ABSTRACT
It is known that fully homomorphic encryption (FHE) can be used to build efficient (labeled) Private Set Intersection protocols in the unbalanced setting, where one of the sets is much larger than the other~(Chen et al. (CCS'17, CCS'18)). In this paper we demonstrate multiple algorithmic improvements upon these works. In particular, our protocol has an asymptotically better computation cost, requiring only O(√|X| ) homomorphic multiplications, and communication complexity sublinear in the larger set size|X|. We demonstrate that our protocol is significantly better than that of Chen et al. (CCS'18) for many practical parameters, especially in terms of online communication cost. For example, when intersecting $228 and 2048 item sets, our protocol reduces the online computation time by more than 71% and communication by more than 63%. When intersecting 224 and 4096 item sets, our protocol reduces the online computation time by 27% and communication by 63%. Our comparison to other state-of-the-art unbalanced PSI protocols shows that our protocol has the best total communication complexity when |X| ≥ 224. For labeled PSI our protocol also outperforms Chen et al. (CCS'18). When intersecting 220 and 256 item sets, with the larger set having associated 288-byte labels, our protocol reduces the online computation time by more than 67% and communication by 34%. Finally, we demonstrate a modification that results in nearly constant communication cost in the larger set size |X|, but impractically high computation complexity on today's CPUs. For example, to intersect a 210-item set with sets of size 222, 224, or 226, our proof-of-concept implementation requires only 0.76 MB of online communication, which is more than a 24-fold improvement over Chen et al. (CCS'18).
Supplemental Material
- Martin R. Albrecht, Rachel Player, and Sam Scott. 2015. On the concrete hardness of Learning with Errors. J. Mathematical Cryptology, Vol. 9, 3 (2015), 169--203. http://www.degruyter.com/view/j/jmc.2015.9.issue-3/jmc-2015-0016/jmc-2015-0016.xmlGoogle ScholarCross Ref
- Junade Ali. 2018. Validating Leaked Passwords with k-Anonymity. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/. Accessed: 2021-04--26.Google Scholar
- Sebastian Angel, Hao Chen, Kim Laine, and Srinath Setty. 2018. PIR with compressed queries and amortized query processing. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 962--979.Google ScholarCross Ref
- Giuseppe Ateniese, Emiliano De Cristofaro, and Gene Tsudik. 2011. (If) Size Matters: Size-Hiding Private Set Intersection. In PKC 2011 (LNCS, Vol. 6571), Dario Catalano, Nelly Fazio, Rosario Gennaro, and Antonio Nicolosi (Eds.). Springer, Heidelberg, 156--173. https://doi.org/10.1007/978--3--642--19379--8_10Google ScholarCross Ref
- Daniel J Bernstein, Mike Hamburg, Anna Krasnova, and Tanja Lange. 2013. Elligator: Elliptic-curve points indistinguishable from uniform random strings. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 967--980.Google ScholarDigital Library
- Zvika Brakerski. 2012. Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP. In CRYPTO (Lecture Notes in Computer Science, Vol. 7417), Reihaneh Safavi-Naini and Ran Canetti (Eds.). Springer, 868--886.Google ScholarDigital Library
- Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2012. (Leveled) fully homomorphic encryption without bootstrapping. In Proceedings of the 3rd Innovations in Theoretical Computer Science Conference. ACM, 309--325.Google ScholarDigital Library
- Zvika Brakerski and Vinod Vaikuntanathan. 2011. Fully homomorphic encryption from ring-LWE and security for key dependent messages. In Advances in Cryptology--CRYPTO 2011. Springer, 505--524.Google ScholarDigital Library
- Zvika Brakerski and Vinod Vaikuntanathan. 2014. Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput., Vol. 43, 2 (2014), 831--871.Google ScholarCross Ref
- Michael F. Challis. 1993. Two new techniques for computing extremal h-bases Ak. Comput. J., Vol. 36, 2 (1993), 117--126.Google ScholarCross Ref
