
Digital Library
- [6] . 1994. Dense probabilistic encryption. In Workshop on Selected Areas of Cryptography (SAC’94).Google Scholar
- [7] . 2013. A learning theory approach to noninteractive database privacy. Journal of the ACM (JACM’13) 60, 2 (2013).Google Scholar
- [8] . 2005. Efficient cryptographic protocol design based on distributed El Gamal encryption. In International Conference on Information Security and Cryptology (ICISC’05).Google Scholar
- [9] . 2018. Bulletproofs: Short proofs for confidential transactions and more. In IEEE Symposium on Security and Privacy (S&P’18).Google Scholar
- [10] . 2017. Practical UC-secure delegatable credentials with attributes and their application to blockchain. In ACM Conference on Computer and Communications Security (CCS’17).Google Scholar
Digital Library
- [11] . 2001. Universally composable security: A new paradigm for cryptographic protocols. In Foundations of Computer Science (FOCS’01).Google Scholar
- [12] . 2002. Universally composable two-party and multi-party secure computation. In Symposium on Theory of Computing (STOC’02).Google Scholar
- [13] . 2020. Differentially-private multi-party sketching for large-scale statistics. Proceedings on Privacy Enhancing Technologies 3 (2020).Google Scholar
- [14] . 2010. On \( \Sigma \)-protocols.
Lecture Notes on Cryptologic Protocol Theory, v.2. Google Scholar - [15] . 2012. Multiparty computation from somewhat homomorphic encryption. In Annual International Cryptology Conference (Crypto).Google Scholar
Digital Library
- [16] . 2012. Fast and private computation of cardinality of set intersection and union. In International Conference on Cryptology and Network Security (CANS’12).Google Scholar
Cross Ref
- [17] . 2020. Go Par package for parallel for-loops. https://github.com/danieldk/par.Google Scholar
- [18] . 2004. Tor: The second-generation onion router. In USENIX Security Symposium (USENIX’04).Google Scholar
- [19] . 1983. Authenticated algorithms for Byzantine agreement. SIAM J. Comput. 12, 4 (1983).Google Scholar
Digital Library
- [20] . 2003. Loglog counting of large cardinalities. In European Symposium on Algorithms (ESA’03).Google Scholar
- [21] . 2006. Our data, ourselves: Privacy via distributed noise generation. In Advances in Cryptology (Eurocrypt’06).Google Scholar
- [22] . 2006. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference (TCC’06).Google Scholar
Digital Library
- [23] . 2014. The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science 9, 3–4 (2014).Google Scholar
Digital Library
- [24] . 2015. Privately computing set-union and set-intersection cardinality via Bloom filters. In Australasian Conference on Information Security and Privacy.Google Scholar
Cross Ref
- [25] . 2014. PrivEx: Private collection of traffic statistics for anonymous communication networks. In ACM Conference on Computer and Communications Security (CCS’14).Google Scholar
Digital Library
- [26] . 2017. Distributed measurement with private set-union cardinality. In ACM Conference on Computer and Communications Security (CCS’17). ACM.Google Scholar
Digital Library
- [27] . 1987. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology (CRYPTO’86).Google Scholar
- [28] . 2004. Efficient private matching and set intersection. In Advances in Cryptology (Eurocrypt’04).Google Scholar
- [29] . 2003. An implementation of a universally verifiable electronic voting scheme based on shuffling. In Financial Cryptography (FC’02).Google Scholar
- [30] . 2001. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press.Google Scholar
Cross Ref
- [31] . 1987. How to play ANY mental game. In ACM Symposium on Theory of Computing (STOC’87).Google Scholar
- [32] . 1994. Definitions and properties of zero-knowledge proof systems. Journal of Cryptology 7, 1 (1994).Google Scholar
Digital Library
- [33] . 2003. A verifiable secret shuffle of homomorphic encryptions. In Theory and Practice in Public Key Cryptography (PKC’03).Google Scholar
- [34] . 2006. Perfect non-interactive zero knowledge for NP. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT’06).Google Scholar
Digital Library
- [35] . 2012. Efficient RSA key generation and threshold Paillier in the two-party setting. In Topics in Cryptology – CT-RSA.Google Scholar
- [36] . 2012. Efficient set operations in the presence of malicious adversaries. Journal of Cryptology 25, 3 (2012).Google Scholar
Digital Library
- [37] . 2010. Private record matching using differential privacy. In International Conference on Extending Database Technology.Google Scholar
Digital Library
- [38] . 2014. Secure multi-party computation with identifiable abort. In Annual Cryptology Conference (CRYPTO’14).Google Scholar
Cross Ref
- [39] . 2016. Safely measuring Tor. In ACM Conference on Computer and Communications Security (CCS’16).Google Scholar
Digital Library
- [40] . 2014. On the ‘semantics’ of differential privacy: A Bayesian formulation. Journal of Privacy and Confidentiality 6, 1 (2014).Google Scholar
Cross Ref
- [41] . 2013. Universally composable synchronous computation. In Theory of Cryptography Conference (TCC’13).Google Scholar
Digital Library
- [42] . 2016. Fair and robust multi-party computation using a global transaction ledger. In Advances in Cryptology (EUROCRYPT’16).Google Scholar
- [43] . 2005. Privacy-preserving set operations. In Annual International Cryptology Conference (Crypto’05).Google Scholar
