# American Institute of Mathematical Sciences

February  2018, 12(1): 17-47. doi: 10.3934/amc.2018002

## Private set-intersection with common set-up

 Department of Computer Science and Automation, Indian Institute of Science, Bangalore 560012, India

* Corresponding author: Sanjit Chatterjee

Current affilation: IST Austria

Received  September 2015 Revised  June 2016 Published  March 2018

The problem of private set-intersection (PSI) has been traditionally treated as an instance of the more general problem of multi-party computation (MPC). Consequently, in order to argue security, or compose these protocols one has to rely on the general theory that was developed for the purpose of MPC. The pursuit of efficient protocols, however, has resulted in designs that exploit properties pertaining to PSI. In almost all practical applications where a PSI protocol is deployed, it is expected to be executed multiple times, possibly on related inputs. In this work we initiate a dedicated study of PSI in the multi-interaction (MI) setting. In this model a server sets up the common system parameters and executes set-intersection multiple times with potentially different clients. We discuss a few attacks that arise when protocols are naïvely composed in this manner and, accordingly, craft security definitions for the MI setting and study their inter-relation. Finally, we suggest a set of protocols that are MI-secure, at the same time almost as efficient as their parent, stand-alone, protocols.

Citation: Sanjit Chatterjee, Chethan Kamath, Vikas Kumar. Private set-intersection with common set-up. Advances in Mathematics of Communications, 2018, 12 (1) : 17-47. doi: 10.3934/amc.2018002
##### References:

