Abstract
Private-ID (PID) protocol enables two parties, each holding a private set of items, to privately compute a set of random universal identifiers (UID) corresponding to the records in the union of their sets, where each party additionally learns which UIDs correspond to which items in its set but not if they belong to the intersection or not. PID is very useful in the privacy computation of databases query, e.g. inner join and join for compute. Known PID protocols all assume the input of both parties is a set. In the case of join, a more common scenario is that one party’s primary key (unique) needs to join the other party’s foreign key (duplicate). How to construct an efficient Private Multiset ID (PMID) protocol to support the above key-foreign key join remains open.
We resolve this problem by constructing efficient PMID protocols from Oblivious PRF, Private Set Union, and a newly introduced primitive called Deterministic-Value Oblivious Programmable PRF (dv-OPPRF). We also propose some PMID applications, including Private Inner Join, Private Full Join, and Private Join for Compute.
We implement our PMID protocols and state-of-the-art PID protocols as performance baselines. The experiments show that the performances of our PMID are almost the same as the state-of-the-art PIDs when we set the multiplicity \(U_x = U_y = 1\). Our PMID protocols scale well when either \(U_x > 1\) or \(U_y > 1\). The performances also correctly reflect excessive data expansion when both \(U_x, U_y > 1\) for the more general cross join case.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In real scenarios, most join operations are one-to-many relationship, and the many-to-many relationship is usually considered to be avoided due to excessive data expansion. For completeness, we also consider such a general case in this paper.
- 2.
The definition of our PMID naturally comes from the rules of join operation.
- 3.
In fact, the protocol in [24] realizes OPRF instances where the keys \(k_i\) are related in some sense. However, the PRF that it instantiates has all the expected security properties, even in the presence of such related keys. For the sake of simplicity, we ignore this issue in our notation. See [24] for more details.
- 4.
Thus we set \(\sigma = \max \{\lambda +\log nU_y,\lambda +\log mU_x\}\).
- 5.
- 6.
References
Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: CCS 2013 (2013)
Bater, J., Elliott, G., Eggen, C., Goel, S., Kho, A.N., Rogers, J.: SMCQL: secure query processing for private data networks. Proc. VLDB Endow. 10(6), 673–684 (2017)
Bater, J., He, X., Ehrich, W., Machanavajjhala, A., Rogers, J.: Shrinkwrap: efficient SQL query processing in differentially private data federations. Proc. VLDB Endow. 12(3), 307–320 (2018)
Blanton, M., Aguiar, E.: Private and oblivious set and multiset operations. In: ASIACCS 2012 (2012)
Buddhavarapu, P., Knox, A., Mohassel, P., Sengupta, S., Taubeneck, E., Vlaskin, V.: Private matching for compute. eprint 2020/599 (2020)
Chase, M., Miao, P.: Private set intersection in the internet setting from lightweight oblivious PRF. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 34–63. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_2
Davidson, A., Cid, C.: An efficient toolkit for computing private set operations. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10343, pp. 261–278. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59870-3_15
Dong, C., Chen, L., Wen, Z.: When private set intersection meets big data: an efficient and scalable protocol. In: CCS 2013 (2013)
Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17
Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_1
Frikken, K.: Privacy-preserving set union. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 237–252. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72738-5_16
Garimella, G., Mohassel, P., Rosulek, M., Sadeghian, S., Singh, J.: Private set operations from oblivious switching. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12711, pp. 591–617. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75248-4_21
Garimella, G., Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: Oblivious key-value stores and amplification for private set intersection. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 395–425. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_14
Goldreich, O.: The Foundations of Cryptography - Volume 2: Basic Applications. Cambridge University Press, Cambridge (2004)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC (1987)
Huang, Y., Evans, D., Katz, J.: Private set intersection: are garbled circuits better than custom protocols? In: NDSS 2012 (2012)
Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security (2011)
Huberman, B.A., Franklin, M., Hogg, T.: Enhancing privacy and trust in electronic communities. In: Electronic Commerce (EC-99) (1999)
Ion, M., et al.: On deploying secure computing: private intersection-sum-with-cardinality. In: EuroS &P (2020)
Ion, M., et al.: Private intersection-sum protocol with applications to attributing aggregate ad conversions. ePrint 2017/738 (2017)
Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9
Jia, Y., Sun, S.F., Zhou, H.S., Du, J., Gu, D.: Shuffle-based private set union: faster and more secure. In: USENIX Security (2022)
Kissner, L., Song, D.: Privacy-Preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_15
Kolesnikov, V., Kumaresan, R., Rosulek, M., Trieu, N.: Efficient batched oblivious PRF with applications to private set intersection. In: CCS (2016)
Kolesnikov, V., Matania, N., Pinkas, B., Rosulek, M., Trieu, N.: Practical multi-party private set intersection from symmetric-key techniques. In: CCS 2017 (2017)
