a survey on private set intersection
play

A Survey on Private Set Intersection Presented by Hongrui Cui - PowerPoint PPT Presentation

Apr 09, 2023 •289 likes •668 views

A Survey on Private Set Intersection Presented by Hongrui Cui RickFreeman@sjtu.edu.cn October 17, 2019 Cui Hongrui (SJTU) PSI October 17, 2019 1 / 27 Overview Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2

  1. A Survey on Private Set Intersection Presented by Hongrui Cui RickFreeman@sjtu.edu.cn October 17, 2019 Cui Hongrui (SJTU) PSI October 17, 2019 1 / 27

  2. Overview Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 2 / 27

  3. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 3 / 27

  4. Private Set Intersection Research Background ◮ Multiparty computation of set intersection Functionality Classification ◮ Security: Semi-Honest/Malicious ◮ Players: Two Party/Multi Party ◮ Output: Plain Intersection/Post-Processing Cui Hongrui (SJTU) PSI October 17, 2019 4 / 27

  5. Literature of Private Set Intersection Paper Parties Security Building Blocks [PSZ14] 2 Semi-Honest OT(OPRF) [HEK12] 2 Semi-Honest GC,GMW [CHLR18] 2 Hybrid (leveled-)FHE [RR17] 2 Malicious OT(OPRF) [KMP + 17] n Semi-Honest OT(OPPRF) Table: Comparison of Different Private Set Intersection Protocols Cui Hongrui (SJTU) PSI October 17, 2019 5 / 27

  6. Notations PSI Notations: ◮ X , Y ⊂ { 0 , 1 } σ : Input sets ◮ X ∗ , Y ∗ ⊂ { 0 , 1 } λ +log( | X | )+log( | Y | ) : Processed input sets ◮ � m − OT k � v : k instances of m -choose-1 oblivious transfer on v -bit 1 strings ◮ F PSM : Private set membership protocol (i.e. y ∈ X ) Cui Hongrui (SJTU) PSI October 17, 2019 6 / 27

  7. Notations Cuckoo Hashing Notations: ◮ B : Hash table “bins” ◮ m ∈ N : Hash table size ◮ h 1 , h 2 , h 3 : { 0 , 1 } ∗ → [ m ]: Hash function Cui Hongrui (SJTU) PSI October 17, 2019 7 / 27

  8. A Na¨ ıve PSI Protocol Compute Intersection on Hashed Values Sender Receiver X ∗ := { H ( x ) | x ∈ X } − − − − − − − − − − − → Output X ∩ Y := { y ∈ Y | H ( y ) ∈ X ∗ } X ∩ Y (optionally) ← − − − − − − − − − − Output X ∩ Y Cui Hongrui (SJTU) PSI October 17, 2019 8 / 27

  9. A Na¨ ıve PSI Protocol Why Na¨ ıve ◮ Hashed set X ∗ has the same entropy as X ◮ This entropy is usually low ◮ Feasible brute-force attack Cui Hongrui (SJTU) PSI October 17, 2019 9 / 27

  10. A Na¨ ıve PSI Protocol Why Na¨ ıve ◮ Hashed set X ∗ has the same entropy as X ◮ This entropy is usually low ◮ Feasible brute-force attack When the entropy is acceptable (e.g. 80 bits), this is secure. Cui Hongrui (SJTU) PSI October 17, 2019 9 / 27

  11. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 10 / 27

  12. Semi-Honest PSI ◮ 2-Party Semi-Honest PSI receives most attention ◮ State-of-the-art only incurs 1 − 10 times overhead Cui Hongrui (SJTU) PSI October 17, 2019 11 / 27

  13. Cuckoo Hashing Cuckoo Hashing ◮ A special hashing function ◮ Using eviction to resolve collision Cui Hongrui (SJTU) PSI October 17, 2019 12 / 27

  14. Cuckoo Hashing Insertion ◮ Let i = 1, compute index l = h i ( x ) ◮ If B [ l ] = ⊥ , then insert � x , i � ◮ If not, insert anyway $ ◮ Let � y , j � be the original content, let x := y i ← [3] \ { j } , goto step 1 If the process iterates more than t times, put the item in a stash s . Cui Hongrui (SJTU) PSI October 17, 2019 13 / 27

  15. Cuckoo Hashing Insertion ◮ Let i = 1, compute index l = h i ( x ) ◮ If B [ l ] = ⊥ , then insert � x , i � ◮ If not, insert anyway $ ◮ Let � y , j � be the original content, let x := y i ← [3] \ { j } , goto step 1 If the process iterates more than t times, put the item in a stash s . Lookup ◮ For inserted item x , there are only 3 + | s | possible locations Cui Hongrui (SJTU) PSI October 17, 2019 13 / 27

  16. Cuckoo Hashing Receiver: "Thin" Table Sender: "Thick" Table Cuckoo Hashing with h 1 ; h 2 Regular Hashing with h 1 ; h 2 T 1 [1] T 2 [1] . . . . . . T 1 [ h 1 ( x )] T 2 [ h 1 ( x )] . . . . . . T 1 [ h 2 ( x )] T 2 [ h 2 ( x )] . . . . . . T 1 [ m ] T 2 [ m ] Figure: Cuckoo Hash Table Cui Hongrui (SJTU) PSI October 17, 2019 14 / 27

  17. The Paradigm of [PSZ14] F PSI ≤ F PSM ◮ Receiver does cuckoo hashing, while the sender does regular hashing ◮ They then perform m instances of F PSM ( m = | B | ) Cui Hongrui (SJTU) PSI October 17, 2019 15 / 27

  18. The Paradigm of [PSZ14] F PSI ≤ F PSM ◮ Receiver does cuckoo hashing, while the sender does regular hashing ◮ They then perform m instances of F PSM ( m = | B | ) Discussion ◮ Most works in the semi-honest model follow this paradigm ◮ Various means to implement F PSM , e.g. OT, FHE, GC/GMW ◮ Cuckoo Hashing may be inherently unsuitable for malicious world Cui Hongrui (SJTU) PSI October 17, 2019 15 / 27

  19. Set Membership from Oblivious Transfer OT as OPRF ◮ F PSM from Oblivious PRF is quite easy � 2 σ ◮ (One-Time) Oblivious PRF can be considered some � − ROT 1 ◮ OT-Extension can efficiently implement this primitive Cui Hongrui (SJTU) PSI October 17, 2019 16 / 27

  20. A Brief Review on OT-Extension The idea is to “bootstrap” a large number of OT instances from a small number of base OT’s. Sender Receiver $ $ ← { 0 , 1 } m × v ← { 0 , 1 } v T 0 , T 1 b b j � 2 � − − − − − − − − → − OT v ( T 0 , j , T 1 , j ) ← − − − − − − − − − − − − − m T b , j 1 ← − − − − − − − − − C i = T i o ⊕ T i 1 ⊕ ECC( w i ) ← − − − − − − − − − − − − − Q i = T i b ⊕ s · C i Output ( s , Q i ) Output H ( i || T i 0 ) Cui Hongrui (SJTU) PSI October 17, 2019 17 / 27

  21. Set Membership from Homomorphic Encryption Naive Approach Sender Receiver Enc( pk , y ) ← − − − − − − − − − − − − − c =Eval( r · � x ∈ X ( y − x )) $ ← R q − − − − − − − − − − − − − − → r Output 1 if Dec( sk , c ) = 0 Output 0 otherwise Cui Hongrui (SJTU) PSI October 17, 2019 18 / 27

  22. Set Membership from Homomorphic Encryption Naive Approach Sender Receiver Enc( pk , y ) ← − − − − − − − − − − − − − c =Eval( r · � x ∈ X ( y − x )) $ ← R q − − − − − − − − − − − − − − → r Output 1 if Dec( sk , c ) = 0 Output 0 otherwise Several Optimizations ◮ Batching: reduce communication by n / d ◮ Partitioning: reduce polynomial degree by α ◮ Windowing: reduce circuit depth logarithmally ◮ Pre-Processing: reduce circuit depth by 1 Cui Hongrui (SJTU) PSI October 17, 2019 18 / 27

  23. Set Membership from General Framework The main advantage is arbitrary post-processing can be applied (by concatenation of circuits), but shuffling the output may be needed. Cui Hongrui (SJTU) PSI October 17, 2019 19 / 27

  24. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 20 / 27

  25. Malicious PSI via Dual Execution Ideas of [RR17]: Sender Receiver Randomly Permute X Randomly Permute Y x − − − − − − − − → F OPRF [ x ] i k i − − − − − − − − → ← − − − − − − − − − y ← − − − − − − − − F OPRF k ′ [ y ] ′ i ← − − − − − − − − i − − − − − − − − − → Q := { [ x ] i , j =[ x ] i ⊕ [ x ] ′ j } − − − − − − − − − − − − − − − − → Output X ∩ Y = { y |∃ i , [ y ] i ⊕ [ y ] ′ j ∈ Q } Cui Hongrui (SJTU) PSI October 17, 2019 21 / 27

  26. Optimizations It is possible to use regular hashing to reduce the quadratic complexity: ◮ Assuming n bins, log( n ) items per bin, the complexity is n log( n ) 2 ◮ Cuckoo hashing cannot be used here Cui Hongrui (SJTU) PSI October 17, 2019 22 / 27

  27. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 23 / 27

  28. Multiparty PSI The authors of [KMP + 17] proposed a simple protocol for semi-honest, multiparty PSI: ◮ Zero-Sharing ◮ Reconstruction Cui Hongrui (SJTU) PSI October 17, 2019 24 / 27

  29. Multiparty PSI The authors of [KMP + 17] proposed a simple protocol for semi-honest, multiparty PSI: ◮ Zero-Sharing ◮ Reconstruction The protocol heavily uses the Oblivious Programmable PRF functionality, which can be implemented from F OPRF and polynomial interpolation. Cui Hongrui (SJTU) PSI October 17, 2019 24 / 27

Recommend

Survey for Short Term Intersection Improvements and Road Widening Overall Respondents versus

Survey for Short Term Intersection Improvements and Road Widening Overall Respondents versus

Survey for Short Term Intersection Improvements and Road Widening Overall Respondents versus The Ponte Vedra Community Association Tuesday, February 13, 2018 Powered by Survey #1 Intersection Improvements Survey Population: 23,198 Surveys

599 views • 27 slides
Improved Private Set Intersection against Malicious Adversaries Peter Rindal Mike Rosulek

Improved Private Set Intersection against Malicious Adversaries Peter Rindal Mike Rosulek

Improved Private Set Intersection against Malicious Adversaries Peter Rindal Mike Rosulek Private Set Intersection (PSI) Private Set Intersection (PSI) Sender Receiver PSI

1.59k views • 99 slides
Efficient Private Matching and Set Intersection We think patients are misusing Here too..

Efficient Private Matching and Set Intersection We think patients are misusing Here too..

A Story Efficient Private Matching and Set Intersection We think patients are misusing Here too.. prescriptions to obtain drugs Mike Freedman, NYU Kobbi Nissim, MSR But, what about HIPAA? We could share our lists Benny Pinkas, HP

307 views • 7 slides
PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan

PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan

PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan University Mike Rosulek Oregon State University Ni Trieu UC Berkeley Avishay Yanai VMware Eurocrypt 2020, COVID-19 edition what is private set

1.04k views • 102 slides
Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections Among the most hazardous components of the highway system for all users (planned points of conflict) Complex speed-distance judgments under time

601 views • 24 slides
Private Set In Intersection (PSI): in the Cloud, or using Circuits Benny Pinkas September 10,

Private Set In Intersection (PSI): in the Cloud, or using Circuits Benny Pinkas September 10,

