scholarly journals PIR-PSI: Scaling Private Contact Discovery

2018 ◽  
Vol 2018 (4) ◽  
pp. 159-178 ◽  
Author(s):  
Daniel Demmler ◽  
Peter Rindal ◽  
Mike Rosulek ◽  
Ni Trieu
Keyword(s):  
Social Networking ◽  
Private Information ◽  
Provable Security ◽  
State Of The Art ◽  
Private Information Retrieval ◽  
Social Contacts ◽  
Set Intersection ◽  
New Ideas ◽  
Private Set Intersection ◽  
Security Guarantees

Abstract An important initialization step in many social-networking applications is contact discovery, which allows a user of the service to identify which of its existing social contacts also use the service. Naïve approaches to contact discovery reveal a user’s entire set of social/professional contacts to the service, presenting a significant tension between functionality and privacy. In this work, we present a system for private contact discovery, in which the client learns only the intersection of its own contact list and a server’s user database, and the server learns only the (approximate) size of the client’s list. The protocol is specifically tailored to the case of a small client set and large user database. Our protocol has provable security guarantees and combines new ideas with state-of-the-art techniques from private information retrieval and private set intersection. We report on a highly optimized prototype implementation of our system, which is practical on real-world set sizes. For example, contact discovery between a client with 1024 contacts and a server with 67 million user entries takes 1.36 sec (when using server multi-threading) and uses only 4.28 MiB of communication.

scholarly journals Two-Party Privacy-Preserving Set Intersection with FHE

Entropy ◽  
2020 ◽  
Vol 22 (12) ◽  
pp. 1339
Author(s):  
Yunlu Cai ◽  
Chunming Tang ◽  
Qiuxia Xu
Keyword(s):  
Private Information ◽  
Homomorphic Encryption ◽  
Bloom Filter ◽  
Cloud Service ◽  
Fully Homomorphic Encryption ◽  
Cloud Service Provider ◽  
Set Size ◽  
Set Intersection ◽  
Learning With Errors ◽  
Private Set Intersection

A two-party private set intersection allows two parties, the client and the server, to compute an intersection over their private sets, without revealing any information beyond the intersecting elements. We present a novel private set intersection protocol based on Shuhong Gao’s fully homomorphic encryption scheme and prove the security of the protocol in the semi-honest model. We also present a variant of the protocol which is a completely novel construction for computing the intersection based on Bloom filter and fully homomorphic encryption, and the protocol’s complexity is independent of the set size of the client. The security of the protocols relies on the learning with errors and ring learning with error problems. Furthermore, in the cloud with malicious adversaries, the computation of the private set intersection can be outsourced to the cloud service provider without revealing any private information.

scholarly journals Circuit-PSI With Linear Complexity via Relaxed Batch OPPRF

2021 ◽  
Vol 2022 (1) ◽  
pp. 353-372
Author(s):  
Nishanth Chandran ◽  
Divya Gupta ◽  
Akash Shah
Keyword(s):  
Communication Complexity ◽  
Linear Complexity ◽  
State Of The Art ◽  
The State ◽  
Communication Cost ◽  
Independent Interest ◽  
Pseudorandom Functions ◽  
Long Line ◽  
Set Intersection ◽  
Private Set Intersection

Abstract In 2-party Circuit-based Private Set Intersection (Circuit-PSI), P 0 and P 1 hold sets S0 and S1 respectively and wish to securely compute a function f over the set S0 ∩ S1 (e.g., cardinality, sum over associated attributes, or threshold intersection). Following a long line of work, Pinkas et al. (PSTY, Eurocrypt 2019) showed how to construct a concretely efficient Circuit-PSI protocol with linear communication complexity. However, their protocol requires super-linear computation. In this work, we construct concretely efficient Circuit-PSI protocols with linear computational and communication cost. Further, our protocols are more performant than the state-of-the-art, PSTY – we are ≈ 2.3× more communication efficient and are up to 2.8× faster. We obtain our improvements through a new primitive called Relaxed Batch Oblivious Programmable Pseudorandom Functions (RB-OPPRF) that can be seen as a strict generalization of Batch OPPRFs that were used in PSTY. This primitive could be of independent interest.

scholarly journals Three-party quantum private computation of cardinalities of set intersection and union based on GHZ states

2020 ◽  
Vol 10 (1) ◽  
Author(s):  
Cai Zhang ◽  
Yinxiang Long ◽  
Zhiwei Sun ◽  
Qin Li ◽  
Qiong Huang
Keyword(s):  
Private Information ◽  
Third Party ◽  
Cryptographic Primitives ◽  
Ghz States ◽  
Set Intersection ◽  
Private Computation ◽  
Private Set Intersection

AbstractPrivate Set Intersection Cardinality (PSI-CA) and Private Set Union Cardinality (PSU-CA) are two cryptographic primitives whereby two or more parties are able to obtain the cardinalities of the intersection and the union of their respective private sets, and the privacy of their sets is preserved. In this paper, we propose a three-party protocol to finish these tasks by using quantum resources, where every two, as well as three, parties can obtain the cardinalities of the intersection and the union of their private sets with the help of a semi-honest third party (TP). In our protocol, GHZ states play a role in encoding private information that will be used by TP to compute the cardinalities. We show that the presented protocol is secure against well-known quantum attacks. In addition, we analyze the influence of six typical kinds of Markovian noise on our protocol.

