a survey on private set intersection
play

A Survey on Private Set Intersection Presented by Hongrui Cui - PowerPoint PPT Presentation

Apr 09, 2023 •289 likes •668 views

A Survey on Private Set Intersection Presented by Hongrui Cui RickFreeman@sjtu.edu.cn October 17, 2019 Cui Hongrui (SJTU) PSI October 17, 2019 1 / 27 Overview Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2

  1. A Survey on Private Set Intersection Presented by Hongrui Cui RickFreeman@sjtu.edu.cn October 17, 2019 Cui Hongrui (SJTU) PSI October 17, 2019 1 / 27

  2. Overview Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 2 / 27

  3. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 3 / 27

  4. Private Set Intersection Research Background ◮ Multiparty computation of set intersection Functionality Classification ◮ Security: Semi-Honest/Malicious ◮ Players: Two Party/Multi Party ◮ Output: Plain Intersection/Post-Processing Cui Hongrui (SJTU) PSI October 17, 2019 4 / 27

  5. Literature of Private Set Intersection Paper Parties Security Building Blocks [PSZ14] 2 Semi-Honest OT(OPRF) [HEK12] 2 Semi-Honest GC,GMW [CHLR18] 2 Hybrid (leveled-)FHE [RR17] 2 Malicious OT(OPRF) [KMP + 17] n Semi-Honest OT(OPPRF) Table: Comparison of Different Private Set Intersection Protocols Cui Hongrui (SJTU) PSI October 17, 2019 5 / 27

  6. Notations PSI Notations: ◮ X , Y ⊂ { 0 , 1 } σ : Input sets ◮ X ∗ , Y ∗ ⊂ { 0 , 1 } λ +log( | X | )+log( | Y | ) : Processed input sets ◮ � m − OT k � v : k instances of m -choose-1 oblivious transfer on v -bit 1 strings ◮ F PSM : Private set membership protocol (i.e. y ∈ X ) Cui Hongrui (SJTU) PSI October 17, 2019 6 / 27

  7. Notations Cuckoo Hashing Notations: ◮ B : Hash table “bins” ◮ m ∈ N : Hash table size ◮ h 1 , h 2 , h 3 : { 0 , 1 } ∗ → [ m ]: Hash function Cui Hongrui (SJTU) PSI October 17, 2019 7 / 27

  8. A Na¨ ıve PSI Protocol Compute Intersection on Hashed Values Sender Receiver X ∗ := { H ( x ) | x ∈ X } − − − − − − − − − − − → Output X ∩ Y := { y ∈ Y | H ( y ) ∈ X ∗ } X ∩ Y (optionally) ← − − − − − − − − − − Output X ∩ Y Cui Hongrui (SJTU) PSI October 17, 2019 8 / 27

  9. A Na¨ ıve PSI Protocol Why Na¨ ıve ◮ Hashed set X ∗ has the same entropy as X ◮ This entropy is usually low ◮ Feasible brute-force attack Cui Hongrui (SJTU) PSI October 17, 2019 9 / 27

  10. A Na¨ ıve PSI Protocol Why Na¨ ıve ◮ Hashed set X ∗ has the same entropy as X ◮ This entropy is usually low ◮ Feasible brute-force attack When the entropy is acceptable (e.g. 80 bits), this is secure. Cui Hongrui (SJTU) PSI October 17, 2019 9 / 27

  11. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 10 / 27

  12. Semi-Honest PSI ◮ 2-Party Semi-Honest PSI receives most attention ◮ State-of-the-art only incurs 1 − 10 times overhead Cui Hongrui (SJTU) PSI October 17, 2019 11 / 27

  13. Cuckoo Hashing Cuckoo Hashing ◮ A special hashing function ◮ Using eviction to resolve collision Cui Hongrui (SJTU) PSI October 17, 2019 12 / 27

  14. Cuckoo Hashing Insertion ◮ Let i = 1, compute index l = h i ( x ) ◮ If B [ l ] = ⊥ , then insert � x , i � ◮ If not, insert anyway $ ◮ Let � y , j � be the original content, let x := y i ← [3] \ { j } , goto step 1 If the process iterates more than t times, put the item in a stash s . Cui Hongrui (SJTU) PSI October 17, 2019 13 / 27

  15. Cuckoo Hashing Insertion ◮ Let i = 1, compute index l = h i ( x ) ◮ If B [ l ] = ⊥ , then insert � x , i � ◮ If not, insert anyway $ ◮ Let � y , j � be the original content, let x := y i ← [3] \ { j } , goto step 1 If the process iterates more than t times, put the item in a stash s . Lookup ◮ For inserted item x , there are only 3 + | s | possible locations Cui Hongrui (SJTU) PSI October 17, 2019 13 / 27

  16. Cuckoo Hashing Receiver: "Thin" Table Sender: "Thick" Table Cuckoo Hashing with h 1 ; h 2 Regular Hashing with h 1 ; h 2 T 1 [1] T 2 [1] . . . . . . T 1 [ h 1 ( x )] T 2 [ h 1 ( x )] . . . . . . T 1 [ h 2 ( x )] T 2 [ h 2 ( x )] . . . . . . T 1 [ m ] T 2 [ m ] Figure: Cuckoo Hash Table Cui Hongrui (SJTU) PSI October 17, 2019 14 / 27

  17. The Paradigm of [PSZ14] F PSI ≤ F PSM ◮ Receiver does cuckoo hashing, while the sender does regular hashing ◮ They then perform m instances of F PSM ( m = | B | ) Cui Hongrui (SJTU) PSI October 17, 2019 15 / 27

  18. The Paradigm of [PSZ14] F PSI ≤ F PSM ◮ Receiver does cuckoo hashing, while the sender does regular hashing ◮ They then perform m instances of F PSM ( m = | B | ) Discussion ◮ Most works in the semi-honest model follow this paradigm ◮ Various means to implement F PSM , e.g. OT, FHE, GC/GMW ◮ Cuckoo Hashing may be inherently unsuitable for malicious world Cui Hongrui (SJTU) PSI October 17, 2019 15 / 27

  19. Set Membership from Oblivious Transfer OT as OPRF ◮ F PSM from Oblivious PRF is quite easy � 2 σ ◮ (One-Time) Oblivious PRF can be considered some � − ROT 1 ◮ OT-Extension can efficiently implement this primitive Cui Hongrui (SJTU) PSI October 17, 2019 16 / 27

  20. A Brief Review on OT-Extension The idea is to “bootstrap” a large number of OT instances from a small number of base OT’s. Sender Receiver $ $ ← { 0 , 1 } m × v ← { 0 , 1 } v T 0 , T 1 b b j � 2 � − − − − − − − − → − OT v ( T 0 , j , T 1 , j ) ← − − − − − − − − − − − − − m T b , j 1 ← − − − − − − − − − C i = T i o ⊕ T i 1 ⊕ ECC( w i ) ← − − − − − − − − − − − − − Q i = T i b ⊕ s · C i Output ( s , Q i ) Output H ( i || T i 0 ) Cui Hongrui (SJTU) PSI October 17, 2019 17 / 27

  21. Set Membership from Homomorphic Encryption Naive Approach Sender Receiver Enc( pk , y ) ← − − − − − − − − − − − − − c =Eval( r · � x ∈ X ( y − x )) $ ← R q − − − − − − − − − − − − − − → r Output 1 if Dec( sk , c ) = 0 Output 0 otherwise Cui Hongrui (SJTU) PSI October 17, 2019 18 / 27

  22. Set Membership from Homomorphic Encryption Naive Approach Sender Receiver Enc( pk , y ) ← − − − − − − − − − − − − − c =Eval( r · � x ∈ X ( y − x )) $ ← R q − − − − − − − − − − − − − − → r Output 1 if Dec( sk , c ) = 0 Output 0 otherwise Several Optimizations ◮ Batching: reduce communication by n / d ◮ Partitioning: reduce polynomial degree by α ◮ Windowing: reduce circuit depth logarithmally ◮ Pre-Processing: reduce circuit depth by 1 Cui Hongrui (SJTU) PSI October 17, 2019 18 / 27

  23. Set Membership from General Framework The main advantage is arbitrary post-processing can be applied (by concatenation of circuits), but shuffling the output may be needed. Cui Hongrui (SJTU) PSI October 17, 2019 19 / 27

  24. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 20 / 27

  25. Malicious PSI via Dual Execution Ideas of [RR17]: Sender Receiver Randomly Permute X Randomly Permute Y x − − − − − − − − → F OPRF [ x ] i k i − − − − − − − − → ← − − − − − − − − − y ← − − − − − − − − F OPRF k ′ [ y ] ′ i ← − − − − − − − − i − − − − − − − − − → Q := { [ x ] i , j =[ x ] i ⊕ [ x ] ′ j } − − − − − − − − − − − − − − − − → Output X ∩ Y = { y |∃ i , [ y ] i ⊕ [ y ] ′ j ∈ Q } Cui Hongrui (SJTU) PSI October 17, 2019 21 / 27

  26. Optimizations It is possible to use regular hashing to reduce the quadratic complexity: ◮ Assuming n bins, log( n ) items per bin, the complexity is n log( n ) 2 ◮ Cuckoo hashing cannot be used here Cui Hongrui (SJTU) PSI October 17, 2019 22 / 27

  27. Content Introduction 1 PSI Literature Notations The Core of PSI Semi-Honest PSI 2 Cuckoo Hashing The Paradigm of [PSZ14] Malicious PSI 3 Malicious PSI via Dual Execution Multiparty PSI 4 Multiparty PSI from OPPRF Cui Hongrui (SJTU) PSI October 17, 2019 23 / 27

  28. Multiparty PSI The authors of [KMP + 17] proposed a simple protocol for semi-honest, multiparty PSI: ◮ Zero-Sharing ◮ Reconstruction Cui Hongrui (SJTU) PSI October 17, 2019 24 / 27

  29. Multiparty PSI The authors of [KMP + 17] proposed a simple protocol for semi-honest, multiparty PSI: ◮ Zero-Sharing ◮ Reconstruction The protocol heavily uses the Oblivious Programmable PRF functionality, which can be implemented from F OPRF and polynomial interpolation. Cui Hongrui (SJTU) PSI October 17, 2019 24 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Survey for Short Term Intersection Improvements and Road Widening Overall Respondents versus

Survey for Short Term Intersection Improvements and Road Widening Overall Respondents versus

Survey for Short Term Intersection Improvements and Road Widening Overall Respondents versus The Ponte Vedra Community Association Tuesday, February 13, 2018 Powered by Survey #1 Intersection Improvements Survey Population: 23,198 Surveys

599 views • 27 slides
Improved Private Set Intersection against Malicious Adversaries Peter Rindal Mike Rosulek

Improved Private Set Intersection against Malicious Adversaries Peter Rindal Mike Rosulek

Improved Private Set Intersection against Malicious Adversaries Peter Rindal Mike Rosulek Private Set Intersection (PSI) Private Set Intersection (PSI) Sender Receiver PSI

1.59k views • 99 slides
Efficient Private Matching and Set Intersection We think patients are misusing Here too..

Efficient Private Matching and Set Intersection We think patients are misusing Here too..

A Story Efficient Private Matching and Set Intersection We think patients are misusing Here too.. prescriptions to obtain drugs Mike Freedman, NYU Kobbi Nissim, MSR But, what about HIPAA? We could share our lists Benny Pinkas, HP

307 views • 7 slides
PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan

PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan

PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan University Mike Rosulek Oregon State University Ni Trieu UC Berkeley Avishay Yanai VMware Eurocrypt 2020, COVID-19 edition what is private set

1.04k views • 102 slides
Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections

Intersection Safety Intersection Safety Intersection Safety Intersections Intersections Among the most hazardous components of the highway system for all users (planned points of conflict) Complex speed-distance judgments under time

601 views • 24 slides
Private Set In Intersection (PSI): in the Cloud, or using Circuits Benny Pinkas September 10,

Private Set In Intersection (PSI): in the Cloud, or using Circuits Benny Pinkas September 10,

Private Set In Intersection (PSI): in the Cloud, or using Circuits Benny Pinkas September 10, 2017 Pri rivate Set In Intersectio ion (P (PSI) ? ? In In this talk Computing PSI using linear-size circuits, via two-dimensional Cuckoo

1.11k views • 78 slides
Effjcient Private Set Intersection for a Decentralised Web of Trust lvaro Garca-Recuero

Effjcient Private Set Intersection for a Decentralised Web of Trust lvaro Garca-Recuero

Effjcient Private Set Intersection for a Decentralised Web of Trust lvaro Garca-Recuero October 31, 2017 Privacy-preserving protocols for the WWW in the age of mass surveillance and adversarial learning lvaro Garca-Recuero

802 views • 45 slides
Upper tails of self-intersection local times: survey of proof techniques Wolfgang Knig TU

Upper tails of self-intersection local times: survey of proof techniques Wolfgang Knig TU

Weierstra-Institut fr Angewandte Analysis und Stochastik Upper tails of self-intersection local times: survey of proof techniques Wolfgang Knig TU Berlin and WIAS Berlin Mohrenstrae 39 10117 Berlin Tel. 030 20372 0

674 views • 44 slides
PRIVATE EQUITY SURVEY 2018 Structuring Private Equity Investments HKBAV & BBGV 6 June 2018

PRIVATE EQUITY SURVEY 2018 Structuring Private Equity Investments HKBAV & BBGV 6 June 2018

PRIVATE EQUITY SURVEY 2018 Structuring Private Equity Investments HKBAV & BBGV 6 June 2018 PRIVATE EQUITY SURVEY 2018 HKBAV & BBGV AGENDA BACKGROUND SOME PRELIMINARY THOUGHTS FOR BUYERS AND SELLERS INVESTMENT / ACQUISITION

307 views • 17 slides
INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale

INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale

INTERSECTION LINKUK CONFIDENTIAL 3 3 INTERSECTION LINKUK CONFIDENTIAL 4 Not drawn to scale INTERSECTION LINKUK CONFIDENTIAL 5 INTERSECTION LINKUK CONFIDENTIAL 6 ? 1993 1995 2005 2008 2015 2016+ # Dimension Comparisons: Link

639 views • 14 slides
Private Set Intersection for Unequal Set Sizes with Mobile Applications gnes Kiss (TU

Private Set Intersection for Unequal Set Sizes with Mobile Applications gnes Kiss (TU

Private Set Intersection for Unequal Set Sizes with Mobile Applications gnes Kiss (TU Darmstadt) Jian Liu (Aalto University) Thomas Schneider (TU Darmstadt) N. Asokan (Aalto University) Benny Pinkas (Bar-Ilan University) 20.07.17 |

679 views • 46 slides
Participant Privacy Cannot be Ensured Survey Results are Not Safe and Private "What two

Participant Privacy Cannot be Ensured Survey Results are Not Safe and Private "What two

Participant Privacy Cannot be Ensured Survey Results are Not Safe and Private "What two people know is not private.". Any ranked Centralized structures store user profile data on private officer with a centralized server architecture

330 views • 18 slides
SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension Benny Pinkas Mike

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension Benny Pinkas Mike

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension Benny Pinkas Mike Rosulek Ni Trieu Avishay Yanai Presented by Cui Hongrui October 18, 2019 PRTY (BIU&OSU) SpOT October 18, 2019 1 / 30 Overview Introduction

1.5k views • 33 slides
Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection

Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection

Computer Graphics Prof. Brian Curless CSE 457 Spring 2004 Ray-triangle intersection In this handout, we explore the steps needed to compute the intersection of a ray with a triangle. First, we consider the geometry of such an intersection: C

403 views • 4 slides
Family of intersection problems Family of intersection problems CG Lecture 2 CG Lecture 2 1.

Family of intersection problems Family of intersection problems CG Lecture 2 CG Lecture 2 1.

Family of intersection problems Family of intersection problems CG Lecture 2 CG Lecture 2 1. Line segment intersection : given n line segments, Line segment intersection report their intersections efficiently. Worst case: k = n ( n 1)/2

505 views • 7 slides
City of Camas NW 6 th and Norwood Intersection Options Existing Intersection hird level

City of Camas NW 6 th and Norwood Intersection Options Existing Intersection hird level

City of Camas NW 6 th and Norwood Intersection Options Existing Intersection hird level Fourth level Fifth level Signalized Intersection Construction Cost - $300,000 Design/Construction Support - $60,000 Signal Total -

362 views • 13 slides
Unicorn: Two-Factor Attestation for Data Security M. Mannan

Unicorn: Two-Factor Attestation for Data Security M. Mannan

ACM CCS - Oct. 18, 2011 Unicorn: Two-Factor Attestation for Data Security M. Mannan Concordia University, Canada B. Kim, A. Ganjali & D. Lie University of Toronto, Canada 1 Unicorn target systems q

809 views • 21 slides
DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY: TIMOTHY PETERS NICHOLAS BURTON MARK GONDREE ZACHARY PETERSON What is encryption? Why hide encryption? Previous Work on the Matter u Anderson and

550 views • 39 slides
HotSec08 Presentation July 29, 2008 Digital Objects as Passwords Mohammad Mannan and P.C. van

HotSec08 Presentation July 29, 2008 Digital Objects as Passwords Mohammad Mannan and P.C. van

ObPwd: Digital Objects as Passwords HotSec08 Presentation July 29, 2008 Digital Objects as Passwords Mohammad Mannan and P.C. van Oorschot mmannan@scs.carleton.ca Carleton University, Canada Mohammad Mannan July 29, 2008 1/15 ObPwd:

285 views • 15 slides
The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect

The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect

The Black Art of Wireless Post-Exploitation: Bypassing Port-Based Access Controls Using Indirect Wireless Pivots GreHacks Gabriel Ryan (solstice) net user author /domain Gabriel Ryan Researcher @ Gotham Digital Science Worlds best Red

1.89k views • 125 slides
Electroweak Symmetry Breaking with Holomorphic Supersymmetric NambuJona-Lasinio Model

Electroweak Symmetry Breaking with Holomorphic Supersymmetric NambuJona-Lasinio Model

Electroweak Symmetry Breaking with Holomorphic Supersymmetric NambuJona-Lasinio Model Talk at PHENO 2010 OTTO C. W. KONG Natl Central U, Taiwan 1 NambuJona-Lasinio Model :- Otto Kong (NCU) 09ntnu-1 dynamical symmetry

530 views • 21 slides
DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A.

DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A.

DEFY: A Deniable, Encrypted File System for Log-Structured Storage. Timothy M. Peters, Mark A. Gondree, and Zachary N. J. Peterson. In NDSS'15 Presented by Fengwei Zhang Wayne State University CSC 6991 Advanced Computer Security 1

576 views • 21 slides
How to Design a Blacklist (for a Password Meter) L. Jacquin A. Kumar C. Lauradoux

How to Design a Blacklist (for a Password Meter) L. Jacquin A. Kumar C. Lauradoux

How to Design a Blacklist (for a Password Meter) L. Jacquin A. Kumar C. Lauradoux December 4, 2014 Blacklist in practice The backbone of security ! Traffic analysis : Firewall : iptables , netfilter IDS : l7-filter

319 views • 15 slides
GENERAL BODY MEETING ISLAMIC CENTER OF MARYLAND (ICM) June 1, 2013 ISLAMIC CENTER OF MARYLAND

GENERAL BODY MEETING ISLAMIC CENTER OF MARYLAND (ICM) June 1, 2013 ISLAMIC CENTER OF MARYLAND

GENERAL BODY MEETING ISLAMIC CENTER OF MARYLAND (ICM) June 1, 2013 ISLAMIC CENTER OF MARYLAND MEETING GROUND RULES This is the General Body meeting called by the Board of Trustees (BOT) as required by the ICM By-laws. Attendees need to

644 views • 49 slides

More recommend