Private Set In Intersection (PSI): in the Cloud, or using Circuits Benny Pinkas September 10, 2017 Pri rivate Set In Intersectio ion (P (PSI) ? ? In In this talk Computing PSI using linear-size circuits, via two-dimensional Cuckoo

1.11k views • 78 slides
Effjcient Private Set Intersection for a Decentralised Web of Trust lvaro Garca-Recuero

Effjcient Private Set Intersection for a Decentralised Web of Trust lvaro Garca-Recuero

Effjcient Private Set Intersection for a Decentralised Web of Trust lvaro Garca-Recuero October 31, 2017 Privacy-preserving protocols for the WWW in the age of mass surveillance and adversarial learning lvaro Garca-Recuero

802 views • 45 slides
Upper tails of self-intersection local times: survey of proof techniques Wolfgang Knig TU

Upper tails of self-intersection local times: survey of proof techniques Wolfgang Knig TU

Weierstra-Institut fr Angewandte Analysis und Stochastik Upper tails of self-intersection local times: survey of proof techniques Wolfgang Knig TU Berlin and WIAS Berlin Mohrenstrae 39 10117 Berlin Tel. 030 20372 0

674 views • 44 slides
PRIVATE EQUITY SURVEY 2018 Structuring Private Equity Investments HKBAV & BBGV 6 June 2018

PRIVATE EQUITY SURVEY 2018 Structuring Private Equity Investments HKBAV & BBGV 6 June 2018

PRIVATE EQUITY SURVEY 2018 Structuring Private Equity Investments HKBAV & BBGV 6 June 2018 PRIVATE EQUITY SURVEY 2018 HKBAV & BBGV AGENDA BACKGROUND SOME PRELIMINARY THOUGHTS FOR BUYERS AND SELLERS INVESTMENT / ACQUISITION

307 views • 17 slides
INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale

INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale

INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale INTERSECTION LINKUK CONFIDENTIAL 5 INTERSECTION LINKUK CONFIDENTIAL 6 ? 1993 1995 2005 2008 2015 2016+ # Dimension Comparisons: Link

639 views • 14 slides
Private Set Intersection for Unequal Set Sizes with Mobile Applications gnes Kiss (TU

Private Set Intersection for Unequal Set Sizes with Mobile Applications gnes Kiss (TU

Private Set Intersection for Unequal Set Sizes with Mobile Applications gnes Kiss (TU Darmstadt) Jian Liu (Aalto University) Thomas Schneider (TU Darmstadt) N. Asokan (Aalto University) Benny Pinkas (Bar-Ilan University) 20.07.17 |

679 views • 46 slides
Participant Privacy Cannot be Ensured Survey Results are Not Safe and Private "What two

Participant Privacy Cannot be Ensured Survey Results are Not Safe and Private "What two

Participant Privacy Cannot be Ensured Survey Results are Not Safe and Private "What two people know is not private.". Any ranked Centralized structures store user profile data on private officer with a centralized server architecture

330 views • 18 slides
SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension Benny Pinkas Mike

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension Benny Pinkas Mike

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension Benny Pinkas Mike Rosulek Ni Trieu Avishay Yanai Presented by Cui Hongrui October 18, 2019 PRTY (BIU&OSU) SpOT October 18, 2019 1 / 30 Overview Introduction

1.5k views • 33 slides
Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection

Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection

Computer Graphics Prof. Brian Curless CSE 457 Spring 2004 Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection of a ray with a triangle. First, we consider the geometry of such an intersection: C

403 views • 4 slides
Family of intersection problems Family of intersection problems CG Lecture 2 CG Lecture 2 1.

Family of intersection problems Family of intersection problems CG Lecture 2 CG Lecture 2 1.