Kolesnikov, V., Rosulek, M., Trieu, N., Wang, X.: Scalable private set union from symmetric-key techniques. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 636–666. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_23
Naor, M., Pinkas, B.: Efficient oblivious transfer protocols. In Proceedings of the Twelfth Annual Symposium on Discrete Algorithms (2001)
Pagh, R., Rodler, F.F.: Cuckoo hashing. In: auf der Heide, F.M. (ed.) ESA 2001. LNCS, vol. 2161, pp. 121–133. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44676-1_10
Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: SpOT-light: lightweight private set intersection from sparse OT extension. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 401–431. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_13
Pinkas, B., Rosulek, M., Trieu, N., Yanai, A.: PSI from PaXoS: fast, malicious private set intersection. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 739–767. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_25
Pinkas, B., Schneider, T., Segev, G., Zohner, M.: Phasing: private set intersection using permutation-based hashing. In: USENIX 2015 (2015)
Pinkas, B., Schneider, T., Tkachenko, O., Yanai, A.: Efficient circuit-based PSI with linear communication. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 122–153. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_5
Pinkas, B., Schneider, T., Zohner, M.: Faster private set intersection based on OT extension. In: USENIX Security (2014)
Poddar, R., Kalra, S., Yanai, A., Deng, R., Popa, R.A., Hellerstein, J.M.. Senate: a maliciously-secure MPC platform for collaborative analytics. In: USENIX Security 2021 (2021)
Poess, M., Smith, B., Kollar, L., Larson, P.: TPC-DS, taking decision support benchmarking to the next level. In: SIGMOD (2002)
Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptol. ePrint Arch. 2005, 187 (2005)
Rindal, P., Schoppmann, P.: VOLE-PSI: fast OPRF and circuit-PSI from vector-OLE. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 901–930. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_31
Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS (1986)
Zhang, C., Liu, W., Ding, B., Lin, D.: Efficient private multiset id protocols. Cryptology ePrint Archive, Paper 2023/986 (2023). https://eprint.iacr.org/2023/986
Acknowledgement
We are grateful for the helpful comments from the anonymous reviewers. Weiran Liu is supported by the Major Programs of the National Social Science Foundation of China (Grant No. 22 &ZD147). Cong Zhang and Dongdai Lin are supported by the National Key Research and Development Program of China (No. 2020YFB1805402) and the National Natural Science Foundation of China (Grants No. 61872359 and No. 61936008).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Proof of Partial Obliviousness
A Proof of Partial Obliviousness
We first give the formal definition of linear OKVS as follows:
Definition 3 (Linear OKVS)
An OKVS is linear (over a field \(\mathbb {F}\)) if \(\mathcal {V} = \mathbb {F}\) (“values” are elements of \(\mathbb {F}\)), the output of \(\textsf{Encode}\) is a vector D in \(\mathbb {F}^m\), and the \(\textsf{Decode}\) function is defined as: \(\textsf{Decode}_H(D, x)= \langle \textsf{row}(x),D \rangle :=\sum _{j=1}^m \textsf{row}(x)_jD_j\) for some function \(\textsf{row}:\mathcal {K}\rightarrow \mathbb {F}^m\). Hence \(\textsf{Decode}\) is a linear map from \(\mathbb {F}^m\) to \(\mathbb {F}\).
The mapping \(\textsf{row}:\mathcal {K}\rightarrow \mathbb {F}^m\) are typically defined by the hash function H.
For a linear OKVS, one can view the Encode function as generating a solution to the linear system of equations: \(RD^T=Y\), where the i-th row of R is \(\textsf{row}(x_i)\).
Theorem 3
When \(\textsf{Encode}_H\) chooses uniformly from the set of solutions to the linear system, the linear OKVS satisfies the partial obliviousness property.
Proof
Now we prove the two distribution of D are statistically indistinguishable. We decompose the matrix as \({ \left[ \begin{array}{c} R_1\\ R_2 \end{array} \right] } D^T = { \left[ \begin{array}{c} Y_1\\ Y_2 \end{array} \right] }\), where \(R_1\) and \(Y_1\) correspond to the first t rows of the matrix, and \(R_2\) and \(Y_2\) correspond to the last \(n-t\) rows. We use \(\mathcal {D}_{X,Y}\) to represent all possible outputs of \(\textsf{Encode}_H(X,Y)\). We have \(D\leftarrow \textsf{Encode}_H(X,Y) \Longleftrightarrow D\xleftarrow {\tiny R }\mathcal {D}_{X,Y}\).
We denote the two distributions in the definition of partial obliviousness as \(W_1\) and \(W_2\) respectively. Since there are t fixed key-value pairs \((x_1,y_1),\dots ,(x_t,y_t)\), both outputs of \(W_1\) and \(W_2\) must satisfy \(R_1D^T = Y_1\).
For any \(D_0\in \mathbb {F}^m\) constrained on \(R_1D_0^T = Y_1\), we have \(Pr[Y_2\xleftarrow {\tiny R }\mathbb {F}^{n-t}:R_2D_0^T = Y_2] = \frac{1}{|\mathbb {F}|^{n-t}}\) and thus \(Pr[D\leftarrow \textsf{Encode}_H(X,Y): D=D_0|Y_2\ne R_2D_0^T] = 0\). The distribution of \(W_1\) is as follows:
The only difference between \(W_1\) and \(W_2\) is that the constant matrix \(R_2\) is different, which does not affect the probability. Similarly, we obtain \(Pr[D\leftarrow W_2:D=D_0] =\frac{1}{|\mathbb {F}|^{n-t}}\cdot \frac{1}{|\mathcal {D}_{X,Y}|}\).
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhang, C., Liu, W., Ding, B., Lin, D. (2023). Efficient Private Multiset ID Protocols. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_21
Download citation
DOI: https://doi.org/10.1007/978-981-99-7356-9_21
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7355-2
Online ISBN: 978-981-99-7356-9
eBook Packages: Computer ScienceComputer Science (R0)