Cross Ref
- [44] kyber. 2020. kyber: DEDIS Advanced Crypto Library for Go. https://godoc.org/go.dedis.ch/kyber.Google Scholar
- [45] . 2014. Dishonest majority multi-party computation for binary circuits. In Annual International Cryptology Conference (Crypto’14).Google Scholar
Cross Ref
- [46] . 2005. Secure multiparty computation for privacy preserving data mining. In Encyclopedia of Data Warehousing and Mining. 1005–1009.Google Scholar
Cross Ref
- [47] . 2015. An efficient transform from sigma protocols to NIZK with a CRS and non-programmable random oracle. In Theory of Cryptography (TCC’15).Google Scholar
- [48] . 2015. Efficient constant round multi-party computation combining BMR and SPDZ. In Annual Cryptology Conference (Crypto’15).Google Scholar
Digital Library
- [49] . 2017. Histor\( \epsilon \): Differentially private and robust statistics collection for Tor. In Network and Distributed System Security Symposium (NDSS’17).Google Scholar
- [50] . 2008. Shining light in dark places: Understanding the Tor network. In Privacy Enhancing Technologies Symposium (PETS’08).Google Scholar
- [51] . 2007. Mechanism design via differential privacy. In Foundations of Computer Science (FOCS’07).Google Scholar
- [52] . 2016. Efficient private statistics with succinct sketches. In Network and Distributed System Security Symposium (NDSS’16).Google Scholar
- [53] . 2001. A verifiable secret shuffle and its application to e-voting. In ACM Conference on Computer and Communications Security (CCS’01).Google Scholar
Digital Library
- [54] . 2004. Verifiable shuffles: A formal model and a Paillier-based efficient construction with provable security. In Applied Cryptography and Network Security (ACNS’04).Google Scholar
Cross Ref
- [55] . 2007. Smooth sensitivity and sampling in private data analysis. In Symposium on Theory of Computing (STOC’07).Google Scholar
- [56] . 2016. Ethical considerations in network measurement papers. Commun. ACM 59, 10 (2016).Google Scholar
Digital Library
- [57] . 2015. Combining differential privacy and secure multiparty computation. In Annual Computer Security Applications Conference (ACSAC’15).Google Scholar
Digital Library
- [58] . 2004. The random oracle methodology, revisited. Journal of the ACM (JACM’04) 51, 4 (2004).Google Scholar
- [59] . 1991. Efficient signature generation by smart cards. Journal of Cryptology 4, 3 (1991).Google Scholar
Digital Library
- [60] . 2011. Enforced community standards for research on users of the Tor anonymity network. In Workshop on Ethics in Computer Security Research (WECSR’11).Google Scholar
- [61] . 2017. Distributed cardinality estimation of set operations with differential privacy. In IEEE Symposium on Privacy-Aware Computing (PAC’17).Google Scholar
- [62] . 2001. Chord: A scalable peer-to-peer lookup service for internet applications. In Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’01).Google Scholar
Digital Library
- [63] . 2021. Alternative Elliptic Curve Representations.
Internet-Draft draft-ietf-lwig-curve-representations-20. Internet Engineering Task Force.Work in Progress. Google Scholar - [64] Tor Metrics. 2020. https://metrics.torproject.org/.Google Scholar
- [65] . 2005. Secure set intersection cardinality with application to association rule mining. Journal of Computer Security 13, 4 (2005).Google Scholar
Digital Library
- [66] . 2008. Protocol Buffers: Google’s Data Interchange Format. https://opensource.googleblog.com/2008/07/protocol-buffers-googles-data.html.Google Scholar
- [67] . 2019. Stormy: Statistics in Tor by measuring securely. ACM Conference on Computer and Communications Security (CCS’19).Google Scholar
- [68] . 2017. Global-scale secure multiparty computation. In ACM Conference on Computer and Communications Security (CCS’17).Google Scholar
Digital Library
- [69] . 2005. A sender verifiable mix-net and a new proof of a shuffle. In International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT’05).Google Scholar
Digital Library
Index Terms
Accountable Private Set Cardinality for Distributed Measurement
Recommendations
Distributed Measurement with Private Set-Union Cardinality
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityThis paper introduces a cryptographic protocol for efficiently aggregating a count of unique items across a set of data parties privately - that is, without exposing any information other than the count. Our protocol allows for more secure and useful ...
Multi Party Distributed Private Matching, Set Disjointness and Cardinality of Set Intersection with Information Theoretic Security
CANS '09: Proceedings of the 8th International Conference on Cryptology and Network SecurityIn this paper, we focus on the specific problems of Private Matching, Set Disjointness and Cardinality of Set Intersection in <em>information theoretic</em> settings. Specifically, we give <em>perfectly secure protocols</em> for the above problems in <...
Efficient Private Set Intersection Cardinality Protocol in the Reverse Unbalanced Setting
Information SecurityAbstractPrivate set intersection cardinality (PSI-CA) is a variant of private set intersection (PSI) that allows two parties, the sender and the receiver, to compute the cardinality of the intersection without leaking anything more to the other party. It’...






Comments