Skip to main content
SpringerLink
Log in

Private and oblivious set and multiset operations

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Privacy-preserving set operations are a popular research topic. Despite a large body of literature, the great majority of the available solutions are two-party protocols and expect that each participant knows her input set in the clear. In this work, we put forward a new framework for secure multi-party set and multiset operations in which the inputs can be arbitrarily partitioned among the participants, knowledge of an input (multi)set is not required for any party, and the secure set operations can be composed and can also be securely outsourced to third-party computation providers. In this framework, we construct a comprehensive suite of secure protocols for set operations and their various extensions. Our protocols are secure in the information-theoretic sense and are designed to minimize the round complexity. We then also build support for multiset operations by providing (i) a generic conversion from a multiset to a set, which makes the protocols for set operations applicable to multisets and (ii) direct instantiations of multiset operations of improved performance. All of our protocols have communication and computation complexity of \(O(m \log m)\) and logarithmic round complexity for sets or multisets of size m, which compares favorably with prior work. Practicality of our solutions is shown through experimental results, and novel optimizations based on set compaction allow us to improve performance of our protocols in practice. Our protocols are secure in both semi-honest and malicious security models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Here by composability we mean the ability to use set operations as building blocks in larger computation using sequential composition. This is different from security under concurrent execution in the universal composability framework, which our protocols also achieve.

  2. The verification algorithm described above does not enforce absence of padding, which is normally not needed. If, however, the participants want to ensure that no zero elements are present, they can simply compare the first element of the sorted set to 0 and open the result of the comparison.

References

  1. Ajtai, M., Komlós, J., Szemerédi, E.: An \({O}(n \log n)\) sorting network. In: STOC, pp. 1–9 (1983)

  2. Aliasgari, M., Blanton, M., Zhang, Y., Steele, A.: Secure computation on floating point numbers. In: Network and Distributed System Security Symposium (NDSS) (2013)

  3. Asharov, G., Lindell, Y.: A full proof of the BGW protocol for perfectly-secure multiparty computation. In: Electronic Colloqium on Computational Complexity (ECCC), Report No. 36 (2011)

  4. Asharov, G., Lindell, Y., Rabin, T.: Perfectly-secure multiplication for any \(t< n/3\). In: CRYPTO (2011)

  5. Ateniese, G., De Cristofaro, E., Tsudik, G.: (If) size matters: size-hiding private set intersection. In: Public Key Cryptography (PKC), LNCS, vol. 6571, pp. 156–173 (2011)

  6. Batcher, K.: Sorting networks and their applications. In: AFIPS Spring Joint Computer Conference (1968)

  7. Beerliova-Trubiniova, Z., Hirt, M.: Perfectly-secure MPC with linear communication complexity. In: Theory of Cryptography Conference (TCC), pp. 213–230 (2008)

  8. Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: A system for secure multi-party computation. In: ACM Conference on Computer and Communications Security (CCS), pp. 257–266 (2008)

  9. Blanton, M., Aguiar, E.: Private and oblivious set and multiset operations. In: ASIACCS (2012)

  10. Blanton, M., Atallah, M., Frikken, K., Malluhi, Q.: Secure and efficient outsourcing of sequence comparisons. In: ESORICS, pp. 505–522 (2012)

  11. Blelloch, G., Reid-Miller, M.: Fast set operations using treaps. In: SPAA, pp. 16–26 (1998)

  12. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  13. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: FOCS (2001)

  14. Canetti, R., Damgård, I., Dziembowski, S., Ishai, Y., Malkin, T.: Adaptive versus non-adaptive security of multi-party protocols. J. Cryptol. 17(3), 153–207 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  15. Catrina, O., de Hoogh, S.: Improved primitives for secure multiparty integer computation. In: Security and Cryptography for Networks (SCN), pp. 182–199 (2010)

  16. Chandra, A., Fortune, S., Lipton, R.: Unbounded fan-in circuits and associative functions. In: ACM Symposium on Theory of Computing (STOC), pp. 52–60 (1983)

  17. Cheon, J.H., Jarecki, S., Seo, J.H.: Multi-party privacy-preserving set intersection with quasi-linear complexity. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E95–A(8), 1366–1378 (2012)

    Article  Google Scholar 

  18. Cramer, R., Damgård, I., Dziembowski, S., Hirt, M., Rabin, T.: Efficient multiparty computations secure against an adaptive adversary. In: Advances in Cryptology—EUROCRYPT, pp. 311–326 (1999)

  19. Cramer, R., Damgård, I., Maurer, U.: General secure multi-party computation from any linear secret-sharing scheme. In: Advances in Cryptology—EUROCRYPT, pp. 316–334 (2000)

  20. Cramer, R., Damgård, I., Nielsen, J.: Multiparty computation from threshold homomorphic encryption. In: Advances in Cryptology—EUROCRYPT, pp. 280–300 (2001)

  21. Dachman-Soled, D., Malkin, T., Raykova, M., Yung, M.: Efficient robust private set intersection. In: Applied Cryptography and Network Security (ACNS), pp. 125–142 (2009)