- Michael F Challis and John P Robinson. 2010. Some extremal postage stamp bases. Journal of Integer Sequences, Vol. 13, 2 (2010), 3.Google Scholar
- Melissa Chase and Peihan Miao. 2020. Private Set Intersection in the Internet Setting from Lightweight Oblivious PRF. In CRYPTO 2020, Part III (LNCS ), Hovav Shacham and Alexandra Boldyreva (Eds.). Springer, Heidelberg, 34--63.Google ScholarDigital Library
- Hao Chen, Zhicong Huang, Kim Laine, and Peter Rindal. 2018. Labeled PSI from Fully Homomorphic Encryption with Malicious Security. In ACM CCS 2018, David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang (Eds.). ACM Press, 1223--1237. https://doi.org/10.1145/3243734.3243836Google ScholarDigital Library
- Hao Chen, Kim Laine, and Peter Rindal. 2017. Fast Private Set Intersection from Homomorphic Encryption. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 1243--1255. https://doi.org/10.1145/3133956.3134061Google ScholarDigital Library
- Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, and Malika Izabachene. 2016. Faster fully homomorphic encryption: Bootstrapping in less than 0.1 seconds. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 3--33.Google ScholarCross Ref
- Benny Chor, Niv Gilboa, and Moni Naor. 1997. Private information retrieval by keywords .Citeseer.Google Scholar
- Craig Costello and Patrick Longa. 2015. FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime. Cryptology ePrint Archive, Report 2015/565. https://eprint.iacr.org/2015/565 .Google Scholar
- Whitfield Diffie and Martin E. Hellman. 1976. New Directions in Cryptography. IEEE Transactions on Information Theory, Vol. 22, 6 (1976), 644--654.Google ScholarDigital Library
- Changyu Dong, Liqun Chen, and Zikai Wen. 2013. When private set intersection meets big data: an efficient and scalable protocol. In ACM CCS 2013, Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung (Eds.). ACM Press, 789--800. https://doi.org/10.1145/2508859.2516701Google ScholarDigital Library
- Léo Ducas and Daniele Micciancio. 2015. FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second. In EUROCRYPT 2015, Part I (LNCS, Vol. 9056), Elisabeth Oswald and Marc Fischlin (Eds.). Springer, Heidelberg, 617--640.Google ScholarCross Ref
- Bin Fan, Dave G. Andersen, Michael Kaminsky, and Michael D. Mitzenmacher. 2014. Cuckoo Filter: Practically Better Than Bloom. In Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies (Sydney, Australia) (CoNEXT '14). Association for Computing Machinery, New York, NY, USA, 75--88. https://doi.org/10.1145/2674005.2674994Google ScholarDigital Library
- Junfeng Fan and Frederik Vercauteren. 2012. Somewhat Practical Fully Homomorphic Encryption. Cryptology ePrint Archive, Report 2012/144. http://eprint.iacr.org/.Google Scholar
- Michael J. Freedman, Yuval Ishai, Benny Pinkas, and Omer Reingold. 2005. Keyword Search and Oblivious Pseudorandom Functions. In TCC 2005 (LNCS, Vol. 3378), Joe Kilian (Ed.). Springer, Heidelberg, 303--324.Google Scholar
- Michael J. Freedman, Kobbi Nissim, and Benny Pinkas. 2004. Efficient Private Matching and Set Intersection. In EUROCRYPT 2004 (LNCS, Vol. 3027), Christian Cachin and Jan Camenisch (Eds.). Springer, Heidelberg, 1--19. https://doi.org/10.1007/978--3--540--24676--3_1Google Scholar
- Craig Gentry. 2009. Fully homomorphic encryption using ideal lattices.. In STOC, Vol. 9. 169--178.Google ScholarDigital Library
- Craig Gentry, Shai Halevi, and Nigel P Smart. 2012. Homomorphic evaluation of the AES circuit. In Advances in Cryptology--CRYPTO 2012. Springer, 850--867.Google ScholarDigital Library
- Craig Gentry, Amit Sahai, and Brent Waters. 2013. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based. In CRYPTO (1) (Lecture Notes in Computer Science, Vol. 8042), Ran Canetti and Juan A. Garay (Eds.). Springer, 75--92. https://doi.org/10.1007/978--3--642--40041--4Google Scholar
- Christoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, and Thomas Schneider. 2021. All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers. In 28th Annual Network and Distributed System Security Symposium, NDSS. The Internet Society.Google ScholarCross Ref