show all references

##### References:
Relationship between the security definitions for server privacy. $\textsf{A}\rightarrow\textsf{B}$ implies that if a protocol is secure according to definition $\textsf{A}$, then it is also secure according to definition $\textsf{B}$. $\textsf{A} \nrightarrow \textsf{B}$ indicates a separation.
Relationship between the security definitions for client privacy
Protocol Σ
Protocol Π
Protocol Ψ
Protocol F4
F3-protocol in a general cyclic-group setting
Protocol Σ: reduction for server unlinkability
Protocol Π: security argument for server privacy
Protocol Ψ: security argument for server privacy
Comparison of protocols; cardinality of client (resp. server) set is $v$ (resp. $w$). In protocols F4, $\Sigma$ and $\Pi$ the server takes $v+w$ exponentiations where both the exponent and modulus are of size $|N|$ bits. Since the server knows the factorization of $N$ ($p$ and $q$), by using the Chinese remainder theorem, the computation cost for the server can be reduced to $2(v+w)$ exponentiations, where both the exponent and modulus are of size $|N|/2$ bits (refer to [36,Fact 14.75] and [21]). Note that we give an improved security analysis of protocol F3 (the original reduction is based on one-more GDH assumption). See §5 for further details
 Protocol MI-secure Computation (Exp.)(bits) Communication Assumption Client Server F4 [20] No $v$ $2(v+w)$ $2v|N|+w\tau$ $\textsf{OMRSA}$ $\Sigma$ No $v$ $2(v+w)$ $2v|N|+w\tau +l$ $\textsf{RSA}$ $\Pi$ Yes $v$ $2(v+w)$ $2v|N|+w\tau +l$ $\textsf{RSA}$ $\Psi$ Yes $2v$ $v+w$ $2v|p| + w\tau$ $\textsf{GDH}$ F3 [20] Yes $2v+2$ $v+w+1$ $2(v+1)|p|+w\tau$ $\textsf{GDH}$
 Protocol MI-secure Computation (Exp.)(bits) Communication Assumption Client Server F4 [20] No $v$ $2(v+w)$ $2v|N|+w\tau$ $\textsf{OMRSA}$ $\Sigma$ No $v$ $2(v+w)$ $2v|N|+w\tau +l$ $\textsf{RSA}$ $\Pi$ Yes $v$ $2(v+w)$ $2v|N|+w\tau +l$ $\textsf{RSA}$ $\Psi$ Yes $2v$ $v+w$ $2v|p| + w\tau$ $\textsf{GDH}$ F3 [20] Yes $2v+2$ $v+w+1$ $2(v+1)|p|+w\tau$ $\textsf{GDH}$
 [1] Neal Koblitz, Alfred Menezes. Critical perspectives on provable security: Fifteen years of "another look" papers. Advances in Mathematics of Communications, 2019, 13 (4) : 517-558. doi: 10.3934/amc.2019034 [2] Paolo D'Arco, María Isabel González Vasco, Angel L. Pérez del Pozo, Claudio Soriente, Rainer Steinwandt. Private set intersection: New generic constructions and feasibility results. Advances in Mathematics of Communications, 2017, 11 (3) : 481-502. doi: 10.3934/amc.2017040 [3] Neal Koblitz, Alfred Menezes. Another look at security definitions. Advances in Mathematics of Communications, 2013, 7 (1) : 1-38. doi: 10.3934/amc.2013.7.1 [4] Isabelle Déchène. On the security of generalized Jacobian cryptosystems. Advances in Mathematics of Communications, 2007, 1 (4) : 413-426. doi: 10.3934/amc.2007.1.413 [5] Archana Prashanth Joshi, Meng Han, Yan Wang. A survey on security and privacy issues of blockchain technology. Mathematical Foundations of Computing, 2018, 1 (2) : 121-147. doi: 10.3934/mfc.2018007 [6] Philip Lafrance, Alfred Menezes. On the security of the WOTS-PRF signature scheme. Advances in Mathematics of Communications, 2019, 13 (1) : 185-193. doi: 10.3934/amc.2019012 [7] Riccardo Aragona, Alessio Meneghetti. Type-preserving matrices and security of block ciphers. Advances in Mathematics of Communications, 2019, 13 (2) : 235-251. doi: 10.3934/amc.2019016 [8] Jian Mao, Qixiao Lin, Jingdong Bian. Application of learning algorithms in smart home IoT system security. Mathematical Foundations of Computing, 2018, 1 (1) : 63-76. doi: 10.3934/mfc.2018004 [9] Liqun Qi, Zheng yan, Hongxia Yin. Semismooth reformulation and Newton's method for the security region problem of power systems. Journal of Industrial & Management Optimization, 2008, 4 (1) : 143-153. doi: 10.3934/jimo.2008.4.143 [10] Meenakshi Kansal, Ratna Dutta, Sourav Mukhopadhyay. Group signature from lattices preserving forward security in dynamic setting. Advances in Mathematics of Communications, 2019, 0 (0) : 0-0. doi: 10.3934/amc.2020027 [11] Zongmin Li, Jiuping Xu, Wenjing Shen, Benjamin Lev, Xiao Lei. Bilevel multi-objective construction site security planning with twofold random phenomenon. Journal of Industrial & Management Optimization, 2015, 11 (2) : 595-617. doi: 10.3934/jimo.2015.11.595 [12] Jose-Luis Roca-Gonzalez. Designing dynamical systems for security and defence network knowledge management. A case of study: Airport bird control falconers organizations. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1311-1329. doi: 10.3934/dcdss.2015.8.1311 [13] Shuai Ren, Tao Zhang, Fangxia Shi, Zongzong Lou. The application of improved-DAA for the vehicle network node security in single- and multi-trusted domain. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1301-1309. doi: 10.3934/dcdss.2015.8.1301 [14] Yang Lu, Jiguo Li. Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model. Advances in Mathematics of Communications, 2017, 11 (1) : 161-177. doi: 10.3934/amc.2017010 [15] Stamatios Katsikas, Vassilli Kolokoltsov. Evolutionary, mean-field and pressure-resistance game modelling of networks security. Journal of Dynamics & Games, 2019, 6 (4) : 315-335. doi: 10.3934/jdg.2019021 [16] Ettore Fornasini, Telma Pinho, Raquel Pinto, Paula Rocha. Composition codes. Advances in Mathematics of Communications, 2016, 10 (1) : 163-177. doi: 10.3934/amc.2016.10.163 [17] Pablo Sánchez, Jaume Sempere. Conflict, private and communal property. Journal of Dynamics & Games, 2016, 3 (4) : 355-369. doi: 10.3934/jdg.2016019 [18] Haim Brezis, Petru Mironescu. Composition in fractional Sobolev spaces. Discrete & Continuous Dynamical Systems - A, 2001, 7 (2) : 241-246. doi: 10.3934/dcds.2001.7.241 [19] Michał Misiurewicz. On Bowen's definition of topological entropy. Discrete & Continuous Dynamical Systems - A, 2004, 10 (3) : 827-833. doi: 10.3934/dcds.2004.10.827 [20] Serafin Bautista, Carlos A. Morales. On the intersection of sectional-hyperbolic sets. Journal of Modern Dynamics, 2015, 9: 203-218. doi: 10.3934/jmd.2015.9.203

2018 Impact Factor: 0.879