  22. Dachman-Soled, D., Malkin, T., Raykova, M., Yung, M.: Secure efficient multiparty computing of multivariate polynomials and applications. In: ACNS, pp. 130–146 (2011)

  23. Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of Paillier’s probabilistic public-key system. In: Public Key Cryptography (PKC), pp. 119–136 (2001)

  24. Damgård, I., Nielsen, J.: Scalable and unconditionally secure multiparty computation. In: CRYPTO, pp. 572–590 (2007)

  25. Damgård, I., Fitzi, M., Kiltz, E., Nielsen, J., Toft, T.: Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In: TCC, pp. 285–304 (2006)

  26. Damgård, I., Ishai, Y., Krøigaard, M., Nielsen, J., Smith, A.: Scalable multiparty computation with nearly optimal work and resilience. In: Advances in Cryptology—CRYPTO, pp. 241–261 (2008)

  27. Damgård, I., Geisler, M., Krøigaard, M., Nielsen, J.: Asynchronous multiparty computation: theory and implementation. In: Public Key Cryptography (PKC), pp. 160–179 (2009)

  28. Damgård, I., Ishai, Y., Krøigaard, M.: Perfectly secure multiparty computation and the computational overhead of cryptography. In: Advances in Cryptology—EUROCRYPT, pp. 445–465 (2010)

  29. De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear complexity. In: Financial Cryptography and Data Security (FC), LNCS, vol. 6052, pp. 143–159 (2010)

  30. De Cristofaro, E., Tsudik, G.: Experimenting with fast private set intersection. In: International Conference on Trust and Trustworthy Computing (TRUST), pp. 55–73 (2012)

  31. De Cristofaro, E., Kim, J., Tsudik, G.: Linear-complexity private set intersection protocols secure in malicious model. In: Advances in Cryptology—ASIACRYPT, LNCS, vol. 6477, pp. 213–231 (2010)

  32. De Cristofaro, E., Gasti, P., Tsudik, G.: Fast and private computation of cardinality of set intersection and union. In: International Conference on Cryptology and Network Security (CANS) (2012)

  33. Fouque, P.A., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: International Conference on Financial Cryptography (FC), LNCS, vol. 1962, pp. 90–104 (2000)

  34. Freedman, M., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Advances in Cryptology—EUROCRYPT, LNCS, vol. 3027, pp. 1–19 (2004)

  35. Frikken, K.: Privacy-preserving set union. In: ACNS, LNCS, vol. 4521, pp. 237–252 (2007)

  36. Gennaro, R., Rabin, M., Rabin, T.: Simplified VSS and fast-track multiparty computations with applications to threshold cryptography. In: ACM PODC, pp. 101–111 (1998)

  37. GMP.: The GNU multiple precision arithmetic library release 5.0.5. http://gmplib.org/ (2012)

  38. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC, pp. 218–229 (1987)

  39. Goodrich, M.: Randomized Shellsort: a simple oblivious sorting algorithm. In: SODA, pp. 1262–1277 (2010)

  40. Goodrich, M.: Data-oblivious external-memory algorithms for the compaction, selection, and sorting of outsourced data. In: ACM Symposium on Parallelism in Algorithms and Architectures, pp. 379–388 (2011a)

  41. Goodrich, M.: Spin-the-bottle sort and annealing sort: oblivious sorting via round-robin random comparisons. In: Workshop on Analytic Algorithmics and Combinatorics (ANALCO) (2011b)

  42. Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. In: Theory of Cryptography Conference (TCC), pp. 155–175 (2008)

  43. Hazay, C., Nissim, K.: Efficient set operations in the presence of malicious adversaries. In: PKC (2010)

  44. Hirt, M., Maurer, U.: Robustness for free in unconditional multi-party computation. In: Advances in Cryptology—CRYPTO, pp. 101–118 (2001)

  45. Hirt, M., Nielsen, J.: Robust multiparty computation with linear communication complexity. In: CRYPTO, pp. 463–482 (2006)

  46. Hong, J., Kim, J.W., Kim, J., Park, K., Cheon, J.H.: Constant-round privacy preserving multiset union. In: Cryptology ePrint Achive Report 2011/138. http://eprint.iacr.org/2011/138 (2011)

  47. Huang, Y., Evans, D., Katz, J.: Private set intersection: Are garbled circuits better than custom protocols? In: Network & Distributed System Security Symposium (NDSS) (2012)

  48. Jarecki, S., Liu, X.: Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In: Theory of Cryptography Conference (TCC), pp. 577–594 (2009)

  49. Jarecki, S., Liu, X.: Fast secure computation of set intersection. In: SCN, pp. 418–435 (2010)

  50. Jónsson, K., Kreitz, G., Uddin, M.: Secure multi-party sorting and applications. Cryptology ePrint Archive Report 2011/122 (2011)

  51. Kamara, S., Mohassel, P., Raykova, M.: Outsourcing multi-party computation. Cryptology ePrint Archive report 2011/272 (2011)

