Private set intersection: New generic constructions and feasibility results

Paolo D'Arco; María Isabel González Vasco; Angel L. Pérez del Pozo; Claudio Soriente; Rainer Steinwandt

doi:10.3934/amc.2017040

Article Contents

2017, Volume 11, Issue 3: 481-502. Doi: 10.3934/amc.2017040

This issue Previous Article The weight distributions of constacyclic codes Next Article Relative generalized Hamming weights of q-ary Reed-Muller codes

Private set intersection: New generic constructions and feasibility results

1.
Dipartimento di Informatica, University of Salerno, 84084 Fisciano (SA), Italy
2.
MACIMTE, Area de Matemática Aplicada, U. Rey Juan Carlos, c/ Tulipán, s/n, 28933, Móstoles, Madrid, Spain
3.
Telefónica Research, Barcelona, Spain
4.
Florida Atlantic University (FAU), 777 Glades Rd, Boca Raton, FL 33431, USA

* Corresponding author
* Corresponding author

Received: June 30, 2015

Revised: November 30, 2015

Published: September 2017

The first three and the last author were partially supported by the Spanish Ministerio de Economía y Competitividad through the project grant MTM-2010-15167. This research is also partially supported by the Italian PRIN project GenData 2020.

Abstract Full Text(HTML) Figure(8) / Table(1) Related Papers Cited by

Abstract

In this paper we focus on protocols for private set intersection (PSI), through which two parties, each holding a set of inputs drawn from a ground set, jointly compute the intersection of their sets. Ideally, no further information than which elements are actually shared is compromised to the other party, yet the input set sizes are often considered as admissible leakage.

In the unconditional setting we evidence that PSI is impossible to realize and that unconditionally secure size-hiding PSI is possible assuming a set-up authority is present in an set up phase. In the computational setting we give a generic construction using smooth projective hash functions for languages derived from perfectly-binding commitments. Further, we give two size-hiding constructions: the first one is theoretical and evidences the equivalence between PSI, oblivious transfer and the secure computation of the AND function. The second one is a twist on the oblivious polynomial evaluation construction of Freedman et al. from EUROCRYPT 2004. We further sketch a generalization of the latter using algebraic-geometric techniques. Finally, assuming again there is a set-up authority (yet not necessarily trusted) we present very simple and efficient constructions that only hide the size of the client's set.

Keywords:

Mathematics Subject Classification: Primary: 94A60; Secondary: 68P99.

Citation:

Full Text(HTML)

Figure 1. An unconditionally secure size-hiding set intersection protocol

Download: Full-size image PowerPoint slide

Figure 2. A generic PSI protocol from smooth projective hashing

Download: Full-size image PowerPoint slide

Figure 3. A computationally secure size-hiding set intersection protocol

Download: Full-size image PowerPoint slide

Figure 4. OT protocol based on trapdoor permutations

Download: Full-size image PowerPoint slide

Figure 5. Polynomial-based construction for $|\mathcal{C}|,|\mathcal{S}| \le M$

Download: Full-size image PowerPoint slide

Figure 6. Algebraic PSI construction for $|\mathcal{C}|,|\mathcal{S}| \le M$

Download: Full-size image PowerPoint slide

Figure 7. The PRF-PSI-protocol

Download: Full-size image PowerPoint slide

Figure 8. Setup phase of the OPRF-PSI-protocol

Download: Full-size image PowerPoint slide

Table 1. Performance comparison of SPH-based implementations vs prior public key implementations for PSI

Protocol	Comm. Overhead	Server Exp.	Client Exp.
[20]	$\mathcal{O}(v + w)$	$\mathcal{O}(w(\log\log v))$	$\mathcal{O}(w+v)$
[31]	$\mathcal{O}(w +v)$	$\mathcal{O}(vw)$	$\mathcal{O}(v+w)$
SPH-DDH	$\mathcal{O}(vw)$	$\mathcal{O}(vw)$	$\mathcal{O}(v)$

