Vladimir Kolesnikov
ABSTRACT
We describe a lightweight protocol for oblivious evaluation of a pseudorandom function (OPRF) in the presence of semihonest adversaries. In an OPRF protocol a receiver has an input r; the sender gets output s and the receiver gets output F(s; r), where F is a pseudorandom function and s is a random seed. Our protocol uses a novel adaptation of 1-out-of-2 OT-extension protocols, and is particularly efficient when used to generate a large batch of OPRF instances. The cost to realize m OPRF instances is roughly the cost to realize 3:5m instances of standard 1-out-of-2 OTs (using state-of-the-art OT extension). We explore in detail our protocol's application to semihonest secure private set intersection (PSI). The fastest state-of- the-art PSI protocol (Pinkas et al., Usenix 2015) is based on efficient OT extension. We observe that our OPRF can be used to remove their PSI protocol's dependence on the bit-length of the parties' items. We implemented both PSI protocol variants and found ours to be 3.1{3.6 faster than Pinkas et al. for PSI of 128-bit strings and sufficiently large sets. Concretely, ours requires only 3.8 seconds to securely compute the intersection of 220-size sets, regardless of the bitlength of the items. For very large sets, our protocol is only 4:3 slower than the insecure naive hashing approach for PSI.
- Asharov, G., Lindell, Y., Schneider, T., and Zohner, M. More efficient oblivious transfer and extensions for faster secure computation. In Sadeghi et al.citeCCS13, pp. 535--548. Google Scholar
Digital Library
- Asharov, G., Lindell, Y., Schneider, T., and Zohner, M. More efficient oblivious transfer extensions with security for malicious adversaries. In EUROCRYPT 2015, Part I (Sofia, Bulgaria, Apr. 26--30, 2015), E. Oswald and M. Fischlin, Eds., vol. 9056 of LNCS, Springer, Heidelberg, Germany, pp. 673--701.Google ScholarCross Ref
- Camenisch, J., Neven, G., and shelat, a. Simulatable adaptive oblivious transfer. In EUROCRYPT 2007 (Barcelona, Spain, May 20--24, 2007), M. Naor, Ed., vol. 4515 of LNCS, Springer, Heidelberg, Germany, pp. 573--590. Google ScholarDigital Library
- Dodis, Y., and Yampolskiy, A. A verifiable random function with short proofs and keys. In PKC 2005 (Les Diablerets, Switzerland, Jan. 23--26, 2005), S. Vaudenay, Ed., vol. 3386 of LNCS, Springer, Heidelberg, Germany, pp. 416--431. Google ScholarDigital Library
- Faust, S., Hazay, C., and Venturi, D. Outsourced pattern matching. In ICALP 2013, Part II (Riga, Latvia, July 8--12, 2013), F. V. Fomin, R. Freivalds, M. Z. Kwiatkowska, and D. Peleg, Eds., vol. 7966 of LNCS, Springer, Heidelberg, Germany, pp. 545--556. Google ScholarDigital Library
- Freedman, M. J., Ishai, Y., Pinkas, B., and Reingold, O. Keyword search and oblivious pseudorandom functions. In TCC 2005 (Cambridge, MA, USA, Feb. 10--12, 2005), J. Kilian, Ed., vol. 3378 of LNCS, Springer, Heidelberg, Germany, pp. 303--324. Google ScholarDigital Library
- Goldreich, O. Foundations of Cryptography, Volume 2: Basic Applications. Cambridge University Press, The address, 2004. Google ScholarCross Ref
- Goldreich, O., Micali, S., and Wigderson, A. How to play any mental game or A completeness theorem for protocols with honest majority. In 19th ACM STOC (New York City, New York, USA, May 25--27, 1987), A. Aho, Ed., ACM Press, pp. 218--229. Google ScholarDigital Library
- Hazay, C. Oblivious polynomial evaluation and secure set-intersection from algebraic PRFs. In TCC 2015, Part II (Warsaw, Poland, Mar. 23--25, 2015), Y. Dodis and J. B. Nielsen, Eds., vol. 9015 of LNCS, Springer, Heidelberg, Germany, pp. 90--120.Google ScholarCross Ref
- Hazay, C., and Lindell, Y. Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. Journal of Cryptology 23, 3 (July 2010), 422--456. Google ScholarDigital Library
- Huberman, B. A., Franklin, M. K., and Hogg, T. Enhancing privacy and trust in electronic communities. In EC (1999), pp. 78--86. Google ScholarDigital Library
- Ishai, Y., Kilian, J., Nissim, K., and Petrank, E. Extending oblivious transfers efficiently. In CRYPTO 2003 (Santa Barbara, CA, USA, Aug. 17--21, 2003), D. Boneh, Ed., vol. 2729 of LNCS, Springer, Heidelberg, Germany, pp. 145--161.Google ScholarCross Ref
- Jarecki, S., and Liu, X. Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In TCC 2009 (Mar. 15--17, 2009), O. Reingold, Ed., vol. 5444 of LNCS, Springer, Heidelberg, Germany, pp. 577--594. Google ScholarDigital Library
- Keller, M., Orsini, E., and Scholl, P. Actively secure OT extension with optimal overhead. In CRYPTO 2015, Part I (Santa Barbara, CA, USA, Aug. 16--20, 2015), R. Gennaro and M. J. B. Robshaw, Eds., vol. 9215 of LNCS, Springer, Heidelberg, Germany, pp. 724--741.Google ScholarCross Ref
- Kilian, J. Founding cryptography on oblivious transfer. In 20th ACM STOC (Chicago, Illinois, USA, May 2--4, 1988), ACM Press, pp. 20--31. Google ScholarDigital Library
- Kolesnikov, V. Gate evaluation secret sharing and secure one-round two-party computation. In ASIACRYPT 2005 (Chennai, India, Dec. 4--8, 2005), B. K. Roy, Ed., vol. 3788 of LNCS, Springer, Heidelberg, Germany, pp. 136--155. Google ScholarDigital Library
- Kolesnikov, V., and Kumaresan, R. Improved secure two-party computation via information-theoretic garbled circuits. In SCN 12 (Amalfi, Italy, Sept. 5--7, 2012), I. Visconti and R. D. Prisco, Eds., vol. 7485 of LNCS, Springer, Heidelberg, Germany, pp. 205--221. Google ScholarDigital Library
- Kolesnikov, V., and Kumaresan, R. Improved OT extension for transferring short secrets. In CRYPTO 2013, Part II (Santa Barbara, CA, USA, Aug. 18--22, 2013), R. Canetti and J. A. Garay, Eds., vol. 8043 of LNCS, Springer, Heidelberg, Germany, pp. 54--70.Google ScholarCross Ref
- Kolesnikov, V., and Malozemoff, A. J. Public verifiability in the covert model (almost) for free. In ASIACRYPT 2015, Part II (Auckland, New Zealand, Nov. 30 -- Dec. 3, 2015), T. Iwata and J. H. Cheon, Eds., vol. 9453 of LNCS, Springer, Heidelberg, Germany, pp. 210--235.Google ScholarDigital Library
- Malkhi, D., Nisan, N., Pinkas, B., and Sella, Y. Fairplay--a secure two-party computation system. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA, 2004), SSYM'04, USENIX Association, pp. 20--20. Google ScholarDigital Library
- Naor, M., and Pinkas, B. Efficient oblivious transfer protocols. In Proceedings of the Twelfth Annual ACM-SIAM Symposium on Discrete Algorithms (Philadelphia, PA, USA, 2001), SODA '01, Society for Industrial and Applied Mathematics, pp. 448--457. Google ScholarDigital Library
- Naor, M., and Reingold, O. Number-theoretic constructions of efficient pseudo-random functions. Journal of the ACM 51, 2 (2004), 231--262. Google ScholarDigital Library
- Nielsen, J. B. Extending oblivious transfers efficiently - how to get robustness almost for free. Cryptology ePrint Archive, Report 2007/215, 2007.hrefhttp://ia.cr/2007/215ia.cr/2007/215.Google Scholar
- Nielsen, J. B., Nordholt, P. S., Orlandi, C., and Burra, S. S. A new approach to practical active-secure two-party computation. In CRYPTO 2012 (Santa Barbara, CA, USA, Aug. 19--23, 2012), R. Safavi-Naini and R. Canetti, Eds., vol. 7417 of LNCS, Springer, Heidelberg, Germany, pp. 681--700. Google ScholarDigital Library
- Opsahl, K. The disconcerting details: How Facebook teams up with data brokers to show you targeted ads. https://www.eff.org/deeplinks/2013/04/disconcerting-details-how-facebook-teams-data-brokers-show-you-targeted-ads, 2013. {Online; accessed 23-May-2016}.Google Scholar
- Pagh, R., and Rodler, F. F. Cuckoo hashing. J. Algorithms 51, 2 (2004), 122--144. Google ScholarDigital Library
- Pinkas, B., Schneider, T., Segev, G., and Zohner, M. Phasing: Private set intersection using permutation-based hashing. In 24th USENIX Security Symposium, USENIX Security 15 (2015), J. Jung and T. Holz, Eds., USENIX Association, pp. 515--530. Google ScholarDigital Library
- Pinkas, B., Schneider, T., and Zohner, M. Faster private set intersection based on OT extension. In 23rd USENIX Security Symposium, USENIX Security 14 (2014), K. Fu and J. Jung, Eds., USENIX Association, pp. 797--812. Google ScholarDigital Library
- Sadeghi, A.-R., Gligor, V. D., and Yung, M., Eds. ACM CCS 13 (Berlin, Germany, Nov. 4--8, 2013), ACM Press.Google Scholar
- Yao, A. C.-C. How to generate and exchange secrets (extended abstract). In 27th FOCS (Toronto, Ontario, Canada, Oct. 27--29, 1986), IEEE Computer Society Press, pp. 162--167. Google ScholarDigital Library
- Yung, M. From mental poker to core business: Why and how to deploy secure computation protocols? https://www.sigsac.org/ccs/CCS2015/pro_keynote.html, 2015. ACM CCS 2015 Keynote Talk. Google ScholarDigital Library
Index Terms
- Efficient Batched Oblivious PRF with Applications to Private Set Intersection
Recommendations
Efficient Scalable Multi-party Private Set Intersection Using Oblivious PRF
Security and Trust ManagementAbstractIn this paper, we present a concretely efficient protocol for private set intersection (PSI) in the multi-party setting using oblivious pseudorandom function (OPRF). In fact, we generalize the approach used in the work of Chase and Miao [CRYPTO ...
Practical Multi-party Private Set Intersection from Symmetric-Key Techniques
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityWe present a new paradigm for multi-party private set intersection (PSI) that allows $n$ parties to compute the intersection of their datasets without revealing any additional information. We explore a variety of instantiations of this paradigm. Our ...
Malicious-Secure Private Set Intersection via Dual Execution
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityPrivate set intersection (PSI) allows two parties, who each hold a set of items, to compute the intersection of those sets without revealing anything about other items. Recent advances in PSI have significantly improved its performance for the case of ...
Comments