Private Set Intersection for Unequal Set Sizes with Mobile - PowerPoint PPT Presentation

Private Set Intersection for Unequal Set Sizes with Mobile Applications Ágnes Kiss (TU Darmstadt) Jian Liu (Aalto University) Thomas Schneider (TU Darmstadt) N. Asokan (Aalto University) Benny Pinkas (Bar-Ilan University) 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 1

Private Set Intersection (PSI) 𝑂 ≈ 𝑂 𝐶 𝐵 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 2

Private Set Intersection (PSI) ? ? ? ? ? ? ? 𝑂 ≈ 𝑂 𝐶 𝐵 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 2

PSI with Unequal Set Sizes 𝑂 ≫ 𝑂 𝐶 𝐵 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 3

PSI with Unequal Set Sizes – Mobile Messaging Service ... 𝑂 ≫ 𝑂 𝐶 𝐵 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 4

PSI with Unequal Set Sizes – Mobile Messaging Service ? ? ? ? ? ? ... 𝑂 ≫ 𝑂 𝐶 𝐵 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 4

PSI with Unequal Set Sizes – Malware Detection Service ... 𝑂 ≫ 𝑂 𝐶 𝐵 3 Mio 95 [TLP+17] 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 5

PSI with Unequal Set Sizes – Malware Detection Service ? ? ? ? ? ? ? ... ? ? 𝑂 ≫ 𝑂 𝐶 𝐵 3 Mio 95 [TLP+17] 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 5

What do we have? • OT-based protocols efficient for 𝑶 𝑩 ≈ 𝑶 𝑪 • Garbled BF based protocols [DCW13,RR17] Hashing-based protocols [PSZ14,PSSZ15,KKRT16] • 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 6

What do we have? • OT-based protocols efficient for 𝑶 𝑩 ≈ 𝑶 𝑪 • Garbled BF based protocols [DCW13,RR17] Hashing-based protocols [PSZ14,PSSZ15,KKRT16] • Require sending data linear in 𝑂 𝐵 for each element of the client (𝑃(𝑂 𝐵 𝑂 𝐶 )) 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 6

What do we have? • OT-based protocols efficient for 𝑶 𝑩 ≈ 𝑶 𝑪 • Garbled BF based protocols [DCW13,RR17] Hashing-based protocols [PSZ14,PSSZ15,KKRT16] • Require sending data linear in 𝑂 𝐵 for each element of the client (𝑃(𝑂 𝐵 𝑂 𝐶 )) • Protocols linear in the set sizes (𝑷 𝑶 𝑩 + 𝑶 𝑪 ) • Based on public-key crypto: OPE [FNP04], DH [HFH99] Based on Oblivious PRF evaluation: NR [FIPR05,HL08], • AES [PSSW09], RSA [CT10] 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 6

What do we have? • OT-based protocols efficient for 𝑶 𝑩 ≈ 𝑶 𝑪 • Garbled BF based protocols [DCW13,RR17] Hashing-based protocols [PSZ14,PSSZ15,KKRT16] • Require sending data linear in 𝑂 𝐵 for each element of the client (𝑃(𝑂 𝐵 𝑂 𝐶 )) • Protocols linear in the set sizes (𝑷 𝑶 𝑩 + 𝑶 𝑪 ) • Based on public-key crypto: OPE [FNP04], DH [HFH99] Based on Oblivious PRF evaluation: NR [FIPR05,HL08], • AES [PSSW09], RSA [CT10] Can these be adapted to unequal set sizes? 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 6

Our Contributions Improve existing Prototype Further linear complexity implementation extensions for protocols for of improved real-world unequal set sizes protocols applications 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 7

Precomputed PSI – Three Phases |𝑂 𝐵 | ≫ |𝑂 𝐶 | Base Phase max maximum number of client inputs Data-independent, depends on 𝑂 𝐶 Setup Phase Depends on the 𝑂 𝐵 elements in the database Online Phase Depends on the 𝑂 𝐶 elements in the client set 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 8

Precomputed PSI – Three Phases |𝑂 𝐵 | ≫ |𝑂 𝐶 | Base Phase max maximum number of client inputs Data-independent, depends on 𝑂 𝐶 Can be precomputed without any knowledge on the inputs Setup Phase Depends on the 𝑂 𝐵 elements in the database Online Phase Depends on the 𝑂 𝐶 elements in the client set 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 8

Precomputed PSI – Three Phases |𝑂 𝐵 | ≫ |𝑂 𝐶 | Base Phase max maximum number of client inputs Data-independent, depends on 𝑂 𝐶 Can be precomputed without any knowledge on the inputs Setup Phase Depends on the 𝑂 𝐵 elements in the database The server can perform most of the computation in advance Online Phase Depends on the 𝑂 𝐶 elements in the client set 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 8

Precomputed PSI – Three Phases |𝑂 𝐵 | ≫ |𝑂 𝐶 | Base Phase max maximum number of client inputs Data-independent, depends on 𝑂 𝐶 Can be precomputed without any knowledge on the inputs Setup Phase Depends on the 𝑂 𝐵 elements in the database The server can perform most of the computation in advance Same for all clients? Online Phase Depends on the 𝑂 𝐶 elements in the client set 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 8

Precomputed PSI – Three Phases |𝑂 𝐵 | ≫ |𝑂 𝐶 | Base Phase max maximum number of client inputs Data-independent, depends on 𝑂 𝐶 Can be precomputed without any knowledge on the inputs Setup Phase Depends on the 𝑂 𝐵 elements in the database The server can perform most of the computation in advance Same for all clients? Online Phase Depends on the 𝑂 𝐶 elements in the client set Computation on the client’s few elements is fast 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 8

Bloom filter 𝐼 1 𝐼 2 … 𝐼 𝑙 1 2 ... i ... j ... n 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 9

Bloom filter 𝑓 : 004912345678910 𝐼 1 𝐼 2 … 𝐼 𝑙 1 2 ... i ... j ... n 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 9

Bloom filter 𝑓 : 004912345678910 𝐼 1 𝐼 2 … 𝐼 𝑙 1 2 ... i ... j ... n 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 𝐼 1 (𝑓) 𝐼 2 (𝑓) … 𝐼 𝑙 (𝑓) 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 9

Bloom filter 𝐹(𝑓) : fti45jxcfuu984fghdr56fguew91jm 𝐼 1 𝐼 2 … 𝐼 𝑙 1 2 ... i ... j ... n 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 𝐼 1 (𝐹(𝑓)) 𝐼 2 (𝐹 𝑓 ) … 𝐼 𝑙 (𝐹(𝑓)) 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 9

Efficient and Secure Updates Insertion in Bloom filter 𝐹(𝑓) : fti45jxcfuu984fghdr56fguew91jm 𝐼 1 𝐹(𝑓) , 𝐼 2 𝐹(𝑓) , … , 𝐼 𝑙 (𝐹(𝑓)) Deletion: Counting Bloom filter 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 10

Precomputed PSI – PSI with PRF: RSA-PSI, NR-PSI, GC-PSI |𝑂 𝐵 | ≫ |𝑂 𝐶 | Base Phase Key generation, Precomputation Agree on key, parameters, Precomputation Precomputation Setup Phase Encrypt database and BF insert in Bloom filter Store Bloom filter Online Phase Request encryption of Encrypt element privately elements privately Encryption Check and output intersection locally 20.07.17 | Private Set Intersection for Unequal Set Sizes with Mobile Applications | Ágnes Kiss | Slide 11

Private Set Intersection for Unequal Set Sizes with Mobile - PowerPoint PPT Presentation

Private Set Intersection for Unequal Set Sizes with Mobile Applications gnes Kiss (TU Darmstadt) Jian Liu (Aalto University) Thomas Schneider (TU Darmstadt) N. Asokan (Aalto University) Benny Pinkas (Bar-Ilan University) 20.07.17 |

Improved Private Set Intersection against Malicious Adversaries Peter Rindal Mike Rosulek

Efficient Private Matching and Set Intersection We think patients are misusing Here too..

PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan

Unequal challenges ahead Martin Ravallion Georgetown University Unequal challenges Two

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Private Set In Intersection (PSI): in the Cloud, or using Circuits Benny Pinkas September 10,

Unequal Growth/Unequal Outcomes Chancellor Rebecca Blank University of Wisconsin Madison

Effjcient Private Set Intersection for a Decentralised Web of Trust lvaro Garca-Recuero

INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale

A Survey on Private Set Intersection Presented by Hongrui Cui RickFreeman@sjtu.edu.cn October

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension Benny Pinkas Mike

Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection

1 (1) providing unequal substantive rights that strengthen the legal force of certain economic

Family of intersection problems Family of intersection problems CG Lecture 2 CG Lecture 2 1.

City of Camas NW 6 th and Norwood Intersection Options Existing Intersection hird level

Advanced Topics Surveys Block times and sizes Bl Block ck si size Increase block sizes

Part Sizes of Smooth Supercritical Compositional Structures Part Sizes of Smooth Supercritical

PTAS for Huffman coding with unequal letter costs Mordecai Golin (HKUST), Claire Mathieu (Brown)

More Unequal, More Insecure Community Indicators of Financial Security, Opportunity and

Texas Intersection Safety Implementation Plan Workshop JUNE 2, 2016 Why Intersection Safety?

SR 758/Midnight Pass Road and Beach Road Intersection September 22, 2020 1 Intersection

INTERSECTION CONTROL July 2018 FDOTS MANUAL ON INTERSECTION CONTROL EVALUATION Adopted

Are you the one to share? Secret Transfer with Access Structure Yongjun Zhao, Sherman S.M. Chow

What can we learn from the Mt Isa case? Damian Scattini Principal Maurice Blackburn Unequal