- Shai Halevi and Victor Shoup. 2020. Design and implementation of HElib: a homomorphic encryption library. Cryptology ePrint Archive, Report 2020/1481. https://eprint.iacr.org/2020/1481.Google Scholar
- Carmit Hazay and Yehuda Lindell. 2008. Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries. In Theory of Cryptography, Ran Canetti (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 155--175.Google Scholar
- Yan Huang, David Evans, and Jonathan Katz. 2012. Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?. In NDSS 2012. The Internet Society.Google Scholar
- Bernardo A. Huberman, Matt Franklin, and Tad Hogg. 1999. Enhancing Privacy and Trust in Electronic Communities. In Proceedings of the 1st ACM Conference on Electronic Commerce (Denver, Colorado, USA) (EC '99). Association for Computing Machinery, New York, NY, USA, 78--86. https://doi.org/10.1145/336992.337012Google ScholarDigital Library
- Yuval Ishai, Joe Kilian, Kobbi Nissim, and Erez Petrank. 2003. Extending Oblivious Transfers Efficiently. In CRYPTO 2003 (LNCS, Vol. 2729), Dan Boneh (Ed.). Springer, Heidelberg, 145--161. https://doi.org/10.1007/978--3--540--45146--4_9Google Scholar
- Stanisław Jarecki and Xiaomin Liu. 2010. Fast secure computation of set intersection. In International Conference on Security and Cryptography for Networks. Springer, 418--435.Google ScholarDigital Library
- Daniel Kales, Christian Rechberger, Thomas Schneider, Matthias Senker, and Christian Weinert. 2019. Mobile Private Contact Discovery at Scale. In USENIX Security 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 1447--1464.Google Scholar
- Sreekanth Kannepalli, Kim Laine, and Radames Cruz Moreno. 2021. Password Monitor: Safeguarding passwords in Microsoft Edge. https://www.microsoft.com/en-us/research/blog/password-monitor-safeguarding-passwords-in-microsoft-edge/. Accessed: 2021-04--26.Google Scholar
- Andrey Kim, Yuriy Polyakov, and Vincent Zucca. 2021. Revisiting Homomorphic Encryption Schemes for Finite Fields. Cryptology ePrint Archive, Report 2021/204. https://eprint.iacr.org/2021/204.Google Scholar
- Ágnes Kiss, Jian Liu, Thomas Schneider, N. Asokan, and Benny Pinkas. 2017. Private Set Intersection for Unequal Set Sizes with Mobile Applications. PoPETs, Vol. 2017, 4 (Oct. 2017), 177--197. https://doi.org/10.1515/popets-2017-0044Google ScholarCross Ref
- Vladimir Kolesnikov, Ranjit Kumaresan, Mike Rosulek, and Ni Trieu. 2016. Efficient Batched Oblivious PRF with Applications to Private Set Intersection. In ACM CCS 2016, Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.). ACM Press, 818--829. https://doi.org/10.1145/2976749.2978381Google ScholarDigital Library
- Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2013. On ideal lattices and learning with errors over rings. Journal of the ACM (JACM), Vol. 60, 6 (2013), 43.Google ScholarDigital Library
- Moxie Marlinspike. 2014. The Difficulty Of Private Contact Discovery. A company sponsored blog post. https://signal.org/blog/contact-discovery/.Google Scholar
- C. Meadows. 1986. A More Efficient Cryptographic Matchmaking Protocol for Use in the Absence of a Continuously Available Third Party. In 1986 IEEE Symposium on Security and Privacy. 134--134. https://doi.org/10.1109/SP.1986.10022Google ScholarCross Ref
- Moni Naor and Omer Reingold. 2004. Number-theoretic constructions of efficient pseudo-random functions. Journal of the ACM, Vol. 51, 2 (2004), 231--262.Google ScholarDigital Library
- Andrew Odlyzko. 2003. Privacy, economics, and price discrimination on the Internet. In Proceedings of the 5th international conference on Electronic commerce. ACM, 355--366.Google ScholarDigital Library
- Michele Orrù, Emmanuela Orsini, and Peter Scholl. 2017. Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection. In CT-RSA 2017 (LNCS, Vol. 10159), Helena Handschuh (Ed.). Springer, Heidelberg, 381--396. https://doi.org/10.1007/978--3--319--52153--4_22Google ScholarCross Ref
- Michael S Paterson and Larry J Stockmeyer. 1973. On the number of nonscalar multiplications necessary to evaluate polynomials. SIAM J. Comput., Vol. 2, 1 (1973), 60--66.Google ScholarDigital Library
