Scaling Private Set Intersection to Billion-Element Sets

  • Seny Kamara
  • Payman MohasselEmail author
  • Mariana Raykova
  • Saeed Sadeghian
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8437)


We examine the feasibility of private set intersection (PSI) over massive datasets. PSI, which allows two parties to find the intersection of their sets without revealing them to each other, has numerous applications including to privacy-preserving data mining, location-based services and genomic computations. Unfortunately, the most efficient constructions only scale to sets containing a few thousand elements—even in the semi-honest model and over a LAN.

In this work, we design PSI protocols in the server-aided setting, where the parties have access to a single untrusted server that makes its computational resources available as a service. We show that by exploiting the server-aided model and by carefully optimizing and parallelizing our implementations, PSI is feasible for billion-element sets even while communicating over the Internet. As far as we know, ours is the first attempt to scale PSI to billion-element sets which represents an increase of five orders of magnitude over previous work.

Our protocols are secure in several adversarial models including against a semi-honest, covert and malicious server; and address a range of security and privacy concerns including fairness and the leakage of the intersection size. Our protocols also yield efficient server-aided private equality-testing (PET) with stronger security guarantees than prior work.


Oblivious Transfer NoSQL Database Adversary Structure Botnet Detection Custom Implementation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aiello, W., Ishai, Y., Reingold, O.: Priced oblivious transfer: How to sell digital goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Asharov, G., Jain, A., López-Alt, A., Tromer, E., Vaikuntanathan, V., Wichs, D.: Multiparty computation with low communication, computation and interaction via threshold FHE. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 483–501. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Baldi, P., Baronio, R., De Cristofaro, E., Gasti, P., Tsudik, G.: Countering gattaca: efficient and secure testing of fully-sequenced human genomes. In: CCS, pp. 691–702 (2011)Google Scholar
  4. 4.
    Barak, B., Goldreich, O.: Universal arguments and their applications. In: CCC (2002)Google Scholar
  5. 5.
    Ben-David, A., Nisan, N., Pinkas, B.: Fairplaymp: a system for secure multi-party computation. In: CCS (2008)Google Scholar
  6. 6.
    Bogdanov, D., Laur, S., Willemson, J.: Sharemind: A framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Bogetoft, P., Christensen, D., Damgard, I., Geisler, M., Jakobsen, T., Krøigaard, M., Nielsen, J., Nielsen, J.B., Nielsen, K., Pagter, J., Schwartzbach, M., Toft, T.: Secure multiparty computation goes live. In: FC (2009)Google Scholar
  8. 8.
    Boudot, F., Schoenmakers, B., Traore, J.: A fair and efficient solution to the socialist millionaires’ problem. Discrete Appl. Math. 111(1), 23–36 (2001)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Camenisch, J., Zaverucha, G.: Private intersection of certified sets. In: FC, pp. 108–127 (2009)Google Scholar
  10. 10.
    Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  11. 11.
    Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Chase, M., Kamara, S.: Structured encryption and controlled disclosure. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 577–594. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC, pp. 364–369 (1986)Google Scholar
  14. 14.
    De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear complexity. In: Financial Cryptography, pp. 143–159 (2010)Google Scholar
  15. 15.
    Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. In: ACM CCS, pp. 79–88 (2006)Google Scholar
  16. 16.
    Dachman-Soled, D., Malkin, T., Raykova, M., Yung, M.: Efficient robust private set intersection. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 125–142. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Dachman-Soled, D., Malkin, T., Raykova, M., Yung, M.: Secure efficient multiparty computing of multivariate polynomials and applications. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 130–146. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Wei Dai. Crypto++ library. (2013)
  19. 19.
    Damgard, I., Geisler, M., Krøigaard, M., Nielsen, J.-B.: Asynchronous multiparty computation: Theory and implementation. In: PKC (2009)Google Scholar
  20. 20.
    Damgård, I.B., Ishai, Y.: Constant-Round multiparty computation using a black-box pseudorandom generator. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 378–394. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Damgård, I., Ishai, Y., Krøigaard, M., Nielsen, J.B., Smith, A.: Scalable multiparty computation with nearly optimal work and resilience. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 241–261. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    De Cristofaro, E., Kim, J., Tsudik, G.: Linear-complexity private set intersection protocols secure in malicious model. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 213–231. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    De Cristofaro, E., Tsudik, G.: Experimenting with fast private set intersection. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 55–73. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Dong, C., Chen, L., Camenisch, J., Russello, G.: Fair private set intersection with a semi-trusted arbiter. Cryptology ePrint Archive, Report 2012/252 (2012)Google Scholar
  25. 25.
    Dong, C., Chen, L., Wen, Z.: When private set intersection meets big data: An efficient and scalable protocol. In: ACM CCS, pp. 789–800 (2013)Google Scholar
  26. 26.
    Ejgenberg, Y., Farbstein, M., Levy, M., Yehuda, L.: The secure computation application programming interface, SCAPI (2012)Google Scholar
  27. 27.
    Donovan, H., et al.: Sparsehash library. (2013). Accessed 08 May 2013
  28. 28.
    Fagin, R., Naor, M., Winkler, P.: Comparing information without leaking it. Commun. ACM 39(5), 77–85 (1996)CrossRefGoogle Scholar
  29. 29.
    Feige, U., Killian, J., Naor, M.: A minimal model for secure computation (extended abstract). In: STOC (1994)Google Scholar
  30. 30.
    Fischlin, M., Pinkas, B., Sadeghi, A.-R., Schneider, T., Visconti, I.: Secure set intersection with untrusted hardware tokens. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 1–16. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  31. 31.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  32. 32.
    Garay, J.A., MacKenzie, P.D., Prabhakaran, M., Yang, K.: Resource fairness and composability of cryptographic protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 404–428. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  33. 33.
    Gelles, R., Ostrovsky, R., Winoto, K.: Multiparty proximity testing with dishonest majority from equality testing. In: Czumaj, A., Mehlhorn, K., Pitts, A., Wattenhofer, R. (eds.) ICALP 2012, Part II. LNCS, vol. 7392, pp. 537–548. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  34. 34.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009)Google Scholar
  35. 35.
    Goh, E.-J.: Secure indexes. Technical Report 2003/216, IACR ePrint Cryptography Archive (2003) See
  36. 36.
    Gordon, S.D., Katz, J.: Partial fairness in secure two-party computation. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 157–176. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  37. 37.
    Gordon, S.D., Hazay, C., Katz, J., Lindell, Y.: Complete fairness in secure two-party computation. J. ACM 58(6), 24 (2011)CrossRefMathSciNetGoogle Scholar
  38. 38.
    Hazay, C., Lindell, Y.: Constructions of truly practical secure protocols using standardsmartcards. In: CCS, pp. 491–500 (2008)Google Scholar
  39. 39.
    Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 155–175. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  40. 40.
    Hazay, C., Nissim, K.: Efficient set operations in the presence of malicious adversaries. Public Key Cryptogr. PKC 2010, 312–331 (2010)MathSciNetGoogle Scholar
  41. 41.
    Henecka, W., Kogl, S., Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: TASTY: tool for automating secure two-party computations. In: CCS (2010)Google Scholar
  42. 42.
    Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security (2011)Google Scholar
  43. 43.
    Huang, Y., Evans, D., Katz, J.: Private set intersection: Are garbled circuits better than custom protocols? In: NDSS (2012)Google Scholar
  44. 44.
    Jarecki, S., Liu, X.: Fast secure computation of set intersection. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 418–435. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  45. 45.
    Kamara, S., Mohassel, P., Raykova, M.: Outsourcing multi-party comptuation. Technical Report 2011/272, IACR ePrint Cryptography Archive (2011)Google Scholar
  46. 46.
    Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Financial Cryptography and Data Security (FC ’13) (2013)Google Scholar
  47. 47.
    Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: ACM Conference on Computer and Communications Security (CCS ’12). ACM Press (2012)Google Scholar
  48. 48.
    Kamara, S., Mohassel, P., Riva, B.: Salus: A system for server-aided secure function evaluation. In: CCS, pp. 797–808 (2012)Google Scholar
  49. 49.
    Katz, J., Ostrovsky, R., Smith, A.: Round efficiency of multi-party computation with a dishonest majority. In: EUROCRYPT (2003)Google Scholar
  50. 50.
    Kerschbaum, F.: Outsourcing private set intersection using homomorphic encryption. In: Asia CCS ’12 (2012)Google Scholar
  51. 51.
    Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  52. 52.
    Knuth, D.E.: The Art of Computer Programming: Seminumerical Algorithms, vol. 2, 3rd edn. Addison-Wesley Longman Publishing Co., Inc, Boston (1997)Google Scholar
  53. 53.
    Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 171. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  54. 54.
    Lipmaa, H.: Verifiable homomorphic oblivious transfer and private equality test. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 416–433. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  55. 55.
    Malka, L.: Vmcrypt: modular software architecture for scalable secure computation. In: CCS (2011)Google Scholar
  56. 56.
    Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay–a secure two-party computation system. In: USENIX Security (2004)Google Scholar
  57. 57.
    Nagaraja, S., Mittal, P., Hong, C.-Y., Caesar, M., Borisov, N.: Botgrep: Finding P2P bots with structured graph analysis. In: USENIX Security (2010)Google Scholar
  58. 58.
    Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Dan B.: Location privacy via private proximity testing. In: NDSS (2011)Google Scholar
  59. 59.
    Pinkas, B.: Fair secure two-party computation. In: Eurocrypt, pp. 647–647 (2003)Google Scholar
  60. 60.
    Rawas, H.: Redis windows port. (2013). Accessed 08 May 2013
  61. 61.
    Saldamli, G., Chow, R., Jin, H., Knijnenburg, B.: Private proximity testing with an untrusted server. In: SIGSAC, pp. 113–118 (2013)Google Scholar
  62. 62.
    Song, D., Wagner, D., Perrig, A.: Practical techniques for searching on encrypted data. In: IEEE S&P, pp. 44–55 (2000)Google Scholar
  63. 63.
    Yaguang, T.: hiredis win32. (2013). Accessed 08 May 2013
  64. 64.
    Yao, A.: Protocols for secure computations. In: FOCS (1982)Google Scholar

Copyright information

© International Financial Cryptography Association 2014

Authors and Affiliations

  • Seny Kamara
    • 1
  • Payman Mohassel
    • 2
    Email author
  • Mariana Raykova
    • 3
  • Saeed Sadeghian
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.University of CalgaryCalgaryCanada
  3. 3.SRIMenlo ParkUSA

Personalised recommendations