Skip to main content

Efficient Private Multiset ID Protocols

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14252))

Included in the following conference series:

  • 632 Accesses

Abstract

Private-ID (PID) protocol enables two parties, each holding a private set of items, to privately compute a set of random universal identifiers (UID) corresponding to the records in the union of their sets, where each party additionally learns which UIDs correspond to which items in its set but not if they belong to the intersection or not. PID is very useful in the privacy computation of databases query, e.g. inner join and join for compute. Known PID protocols all assume the input of both parties is a set. In the case of join, a more common scenario is that one party’s primary key (unique) needs to join the other party’s foreign key (duplicate). How to construct an efficient Private Multiset ID (PMID) protocol to support the above key-foreign key join remains open.

We resolve this problem by constructing efficient PMID protocols from Oblivious PRF, Private Set Union, and a newly introduced primitive called Deterministic-Value Oblivious Programmable PRF (dv-OPPRF). We also propose some PMID applications, including Private Inner Join, Private Full Join, and Private Join for Compute.

We implement our PMID protocols and state-of-the-art PID protocols as performance baselines. The experiments show that the performances of our PMID are almost the same as the state-of-the-art PIDs when we set the multiplicity \(U_x = U_y = 1\). Our PMID protocols scale well when either \(U_x > 1\) or \(U_y > 1\). The performances also correctly reflect excessive data expansion when both \(U_x, U_y > 1\) for the more general cross join case.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In real scenarios, most join operations are one-to-many relationship, and the many-to-many relationship is usually considered to be avoided due to excessive data expansion. For completeness, we also consider such a general case in this paper.

  2. 2.

    The definition of our PMID naturally comes from the rules of join operation.

  3. 3.

    In fact, the protocol in [24] realizes OPRF instances where the keys \(k_i\) are related in some sense. However, the PRF that it instantiates has all the expected security properties, even in the presence of such related keys. For the sake of simplicity, we ignore this issue in our notation. See [24] for more details.

  4. 4.

    Thus we set \(\sigma = \max \{\lambda +\log nU_y,\lambda +\log mU_x\}\).

  5. 5.

    https://github.com/herumi/mcl.

  6. 6.

    https://github.com/alibaba-edu/mpc4j.

References

  1. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: CCS 2013 (2013)

    Google Scholar 

  2. Bater, J., Elliott, G., Eggen, C., Goel, S., Kho, A.N., Rogers, J.: SMCQL: secure query processing for private data networks. Proc. VLDB Endow. 10(6), 673–684 (2017)

    Article  Google Scholar 

  3. Bater, J., He, X., Ehrich, W., Machanavajjhala, A., Rogers, J.: Shrinkwrap: efficient SQL query processing in differentially private data federations. Proc. VLDB Endow. 12(3), 307–320 (2018)

    Article  Google Scholar 

  4. Blanton, M., Aguiar, E.: Private and oblivious set and multiset operations. In: ASIACCS 2012 (2012)

    Google Scholar 

  5. Buddhavarapu, P., Knox, A., Mohassel, P., Sengupta, S., Taubeneck, E., Vlaskin, V.: Private matching for compute. eprint 2020/599 (2020)

    Google Scholar 

  6. Chase, M., Miao, P.: Private set intersection in the internet setting from lightweight oblivious PRF. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 34–63. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_2

    Chapter  Google Scholar 

  7. Davidson, A., Cid, C.: An efficient toolkit for computing private set operations. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 261–278. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_15

    Chapter  Google Scholar 

  8. Dong, C., Chen, L., Wen, Z.: When private set intersection meets big data: an efficient and scalable protocol. In: CCS 2013 (2013)

    Google Scholar 

  9. Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17

    Chapter  Google Scholar 

  10. Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_1

    Chapter  Google Scholar 

  11. Frikken, K.: Privacy-preserving set union. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 237–252. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72738-5_16

    Chapter  Google Scholar 

  12. Garimella, G., Mohassel, P., Rosulek, M., Sadeghian, S., Singh, J.: Private set operations from oblivious switching. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 591–617. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_21

    Chapter  Google Scholar 

  13. Garimella, G., Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: Oblivious key-value stores and amplification for private set intersection. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 395–425. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_14

    Chapter  Google Scholar 

  14. Goldreich, O.: The Foundations of Cryptography - Volume 2: Basic Applications. Cambridge University Press, Cambridge (2004)

    Google Scholar 

  15. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)