- Benny Pinkas, Mike Rosulek, Ni Trieu, and Avishay Yanai. 2020. PSI from PaXoS: Fast, Malicious Private Set Intersection. In EUROCRYPT 2020, Part II (LNCS ), Vincent Rijmen and Yuval Ishai (Eds.). Springer, Heidelberg, 739--767.Google ScholarDigital Library
- Benny Pinkas, Thomas Schneider, Gil Segev, and Michael Zohner. 2015. Phasing: Private set intersection using permutation-based hashing. In 24th USENIX Security Symposium (USENIX Security 15). 515--530.Google ScholarDigital Library
- Benny Pinkas, Thomas Schneider, Nigel P. Smart, and Stephen C. Williams. 2009. Secure Two-Party Computation Is Practical. In ASIACRYPT 2009 (LNCS, Vol. 5912), Mitsuru Matsui (Ed.). Springer, Heidelberg, 250--267.Google Scholar
- Benny Pinkas, Thomas Schneider, Christian Weinert, and Udi Wieder. 2018. Efficient Circuit-Based PSI via Cuckoo Hashing. In EUROCRYPT 2018, Part III (LNCS, Vol. 10822), Jesper Buus Nielsen and Vincent Rijmen (Eds.). Springer, Heidelberg, 125--157. https://doi.org/10.1007/978--3--319--78372--7_5Google ScholarCross Ref
- Benny Pinkas, Thomas Schneider, and Michael Zohner. 2014. Faster Private Set Intersection Based on OT Extension. In USENIX Security 2014, Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 797--812.Google ScholarDigital Library
- Oded Regev. 2005. On lattices, learning with errors, random linear codes, and cryptography. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22--24, 2005, Harold N. Gabow and Ronald Fagin (Eds.). ACM, 84--93. https://doi.org/10.1145/1060590.1060603Google ScholarDigital Library
- Amanda C. Davi Resende and Diego F. Aranha. 2018. Faster Unbalanced Private Set Intersection. In FC 2018 (LNCS, Vol. 10957), Sarah Meiklejohn and Kazue Sako (Eds.). Springer, Heidelberg, 203--221.Google Scholar
- Peter Rindal and Mike Rosulek. 2017. Malicious-Secure Private Set Intersection via Dual Execution. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS '17). ACM, New York, NY, USA, 1229--1242. https://doi.org/10.1145/3133956.3134044Google ScholarDigital Library
- Michael Scott. 2020. A note on the calculation of some functions in finite fields: Tricks of the Trade. Cryptology ePrint Archive, Report 2020/1497. https://eprint.iacr.org/2020/1497 .Google Scholar
- Victor Shoup. 2021. NTL: A Library for doing Number Theory (11.4.3). https://libntl.org/.Google Scholar
- Nigel P Smart and Frederik Vercauteren. 2014. Fully homomorphic SIMD operations. Designs, codes and cryptography, Vol. 71, 1 (2014), 57--81.Google Scholar
- Ni Trieu, Kareem Shehata, Prateek Saxena, Reza Shokri, and Dawn Song. 2020. Epione: Lightweight contact tracing with strong privacy.Google Scholar
- Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets (Extended Abstract). In 27th FOCS. IEEE Computer Society Press, 162--167. https://doi.org/10.1109/SFCS.1986.25Google ScholarDigital Library
Index Terms
- Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication
Recommendations
Efficient Linear Multiparty PSI and Extensions to Circuit/Quorum PSI
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecurityMultiparty Private Set Intersection (mPSI), enables n parties, each holding private sets (each of size m) to securely compute the intersection of these private sets. While several protocols are known for this task, the only concretely efficient protocol ...
Fast Private Set Intersection from Homomorphic Encryption
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityPrivate Set Intersection (PSI) is a cryptographic technique that allows two parties to compute the intersection of their sets without revealing anything except the intersection. We use fully homomorphic encryption to construct a fast PSI protocol with a ...
Labeled PSI from Fully Homomorphic Encryption with Malicious Security
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityPrivate Set Intersection (PSI) allows two parties, the sender and the receiver, to compute the intersection of their private sets without revealing extra information to each other. We are interested in the unbalanced PSI setting, where (1) the receiver'...
Comments