Family of intersection problems Family of intersection problems CG Lecture 2 CG Lecture 2 1. Line segment intersection : given n line segments, Line segment intersection report their intersections efficiently. Worst case: k = n ( n 1)/2

505 views • 7 slides
City of Camas NW 6 th and Norwood Intersection Options Existing Intersection hird level

City of Camas NW 6 th and Norwood Intersection Options Existing Intersection hird level

City of Camas NW 6 th and Norwood Intersection Options Existing Intersection hird level Fourth level Fifth level Signalized Intersection Construction Cost - $300,000 Design/Construction Support - $60,000 Signal Total -

362 views • 13 slides
Patients expectations of private osteopathic care in the UK: a national survey of patients

Patients expectations of private osteopathic care in the UK: a national survey of patients

Patients expectations of private osteopathic care in the UK: a national survey of patients C.M. Janine Leach, Anne Mandy, Vinette Cross, Carol A. Fawkes, Ann P. Moore IICAOR London 2012 Acknowledgements Thanks to our funder General

722 views • 33 slides
Texas Intersection Safety Implementation Plan Workshop JUNE 2, 2016 Why Intersection Safety?

Texas Intersection Safety Implementation Plan Workshop JUNE 2, 2016 Why Intersection Safety?

Texas Intersection Safety Implementation Plan Workshop JUNE 2, 2016 Why Intersection Safety? A small part of overall highway system, but Each year roughly 50% of all crashes estimated 3 million involve intersections 9 10

789 views • 44 slides
INTERSECTION CONTROL July 2018 FDOTS MANUAL ON INTERSECTION CONTROL EVALUATION Adopted

INTERSECTION CONTROL July 2018 FDOTS MANUAL ON INTERSECTION CONTROL EVALUATION Adopted

JF62 INTERSECTION CONTROL July 2018 FDOTS MANUAL ON INTERSECTION CONTROL EVALUATION Adopted November 2017 Why ICE? When ICE is Required? Applicability and Process Tools and Resources D1 Training 2 ICE PURPOSE

430 views • 16 slides
SR 758/Midnight Pass Road and Beach Road Intersection September 22, 2020 1 Intersection

SR 758/Midnight Pass Road and Beach Road Intersection September 22, 2020 1 Intersection

SR 758/Midnight Pass Road and Beach Road Intersection September 22, 2020 1 Intersection Project Part of larger resurfacing project on SR 758 Initiated by FDOT in 2015 Three Alternatives Considered 1. No Build SIGNALIZED

254 views • 4 slides
Private professional pension system in Albania Survey Methodology INSTAT 8 October 2015

Private professional pension system in Albania Survey Methodology INSTAT 8 October 2015

Private professional pension system in Albania Survey Methodology INSTAT 8 October 2015 The purpose Measuring the level of knowledge and recognition of employers and employees on private professional pension market in Albania, through

439 views • 15 slides
Are you the one to share? Secret Transfer with Access Structure Yongjun Zhao, Sherman S.M. Chow

Are you the one to share? Secret Transfer with Access Structure Yongjun Zhao, Sherman S.M. Chow

Are you the one to share? Secret Transfer with Access Structure Yongjun Zhao, Sherman S.M. Chow Department of I nformation E ngineering The C hinese U niversity of H ong K ong, Hong Kong Private Set Intersection (PSI) Compute the intersection

373 views • 25 slides
Rank 3 Inhabitation of Intersection Types Revisited Andrej Dudenhefner Jan Bessai Boris D

Rank 3 Inhabitation of Intersection Types Revisited Andrej Dudenhefner Jan Bessai Boris D

Rank 3 Inhabitation of Intersection Types Revisited Andrej Dudenhefner Jan Bessai Boris D udder Jakob Rehof Technical University of Dortmund, Germany May 20, 2016 1 / 26 Contents Intersection Type System 1 Intersection Type

408 views • 26 slides
Large deviations for Brownian intersection measures Chiranjib Mukherjee Prague, September, 2011

Large deviations for Brownian intersection measures Chiranjib Mukherjee Prague, September, 2011

Brownian intersection Brownian Intersection measure Main results: Large deviations Outlook Large deviations for Brownian intersection measures Chiranjib Mukherjee Prague, September, 2011 Brownian intersection Brownian Intersection measure

763 views • 60 slides

More recommend