Skip to main content

Maliciously Secure Multi-party PSI with Lower Bandwidth and Faster Computation

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2022)

Abstract

Private Set Intersection (PSI) allows a set of mutually distrustful parties, each holds a private data set, to compute the intersection of all sets, such that no information is revealed except for the intersection. The state-of-the-art PSI protocol (Garimella et al., CRYPTO’21) in the multi-party setting tolerating any number of malicious corruptions requires the communication bandwidth of \(O(n\ell |\mathbb F |)\) bits for the central party \(P_0\) due to the star architecture, where n is the number of parties, \(\ell \) is the size of each set and \(|\mathbb F |\) is the size of an exponentially large field \(\mathbb F \). When n and \(\ell \) are large, this forms an efficiency bottleneck (especially for networks with restricted bandwidthes). In this paper, we present a new multi-party PSI protocol in dishonest-majority malicious setting, which reduces the communication bandwidth of the central party \(P_0\) from \(O(n\ell |\mathbb F |)\) bits to \(O(\ell |\mathbb F |)\) bits using a tree architecture. Furthermore, our PSI protocol reduces the expensive LPN encoding operations performed by \(P_0\) by a factor of n as well as the computational cost by \(2n\ell \) hash operations in total. Additionally, while the multi-party PSI protocol (Garimella et al., CRYPTO’21) with a single output is secure, we present a simple attack against its multi-output extension, which allows an adversary to learn more information on the sets of honest parties beyond the intersection of all sets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A similar observation was also made by Nevo et al.  [24].

References

  1. Boyle, E., Couteau, G., Gilboa, N., Ishai, Y.: Compressing vector OLE. In: ACM Conference on Computer and Communications Security (CCS) 2018, pp. 896–912. ACM Press (2018). https://doi.org/10.1145/3243734.3243868

  2. Boyle, E., et al.: Efficient two-round OT extension and silent non-interactive secure computation. In: ACM Conference on Computer and Communications Security (CCS) 2019, pp. 291–308. ACM Press (2019). https://doi.org/10.1145/3319535.3354255

  3. Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Efficient pseudorandom correlation generators: silent OT extension and more. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 489–518. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_16

    Chapter  Google Scholar 

  4. Boyle, E., Couteau, G., Gilboa, N., Ishai, Y., Kohl, L., Scholl, P.: Correlated pseudorandom functions from variable-density LPN, pp. 1069–1080. IEEE (2020). https://doi.org/10.1109/FOCS46700.2020.00103

  5. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 136–145. IEEE (2001). https://doi.org/10.1109/SFCS.2001.959888

  6. Chandran, N., Dasgupta, N., Gupta, D., Obbattu, S.L.B., Sekar, S., Shah, A.: Efficient linear multiparty PSI and extensions to circuit/quorum PSI. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS 2021, pp. 1182–1204. Association for Computing Machinery (2021)

    Google Scholar 

  7. Chase, M., Miao, P.: Private set intersection in the Internet setting from lightweight oblivious PRF. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 34–63. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_2

    Chapter  Google Scholar 

  8. Cheon, J.H., Jarecki, S., Seo, J.H.: Multi-party privacy-preserving set intersection with quasi-linear complexity. Cryptology ePrint Archive, Report 2010/512 (2010). https://eprint.iacr.org/2010/512

  9. Couteau, G., Rindal, P., Raghuraman, S.: Silver: silent VOLE and oblivious transfer from hardness of decoding structured LDPC codes. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 502–534. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84252-9_17

    Chapter  Google Scholar 

  10. Demmler, D., Rindal, P., Rosulek, M., Trieu, N.: PIR-PSI: scaling private contact discovery. Proc. Priv. Enhancing Technol. 2018(4), 159–178 (2018)

    Article  Google Scholar 

  11. Dong, C., Chen, L., Wen, Z.: When private set intersection meets big data: an efficient and scalable protocol. In: ACM Conference on Computer and Communications Security (CCS) 2013, pp. 789–800. ACM Press (2013). https://doi.org/10.1145/2508859.2516701

  12. Efraim, A.B., Nissenbaum, O., Omri, E., Paskin-Cherniavsky, A.: PSimple: practical multiparty maliciously-secure private set intersection. Cryptology ePrint Archive, Report 2021/122 (2021). https://ia.cr/2021/122

  13. Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_1

    Chapter  Google Scholar 

  14. Garimella, G., Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: Oblivious key-value stores and amplification for private set intersection. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 395–425. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_14

    Chapter  Google Scholar 

  15. Ghosh, S., Nilges, T.: An algebraic approach to maliciously secure private set intersection. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part III. LNCS, vol. 11478, pp. 154–185. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_6

    Chapter  Google Scholar 

  16. Hazay, C., Venkitasubramaniam, M.: Scalable multi-party private set-intersection. In: Fehr, S. (ed.) PKC 2017, Part I. LNCS, vol. 10174, pp. 175–203. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54365-8_8

    Chapter  Google Scholar 

  17. Inbar, R., Omri, E., Pinkas, B.: Efficient scalable multiparty private set-intersection via garbled bloom filters. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 235–252. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_13

    Chapter  Google Scholar 

  18. Ion, M., et al.: On deploying secure computing: private intersection-sum-with-cardinality. In: 2020 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 370–389 (2020)

    Google Scholar 

  19. Ion, M., et al.: Private intersection-sum protocol with applications to attributing aggregate ad conversions. Cryptology ePrint Archive, Report 2017/738 (2017). https://eprint.iacr.org/2017/738

  20. Kales, D., Rechberger, C., Schneider, T., Senker, M., Weinert, C.: Mobile private contact discovery at scale. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1447–1464 (2019)

    Google Scholar 

  21. Kavousi, A., Mohajeri, J., Salmasizadeh, M.: Efficient scalable multi-party private set intersection using oblivious PRF. Cryptology ePrint Archive, Report 2021/484 (2021). https://ia.cr/2021/484

  22. Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_15

    Chapter  Google Scholar 

  23. Kolesnikov, V., Matania, N., Pinkas, B., Rosulek, M., Trieu, N.: Practical multi-party private set intersection from symmetric-key techniques. In: ACM Conference on Computer and Communications Security (CCS) 2017, pp. 1257–1272. ACM Press (2017). https://doi.org/10.1145/3133956.3134065

  24. Nevo, O., Trieu, N., Yanai, A.: Simple, fast malicious multiparty private set intersection. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS 2021, pp. 1151–1165. Association for Computing Machinery (2021)

    Google Scholar 

  25. Nguyen, D.T., Trieu, N.: MPCCache: privacy-preserving multi-party cooperative cache sharing at the edge. Cryptology ePrint Archive, Report 2021/317 (2021). https://ia.cr/2021/317

  26. Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: SpOT-light: lightweight private set intersection from sparse OT extension. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 401–431. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_13

    Chapter  Google Scholar 

  27. Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: PSI from PaXoS: fast, malicious private set intersection. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 739–767. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_25

    Chapter  Google Scholar 

  28. Qiu, Z., Yang, K., Yu, Y., Zhou, L.: Maliciously secure multi-party PSI with lower bandwidth and faster computation. Cryptology ePrint Archive, Paper 2022/772 (2022). https://eprint.iacr.org/2022/772

  29. Rindal, P., Raghuraman, S.: Blazing fast PSI from improved OKVS and subfield vole. Cryptology ePrint Archive, Report 2022/320 (2022). https://ia.cr/2022/320

  30. Rindal, P., Rosulek, M.: Improved private set intersection against malicious adversaries. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part I. LNCS, vol. 10210, pp. 235–259. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_9

    Chapter  Google Scholar 

  31. Rindal, P., Schoppmann, P.: VOLE-PSI: fast OPRF and circuit-PSI from vector-OLE. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 901–930. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_31

    Chapter  Google Scholar 

  32. Sang, Y., Shen, H.: Privacy preserving set intersection protocol secure against malicious behaviors. In: Proceedings of the Eighth International Conference on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2007, pp. 461–468. IEEE Computer Society (2007)

    Google Scholar 

  33. Sang, Y., Shen, H.: Privacy preserving set intersection based on bilinear groups. In: The 31th Australasian Computer Science Conference, ACSC 2008, vol. 74, pp. 47–54. Australian Computer Society (2008)

    Google Scholar 

  34. Schoppmann, P., Gascón, A., Reichert, L., Raykova, M.: Distributed vector-OLE: improved constructions and implementation. In: ACM Conference on Computer and Communications Security (CCS) 2019, pp. 1055–1072. ACM Press (2019). https://doi.org/10.1145/3319535.3363228

  35. Weng, C., Yang, K., Katz, J., Wang, X.: Wolverine: fast, scalable, and communication-efficient zero-knowledge proofs for Boolean and arithmetic circuits. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1074–1091 (2021)

    Google Scholar 

  36. Yang, K., Weng, C., Lan, X., Zhang, J., Wang, X.: Ferret: fast extension for correlated OT with small communication. In: ACM Conference on Computer and Communications Security (CCS) 2020, pp. 1607–1626. ACM Press (2020). https://doi.org/10.1145/3372297.3417276

  37. Zhang, E., Liu, F.H., Lai, Q., Jin, G., Li, Y.: Efficient multi-party private set intersection against malicious adversaries. In: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, CCSW 2019, pp. 93–104. Association for Computing Machinery (2019)

    Google Scholar 

Download references

Acknowledgements

Work of Kang Yang is supported by the National Natural Science Foundation of China (Grant Nos. 62102037, 61932019). Work of Yu Yu is supported by the National Key Research and Development Program of China (Grant Nos. 2020YFA0309705 and 2018YFA0704701) and the National Natural Science Foundation of China (Grant Nos. 62125204 and 61872236). Yu Yu also acknowledges the support from the XPLORER PRIZE. We thank anonymous reviewers for their helpful comments.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Yu Yu .

Editor information

Editors and Affiliations

A OKVS Overfitting

A OKVS Overfitting

For the security proof of a maliciously secure PSI protocol, the simulator obtains an OKVS from a corrupted party, and needs to extract the keys that are encoded in the OKVS. In general, this is done by defining \(v_i=\textsf{H} (k_i)\) for \(i \in [1,\ell ]\) where \(\textsf{H} \) is a random oracle. Then, the simulator can observe the queries to \(\textsf{H} \) made by the adversary, and then check which of the keys k satisfy \(\textsf{Decode} (\textbf{S}, k)=\textsf{H} (k)\). An OKVS whose parameters are chosen to encode \(\ell \) keys may often hold even more than \(\ell \) keys, when it is generated by the adversary. In the context of PSI, this allows the adversary to encode more keys than advertised. Therefore, we need to bound the number of keys that the adversary can “overfit” into an OKVS. Following the previous work [14], we model the property in the following definition.

Definition 4

([14]). The \((\ell , \ell ')\)-OKVS overfitting game is defined as follows.

  • Let \((\textsf{Encode}, \textsf{Decode})\) be an OKVS with parameters chosen to support \(\ell \) items, and \(\mathcal {A}\) be any PPT adversary. Let \(\textsf{H}: \mathcal K \rightarrow \mathcal V \) be a random oracle.

  • Run \(\textbf{S} \leftarrow \mathcal {A}^{\textsf{H} (\cdot )}(1^{\kappa })\).

  • Define the following set:

    $$X=\{k \, | \, \mathcal {A}\text { made a query } (k) \text { to } \textsf{H} \text { and } \textsf{Decode} (\textbf{S}, k) = \textsf{H} (k)\}.$$
  • If \(|X| > \ell '\), then the adversary \({{\mathcal {A}_{}}} \) wins.

We say that the \((\ell ,\ell ')\)-OKVS overfitting problem is hard for an OKVS, if no PPT adversary wins this game except with negligible probability.

For \({\kappa } =128\) and \(\lambda =40\), according to the analysis [27], when \(\textsf{H}: \mathcal K \rightarrow \mathbb F \) is used to define the values, a linear OKVS with a field size \(|\mathbb F |=128\) can guarantee that the successful probability of the adversary in the above overfitting game is less than \(1/2^{40}\), even though the adversary is allowed to make \(2^{80}\) queries to \(\textsf{H} \).

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Qiu, Z., Yang, K., Yu, Y., Zhou, L. (2022). Maliciously Secure Multi-party PSI with Lower Bandwidth and Faster Computation. In: Alcaraz, C., Chen, L., Li, S., Samarati, P. (eds) Information and Communications Security. ICICS 2022. Lecture Notes in Computer Science, vol 13407. Springer, Cham. https://doi.org/10.1007/978-3-031-15777-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15777-6_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15776-9

  • Online ISBN: 978-3-031-15777-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics