New Realizations of Efficient and Secure Private Set Intersection Protocols Preserving Fairness

Abstract

Private Set Intersection PSI is a useful cryptographic primitive for developing practical privacy preserving techniques for Big Data. PSI allows entities to securely extract intersection of the large data sets they own, without revealing any other crucial information for their input sets. Fairness is a critical issue for both mutual Private Set Intersection $$\mathsf{mPSI}$$ and its cardinality variant, namely mutual Private Set Intersection Cardinality $$\mathsf{mPSI}$$-CA. Achieving fairness over prime order groups with linear complexity in malicious model remains an interesting challenge for both $$\mathsf{mPSI}$$ and $$\mathsf{mPSI}$$-CA. None of the prior works achieve all the aforementioned properties together. We address these issues using an off-line semi-trusted third party, called arbiter. Arbiter is semi-trusted in the sense that he cannot get access to the private information of the parties but follow the protocol honestly. In this work, we propose a construction of fair and efficient $$\mathsf{mPSI}$$ with linear communication and computation overheads using prime order groups. Our $$\mathsf{mPSI}$$ employs Distributed ElGamal encryption and the verifiable encryption of Cramer-Shoup. A concrete security analysis is provided against malicious parties under Decisional Diffie-Hellman DDH assumption. We further extend our $$\mathsf{mPSI}$$ to $$\mathsf{mPSI}$$-CA retaining all the security properties of $$\mathsf{mPSI}$$. On a more positive note, our $$\mathsf{mPSI}$$-CA is the first in its kind with linear complexity preserving fairness.