    Google Scholar 

  16. Huang, Y., Evans, D., Katz, J.: Private set intersection: are garbled circuits better than custom protocols? In: NDSS 2012 (2012)

    Google Scholar 

  17. Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security (2011)

    Google Scholar 

  18. Huberman, B.A., Franklin, M., Hogg, T.: Enhancing privacy and trust in electronic communities. In: Electronic Commerce (EC-99) (1999)

    Google Scholar 

  19. Ion, M., et al.: On deploying secure computing: private intersection-sum-with-cardinality. In: EuroS &P (2020)

    Google Scholar 

  20. Ion, M., et al.: Private intersection-sum protocol with applications to attributing aggregate ad conversions. ePrint 2017/738 (2017)

    Google Scholar 

  21. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9

    Chapter  Google Scholar 

  22. Jia, Y., Sun, S.F., Zhou, H.S., Du, J., Gu, D.: Shuffle-based private set union: faster and more secure. In: USENIX Security (2022)

    Google Scholar 

  23. Kissner, L., Song, D.: Privacy-Preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_15

    Chapter  Google Scholar 

  24. Kolesnikov, V., Kumaresan, R., Rosulek, M., Trieu, N.: Efficient batched oblivious PRF with applications to private set intersection. In: CCS (2016)

    Google Scholar 

  25. Kolesnikov, V., Matania, N., Pinkas, B., Rosulek, M., Trieu, N.: Practical multi-party private set intersection from symmetric-key techniques. In: CCS 2017 (2017)

    Google Scholar 

  26. Kolesnikov, V., Rosulek, M., Trieu, N., Wang, X.: Scalable private set union from symmetric-key techniques. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 636–666. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_23

    Chapter  Google Scholar 

  27. Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In Proceedings of the Twelfth Annual Symposium on Discrete Algorithms (2001)

    Google Scholar 

  28. Pagh, R., Rodler, F.F.: Cuckoo hashing. In: auf der Heide, F.M. (ed.) ESA 2001. LNCS, vol. 2161, pp. 121–133. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44676-1_10

    Chapter  Google Scholar 

  29. Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: SpOT-light: lightweight private set intersection from sparse OT extension. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 401–431. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_13

    Chapter  Google Scholar 

  30. Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: PSI from PaXoS: fast, malicious private set intersection. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 739–767. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_25

    Chapter  Google Scholar 

  31. Pinkas, B., Schneider, T., Segev, G., Zohner, M.: Phasing: private set intersection using permutation-based hashing. In: USENIX 2015 (2015)

    Google Scholar 

  32. Pinkas, B., Schneider, T., Tkachenko, O., Yanai, A.: Efficient circuit-based PSI with linear communication. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 122–153. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_5

    Chapter  Google Scholar 

  33. Pinkas, B., Schneider, T., Zohner, M.: Faster private set intersection based on OT extension. In: USENIX Security (2014)

    Google Scholar 

  34. Poddar, R., Kalra, S., Yanai, A., Deng, R., Popa, R.A., Hellerstein, J.M.. Senate: a maliciously-secure MPC platform for collaborative analytics. In: USENIX Security 2021 (2021)

    Google Scholar 

  35. Poess, M., Smith, B., Kollar, L., Larson, P.: TPC-DS, taking decision support benchmarking to the next level. In: SIGMOD (2002)

    Google Scholar 

  36. Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptol. ePrint Arch. 2005, 187 (2005)

    Google Scholar 

  37. Rindal, P., Schoppmann, P.: VOLE-PSI: fast OPRF and circuit-PSI from vector-OLE. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 901–930. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_31

    Chapter  Google Scholar 

  38. Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)

    Google Scholar 

  39. Zhang, C., Liu, W., Ding, B., Lin, D.: Efficient private multiset id protocols. Cryptology ePrint Archive, Paper 2023/986 (2023). https://eprint.iacr.org/2023/986

Download references

Acknowledgement

We are grateful for the helpful comments from the anonymous reviewers. Weiran Liu is supported by the Major Programs of the National Social Science Foundation of China (Grant No. 22 &ZD147). Cong Zhang and Dongdai Lin are supported by the National Key Research and Development Program of China (No. 2020YFB1805402) and the National Natural Science Foundation of China (Grants No. 61872359 and No. 61936008).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Dongdai Lin .