| Show Table

DownLoad: CSV

Related Papers

Cited by

References

[1]	M. Abdalla, F. Benhamouda, O. Blazy, C. Chevalier and D. Pointcheval, SPHF-friendly noninteractive commitments, in Adv. Crypt. – ASIACRYPT 2013, Springer, 2013,214–234. doi: 10.1007/978-3-642-42033-7_12.
[2]	F. Armknecht, D. Augot, L. Perret and A. -R. Sadeghi, On constructing homomorphic encryption schemes from coding theory, in Crypt. Coding (ed. L. Chen), Springer, 2011, 23–40. doi: 10.1007/978-3-642-25516-8_3.
[3]	G. Ateniese, E. De Cristofaro and G. Tsudik, (If) size matters: size-hiding private set intersection, in Publ. Key Crypt. – PKC 2011 (eds. D. Catalano et al), Springer, 2011,156–173. doi: 10.1007/978-3-642-19379-8_10.
[4]	P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti and G. Tsudik, Countering GATTACA: efficient and secure testing of fully-sequenced human genomes, in ACM Conference on Computer and Communications Security – CCS 2011 (eds. Y. Chen ea al), ACM, 2011,691–702.
[5]	J. Camenisch and G. M. Zaverucha, Private intersection of certified sets, in Financial Crypt. Data Sec. – FC 2009 (eds. R. Dingledine et al), IFCA, Springer, 2009,108–127.
[6]	M. Chase and I. Visconti, Secure database commitments and universal arguments of quasi knowledge, in Advances in Cryptology – CRYPTO 2012(eds. R. Safavi-Naini et al), Springer, 2012,236–254. doi: 10.1007/978-3-642-32009-5_15.
[7]	H. Chen and R. Cramer, Algebraic geometric secret sharing schemes and secure multi-party computations over small fields, in Adv. Crypt. – CRYPTO 2006(ed. C. Dwork), Springer, 2006,521–536. doi: 10.1007/11818175_31.
[8]	R. Cramer, Introduction to secure computation, in Lect. Data Sec. (ed. Ⅰ. Damgård), Springer, 1999, 16–62. doi: 10.1007/3-540-48969-X.
[9]	R. Cramer and V. Shoup, Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption, in Adv. Crypt. – EUROCRYPT 2002(ed. L. R. Knudsen), Springer, 2002, 45–64. doi: 10.1007/3-540-46035-7_4.
[10]	E. De Cristofaro, S. Faber and G. Tsudik, Secure genomic testing with size-and positionhiding private substring matching, in ACM Workshop Priv. Electr. Soc. – WPES'13(eds. A. -R. Sadeghi et al), ACM, 2013,107–118.
[11]	E. De Cristofaro, S. Jarecki, J. Kim and G. Tsudik, Privacy-preserving policy-based information transfer, in Priv. Enhanc. Techn. – PETS 2009(eds. Ⅰ. Goldberg et al), Springer, 2009,164–184.
[12]	E. De Cristofaro, J. Kim and G. Tsudik, Linear-complexity private set intersection protocols secure in malicious model, in Adv. Crypt. – ASIACRYPT 2010(ed. M. Abe), Springer, 2010,213–231.
[13]	E. De Cristofaro and G. Tsudik, Practical private set intersection protocols with linear complexity, in Financial Crypt. Data Sec. – FC 2010(ed. R. Sion), IFCA, Springer, 2010,143– 159.
[14]	D. Dachman-Soled, T. Malkin, M. Raykova and M. Yung, Efficient robust private set intersection, in Appl. Crypt. Netw. Sec. – ACNS 2009(eds. M. Abdalla et al), Springer, 2009,125–142. doi: 10.1504/IJACT.2012.048080.
[15]	D. Dachman-Soled, T. Malkin, M. Raykova and M. Yung, Secure efficient multiparty computing of multivariate polynomials and applications, in Applied Cryptography and Network Security – ACNS 2011(eds. J. Lopez et al), Springer, 2011,130–146.
[16]	P. D'Arco, M. I. González Vasco, A. L. Pérez del Pozo and C. Soriente, Size-hiding in private set intersection: existential results and constructions, in Progr. Crypt. – AFRICACRYPT 2012(eds. A. Mitrokotsa et al), Springer, 2012,378–394. doi: 10.1007/978-3-642-31410-0_23.
[17]	C. Dong, L. Chen and Z. Wen, When private set intersection meets big data: an efficient and scalable protocol, in ACM SIGSAC Conf. Comp. Commun. Sec. – CCS 2013(eds. A. -R. Sadeghi et al), ACM, 2013,789–800.
[18]	S. Even, O. Goldreich and A. Lempel, A randomized protocol for signing contracts, Commun. ACM, 28 (1985), 637-647. doi: 10.1145/3812.3818.
[19]	M. J. Freedman, Y. Ishai, B. Pinkas and O. Reingold, Keyword search and oblivious pseudorandom functions, in Theory Crypt. – TCC 2005(ed. J. Kilian), Springer, 2005,303–324. doi: 10.1007/978-3-540-30576-7_17.
[20]	M. J. Freedman, K. Nissim and B. Pinkas, Efficient private matching and set intersection, in Adv. Crypt. – EUROCRYPT 2004(eds. C. Cachin et al), Springer, 2004, 1–19. doi: 10.1007/978-3-540-24676-3_1.
[21]	K. Frikken, Privacy-preserving set union, in Applied Crypt. Netw. Sec. – ACNS 2007(eds. J. Katz et al), Springer, 2007,237–252.
[22]	R. Gennaro and Y. Lindell, A framework for password-based authenticated key exchange (extended abstract), in Adv. Crypt. – EUROCRYPT 2003(ed. E. Biham), Springer, 2003,524–543. doi: 10.1007/3-540-39200-9_33.
[23]	O. Goldreich, Foundations of Cryptography, Volume Ⅱ. Basic Applications Cambridge Press, 2004. doi: 10.1017/CBO9780511721656.002.
[24]	C. Hazay and Y. Lindell, Constructions of truly practical secure protocols using standard smartcards, in Proc. 15th ACM Conf. Comp. Commun. Sec. , ACM, 2008,491–500.
[25]	C. Hazay and Y. Lindell, Efficient protocols for set intersection and pattern matching with security against malicious an covert adversaries, in Theory Crypt. – TCC 2008(ed. R. Canetti), Springer, 2008,155–175. doi: 10.1007/978-3-540-78524-8_10.
[26]	Y. Huang, D. Evans and J. Katz, Private set intersection: Are garbled circuits better than custom protocols? in Network and Distributed System Security Symposium (NDSS) The Internet Soc. , 2012.
[27]	S. Jarecki and X. Liu, Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection, in Theory Crypt. – TCC 2009(ed. O. Reingold), Springer, 2009,577–594. doi: 10.1007/978-3-642-00457-5_34.
[28]	S. Jarecki and X. Liu, Fast secure computation of set intersection, in Sec. Crypt. Netw. – SCN 2010(eds. J. A. Garay et al), Springer, 2010,418–435.
[29]	J. Katz and Y. Lindell, Introduction to modern cryptography in Cryptography and Network Security Series Chapman & Hall/CRC, 2007.
[30]	F. Kerschbaum, Outsourced private set intersection using homomorphic encryption, in ACM Symp. Inf. Comp. Commun. Sec. – ASIACCS 2012, ACM, 2012, 85–86.
[31]	L. Kissner and D. Song, Privacy-preserving set operations, in Adv. Crypt. – CRYPTO 2005(ed. Ⅴ. Shoup), Springer, 2005,241–257. doi: 10.1007/11535218_15.
[32]	Y. Lindell, K. Nissim and C. Orlandi, Hiding the input-size in secure two-party computation, in Adv. Crypt. – ASIACRYPT 2013(eds. K. Sako et al), Springer, 2013,421–440. doi: 10.1007/978-3-642-42045-0_22.
[33]	R. Miranda, Algebraic Curves and Riemann Surfaces volume 5,1995. doi: 10.1090/gsm/005.
[34]	C. Moreno, Algebraic Curves over Finite Fields Cambridge Univ. Press, 1991. doi: 10.1017/CBO9780511608766.
[35]	M. Naor and O. Reingold, Number-theoretic constructions of efficient pseudo-random functions, J. ACM, 51 (2004), 231-262. doi: 10.1145/972639.972643.
[36]	R. Nojima and Y. Kadobayashi, Cryptographically secure bloom-filters, Trans. Data Privacy, 2 (2009), 131-139.
[37]	P. Paillier, Public-key cryptosystems based on composite degree residuosity classes, in Adv. Crypt. – EUROCRYPT'99(ed. J. Stern), Springer, 1999,223–238. doi: 10.1007/3-540-48910-X_16.
[38]	B. Pinkas, T. Schneider, G. Segev and M. Zohner, Phasing: private set intersection using permutation-based hashing, in 24rd USENIX Sec. Symp. , USENIX Assoc. , 2015,515–530.
[39]	B. Pinkas, T. Schneider and M. Zohner, Faster private set intersection based on OT extension, in 23rd USENIX Sec. Symp. , USENIX Assoc. , 2014,797–812.
[40]	M. Rabin, How to Exchange Secrets by Oblivious Transfer Technical Report TR-81, Aiken Comput. Lab. , Harvard Univ. , 1981.
[41]	R. Rivest, Unconditionally secure commitment and oblivious transfer schemes using private channels and a trusted initializer 1999, available at http://people.csail.mit.edu/rivest/publications.html