  52. Kissner, L., Song, D.: Privacy-preserving set operations. In: CRYPTO, pp. 241–257 (2005)

  53. Kung, H.T., Lehman, P.: Systolic (VLSI) arrays for relational database operations. In: ACM SIGMOD International Conference on Management of Data, pp. 105–116 (1980)

  54. Kushilevitz, E., Lindell, Y., Rabin, T.: Information-theoretically secure protocols and security under composition. SIAM J. Comput. 39(5), 2090–2112 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  55. Leighton, T., Plaxton, C.: Hypercubic sorting networks. SIAM J. Comput. 27, 1–47 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  56. Li, R., Wu, C.: An unconditionally secure protocol for multi-party set intersection. In: ACNS (2007)

  57. Lindell, Y.: General composition and universal composability in secure multi-party computation. In: FOCS, pp. 394–403 (2003)

  58. Narayanan, G., Aishwarya, T., Agrawal, A., Patra, A., Choudhary, A., Rangan, C.: Multi party distributed private matching, set disjointness and cardinality of set intersection with information theoretic security. In: Cryptology and Network Security (CANS), pp. 21–40 (2009)

  59. Patra, A., Choudhary, A., Rangan, C.: Information theoretically secure multi party set intersection re-visited. In: Selected Areas in Cryptography, pp. 71–91 (2009a)

  60. Patra, A., Choudhary, A., Rangan, C.: Round efficient unconditionally secure MPC and multiparty set intersection with optimal resilience. In: INDOCRYPT, pp. 398–417 (2009b)

  61. Peng, K., Bao, F.: An efficient range proof scheme. In: IEEE PASSAT, pp. 826–833 (2010)

  62. Raeder, T., Blanton, M., Chawla, N., Frikken, K.: Privacy-preserving network aggregation. In: Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), pp. 198–207 (2010)

  63. Sang, Y., Shen, H.: Efficient and secure protocols for privacy-preserving set operations. ACM Trans. Inf. Syst. Secur. 13(1), 9:1–9:35 (2009)

    Article  Google Scholar 

  64. SecureSCM (2009) Information security in supply chain management (SecureSCM) project deliverable D9.2. University of Mannheim

  65. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  66. Sood, A.K., Abdelguerfi, M.: Parallel and pipelined processing of some relational algebra operations. Int. J. Electron. 59(4), 477–482 (1985)

    Article  Google Scholar 

  67. Toft, T.: Sub-linear, secure comparison with two non-colluding parties. In: PKC, pp. 174–191 (2011)

  68. Vaidya, J., Clifton, C.: Secure set intersection cardinality with applications to association rule mining. J. Comput. Secur. 13(4), 593–622 (2005)

    Article  Google Scholar 

  69. Waksman, A.: A permutation network. J. ACM 15(1), 159–163 (1968)

    Article  MathSciNet  MATH  Google Scholar 

  70. Wang, C., Ren, K., Wang, J.: Secure and practical outsourcing of linear programming in cloud computing. In: INFOCOM, pp. 820–828 (2011)

  71. Yao, A.: How to generate and exchange secrets. In: FOCS, pp. 162–167 (1986)

  72. Zhang, B.: Generic constant-round oblivious sorting algorithm for MPC. In: ProvSec, pp. 240–256 (2011)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Notre Dame, Notre Dame, IN, 46556, USA

    Marina Blanton & Everaldo Aguiar

Authors
  1. Marina Blanton
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Everaldo Aguiar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marina Blanton.

Additional information

Portions of this work were sponsored by Grants AFOSR-FA9550-09-1-0223 and AFOSR-FA9550-13-1-0066 from the US Air Force Office of Scientific Research and Grants CNS-1223699 and CNS-1319090 from the US National Science Foundation. Any opinions, findings, and conclusions or recommendations expressed in this publication are those of the authors and do not necessarily reflect the views of the funding agencies.

Appendix: Multiset protocols using general multiset-to-set conversion

Appendix: Multiset protocols using general multiset-to-set conversion

The multiset intersection protocol, \({\mathsf{MInt}}\), is somewhat similar to \({\mathsf{MUnion}}\). To obtain \({\mathsf{MInt}}\) with the optimized performance of Protocol 2, we replace lines 3–9 in \({\mathsf{MUnion}}\) (Protocol 11) with the appropriate logic, resulting in the following protocol (as before, m is compact for \(m_1+m_2\)):

figure ag

The multiset version of our subset relation protocol \(\mathsf{MSub}\) returns only a single bit and can be constructed from the multiset union by simply replacing lines 3–9 with:

figure ah

It is also not very difficult to derive the multiset difference protocol \(\mathsf{MDiff}\) from its set version \(\mathsf{Diff}\), which we provide next.

figure ai

In this protocol, sorting is done with respect to the first element of each (4-)tuple. Symmetric difference can be obtained by skipping lines 11–13. As before, we will execute the lines marked as optional only if the counts need to be preserved.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Blanton, M., Aguiar, E. Private and oblivious set and multiset operations. Int. J. Inf. Secur. 15, 493–518 (2016). https://doi.org/10.1007/s10207-015-0301-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-015-0301-1

Keywords

Search

Navigation