Editor information

Editors and Affiliations

A Proof of Partial Obliviousness

A Proof of Partial Obliviousness

We first give the formal definition of linear OKVS as follows:

Definition 3 (Linear OKVS)

An OKVS is linear (over a field \(\mathbb {F}\)) if \(\mathcal {V} = \mathbb {F}\) (“values” are elements of \(\mathbb {F}\)), the output of \(\textsf{Encode}\) is a vector D in \(\mathbb {F}^m\), and the \(\textsf{Decode}\) function is defined as: \(\textsf{Decode}_H(D, x)= \langle \textsf{row}(x),D \rangle :=\sum _{j=1}^m \textsf{row}(x)_jD_j\) for some function \(\textsf{row}:\mathcal {K}\rightarrow \mathbb {F}^m\). Hence \(\textsf{Decode}\) is a linear map from \(\mathbb {F}^m\) to \(\mathbb {F}\).

The mapping \(\textsf{row}:\mathcal {K}\rightarrow \mathbb {F}^m\) are typically defined by the hash function H.

For a linear OKVS, one can view the Encode function as generating a solution to the linear system of equations: \(RD^T=Y\), where the i-th row of R is \(\textsf{row}(x_i)\).

Theorem 3

When \(\textsf{Encode}_H\) chooses uniformly from the set of solutions to the linear system, the linear OKVS satisfies the partial obliviousness property.

Proof

Now we prove the two distribution of D are statistically indistinguishable. We decompose the matrix as \({ \left[ \begin{array}{c} R_1\\ R_2 \end{array} \right] } D^T = { \left[ \begin{array}{c} Y_1\\ Y_2 \end{array} \right] }\), where \(R_1\) and \(Y_1\) correspond to the first t rows of the matrix, and \(R_2\) and \(Y_2\) correspond to the last \(n-t\) rows. We use \(\mathcal {D}_{X,Y}\) to represent all possible outputs of \(\textsf{Encode}_H(X,Y)\). We have \(D\leftarrow \textsf{Encode}_H(X,Y) \Longleftrightarrow D\xleftarrow {\tiny R }\mathcal {D}_{X,Y}\).

We denote the two distributions in the definition of partial obliviousness as \(W_1\) and \(W_2\) respectively. Since there are t fixed key-value pairs \((x_1,y_1),\dots ,(x_t,y_t)\), both outputs of \(W_1\) and \(W_2\) must satisfy \(R_1D^T = Y_1\).

For any \(D_0\in \mathbb {F}^m\) constrained on \(R_1D_0^T = Y_1\), we have \(Pr[Y_2\xleftarrow {\tiny R }\mathbb {F}^{n-t}:R_2D_0^T = Y_2] = \frac{1}{|\mathbb {F}|^{n-t}}\) and thus \(Pr[D\leftarrow \textsf{Encode}_H(X,Y): D=D_0|Y_2\ne R_2D_0^T] = 0\). The distribution of \(W_1\) is as follows:

$$\begin{aligned} &Pr[D\leftarrow W_1:D=D_0]=Pr[Y_2\xleftarrow {\tiny R }\mathbb {F}^{n-t},D\xleftarrow {\tiny R }\mathcal {D}_{X,Y}:D=D_0]\\ &=\sum _{Y_2'\in \mathbb {F}^{n-t}}Pr[Y_2\xleftarrow {\tiny R }\mathbb {F}^{n-t}:Y_2 = Y_2'] \cdot Pr[D\xleftarrow {\tiny R }\mathcal {D}_{X,Y}:D=D_0|Y_2 = Y_2']\\ &=Pr[Y_2\xleftarrow {\tiny R }\mathbb {F}^{n-t}:Y_2 = R_2D_0^T]\cdot Pr[D\xleftarrow {\tiny R }\mathcal {D}_{X,Y}:D=D_0|Y_2 = R_2D_0^T]\\ &=\frac{1}{|\mathbb {F}|^{n-t}}\cdot \frac{1}{|\mathcal {D}_{X,Y}|} \end{aligned}$$

The only difference between \(W_1\) and \(W_2\) is that the constant matrix \(R_2\) is different, which does not affect the probability. Similarly, we obtain \(Pr[D\leftarrow W_2:D=D_0] =\frac{1}{|\mathbb {F}|^{n-t}}\cdot \frac{1}{|\mathcal {D}_{X,Y}|}\).

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, C., Liu, W., Ding, B., Lin, D. (2023). Efficient Private Multiset ID Protocols. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7356-9_21

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7355-2

  • Online ISBN: 978-981-99-7356-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics