Chapter

Progress in Cryptology - AFRICACRYPT 2012

Volume 7374 of the series Lecture Notes in Computer Science pp 378-394

Size-Hiding in Private Set Intersection: Existential Results and Constructions

  • Paolo D’ArcoAffiliated withDipartimento di Informatica, Universitá di Salerno
  • , María Isabel González VascoAffiliated withDpto. de Matemática Aplicada, Univ. Rey Juan Carlos
  • , Angel L. Pérez del PozoAffiliated withDpto. de Matemática Aplicada, Univ. Rey Juan Carlos
  • , Claudio SorienteAffiliated withInstitute of Information Security, ETH Zurich

* Final gross prices may vary according to local VAT.

Get Access

Abstract

In this paper we focus our attention on private set intersection. We show impossibility and existential results, and we provide some explicit constructions. More precisely, we start by looking at the case in which both parties, client and server, in securely computing the intersection, would like to hide the sizes of their sets of secrets, and we show that:

  • It is impossible to realize an unconditionally secure size-hiding set intersection protocol.

  • In a model where a TTP provides set up information to the two parties and disappears, unconditionally secure size-hiding set intersection is possible.

  • There exist computationally secure size-hiding set intersection protocols.

Then, we provide some explicit constructions for one-sided protocols, where only the client gets the intersection and hides the size of her set of secrets. In the model with the TTP, we design two protocols which are computationally secure under standard assumptions, and two very efficient protocols which are secure in the random oracle model. We close the paper with some remarks and by pointing out several interesting open problems.