scholarly journals Are you The One to Share? Secret Transfer with Access Structure

2017 ◽  
Vol 2017 (1) ◽  
pp. 149-169 ◽  
Author(s):  
Yongjun Zhao ◽  
Sherman S.M. Chow
Keyword(s):  
State Of The Art ◽  
Bloom Filter ◽  
Access Structure ◽  
Polynomial Evaluation ◽  
Threshold Policy ◽  
Oblivious Polynomial Evaluation ◽  
Set Intersection ◽  
Malicious Model ◽  
Private Set Intersection ◽  
The One

Abstract Sharing information to others is common nowadays, but the question is with whom to share. To address this problem, we propose the notion of secret transfer with access structure (STAS). STAS is a twoparty computation protocol that enables the server to transfer a secret to a client who satisfies the prescribed access structure. In this paper, we focus on threshold secret transfer (TST), which is STAS for threshold policy and can be made more expressive by using linear secret sharing. TST enables a number of applications including a simple construction of oblivious transfer (OT) with threshold access control, and (a variant of) threshold private set intersection (t-PSI), which are the first of their kinds in the literature to the best of our knowledge. The underlying primitive of STAS is a variant of OT, which we call OT for a sparse array. We provide two constructions which are inspired by state-of-the-art PSI techniques including oblivious polynomial evaluation (OPE) and garbled Bloom filter (GBF). The OPEbased construction is secure in the malicious model, while the GBF-based one is more efficient. We implemented the latter one and showed its performance in applications such as privacy-preserving matchmaking.

scholarly journals A Survey of Oblivious Transfer Protocol

2022 ◽  
Author(s):  
Vijay Kumar Yadav ◽  
Nitish Andola ◽  
Shekhar Verma ◽  
S Venkatesan
Keyword(s):  
Private Information ◽  
Oblivious Transfer ◽  
Location Based Services ◽  
Malicious Adversary ◽  
Set Intersection ◽  
Wide Range ◽  
Symmetric Key ◽  
Contract Signing ◽  
Security Guarantees ◽  
Symmetric Key Cryptography

Oblivious transfer (OT) protocol is an essential tool in cryptography that provides a wide range of applications like secure multi-party computation, private information retrieval, private set intersection, contract signing, and privacy-preserving location-based services. The OT protocol has different variants such as one-out-of-2, one-out-of- n , k -out-of- n , and OT extension. In the OT (one-out-of-2, one-out-of- n , and OT extension) protocol, the sender has a set of messages, whereas the receiver has a key. The receiver sends that key to the sender in a secure way; the sender cannot get any information about the received key. The sender encrypts every message by operating on every message using the received key and sends all the encrypted messages to the receiver. The receiver is able to extract only the required message using his key. However, in the k -out-of- n OT protocol, the receiver sends a set of k keys to the sender, and in replay, the sender sends all the encrypted messages. The receiver uses his keys and extracts the required messages, but it cannot gain any information about the messages that it has not requested. Generally, the OT protocol requires high communication and computation cost if we transfer millions of oblivious messages. The OT extension protocol provides a solution for this, where the receiver transfers a set of keys to the sender by executing a few numbers of OT protocols. Then, the sender encrypts all the messages using cheap symmetric key cryptography with the help of a received set of keys and transfer millions of oblivious messages to the receiver. In this work, we present different variants of OT protocols such as one-out-of-2, one-out-of- n , k -out-of- n , and OT extension. Furthermore, we cover various aspects of theoretical security guarantees such as semi-honest and malicious adversaries, universally composable, used techniques, computation, and communication efficiency aspects. From the analysis, we found that the semi-honest adversary-based OT protocols required low communication and computation costs as compared to malicious adversary-based OT protocols.

scholarly journals A secure and highly efficient first-order masking scheme for AES linear operations

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Jingdian Ming ◽  
Yongbin Zhou ◽  
Huizhong Li ◽  
Qian Zhang
Keyword(s):  
Cost Reduction ◽  
Provable Security ◽  
State Of The Art ◽  
Side Channel ◽  
First Order ◽  
Highly Efficient ◽  
Non Linear ◽  
Device Independence ◽  
Practical Implications ◽  
Provably Secure

AbstractDue to its provable security and remarkable device-independence, masking has been widely accepted as a noteworthy algorithmic-level countermeasure against side-channel attacks. However, relatively high cost of masking severely limits its applicability. Considering the high tackling complexity of non-linear operations, most masked AES implementations focus on the security and cost reduction of masked S-boxes. In this paper, we focus on linear operations, which seems to be underestimated, on the contrary. Specifically, we discover some security flaws and redundant processes in popular first-order masked AES linear operations, and pinpoint the underlying root causes. Then we propose a provably secure and highly efficient masking scheme for AES linear operations. In order to show its practical implications, we replace the linear operations of state-of-the-art first-order AES masking schemes with our proposal, while keeping their original non-linear operations unchanged. We implement four newly combined masking schemes on an Intel Core i7-4790 CPU, and the results show they are roughly 20% faster than those original ones. Then we select one masked implementation named RSMv2 due to its popularity, and investigate its security and efficiency on an AVR ATMega163 processor and four different FPGA devices. The results show that no exploitable first-order side-channel leakages are detected. Moreover, compared with original masked AES implementations, our combined approach is nearly 25% faster on the AVR processor, and at least 70% more efficient on four FPGA devices.

Sign in / Sign up

Export Citation Format

Share Document