Practical multi-party private set intersection cardinality and intersection-sum protocols under arbitrary collusion1

IF 0.9 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Computer Security Pub Date : 2024-04-04 DOI:10.3233/jcs-230091

You Chen, Ning Ding, Dawu Gu, Yang Bian

{"title":"Practical multi-party private set intersection cardinality and intersection-sum protocols under arbitrary collusion1","authors":"You Chen, Ning Ding, Dawu Gu, Yang Bian","doi":"10.3233/jcs-230091","DOIUrl":null,"url":null,"abstract":"Private set intersection cardinality (PSI-CA) and private intersection-sum with cardinality (PSI-CA-sum) are two primitives that enable data owners to learn the intersection cardinality of their data sets, with the difference that PSI-CA-sum additionally outputs the sum of the associated integer values of all the data that belongs to the intersection (i.e., intersection-sum). However, to the best of our knowledge, all existing multi-party PSI-CA (MPSI-CA) protocols are either limited by high computational cost or face security challenges under arbitrary collusion. As for multi-party PSI-CA-sum (MPSI-CA-sum), there is even no formalization for this notion at present, not to mention secure constructions for it. In this paper, we first present an efficient MPSI-CA protocol with two non-colluding parties. This protocol significantly decreases the number of parties involved in expensive interactive procedures, leading to a significant enhancement in runtime efficiency. Our numeric results demonstrate that the running time of this protocol is merely one-quarter of the time required by our proposed MPSI-CA protocol that is secure against arbitrary collusion. Therefore, in scenarios where performance is a priority, this protocol stands out as an excellent choice. Second, we successfully construct the first MPSI-CA protocol that achieves simultaneous practicality and security against arbitrary collusion. Additionally, we also conduct implementation to verify its practicality (while the previous results under arbitrary collusion only present theoretical analysis of performance, lacking real implementation). Numeric results show that by shifting the costly operations to an offline phase, the online computation can be completed in just 12.805 seconds, even in the dishonest majority setting, where 15 parties each hold a set of size 2 16 . Third, we formalize the concept of MPSI-CA-sum and present the first realization that ensures simultaneous practicality and security against arbitrary collusion. The computational complexity of this protocol is roughly twice that of our MPSI-CA protocol. Besides the main results, we introduce the concepts and efficient constructions of two novel building blocks: multi-party secret-shared shuffle and multi-party oblivious zero-sum check, which may be of independent interest.","PeriodicalId":46074,"journal":{"name":"Journal of Computer Security","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2024-04-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3233/jcs-230091","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Private set intersection cardinality (PSI-CA) and private intersection-sum with cardinality (PSI-CA-sum) are two primitives that enable data owners to learn the intersection cardinality of their data sets, with the difference that PSI-CA-sum additionally outputs the sum of the associated integer values of all the data that belongs to the intersection (i.e., intersection-sum). However, to the best of our knowledge, all existing multi-party PSI-CA (MPSI-CA) protocols are either limited by high computational cost or face security challenges under arbitrary collusion. As for multi-party PSI-CA-sum (MPSI-CA-sum), there is even no formalization for this notion at present, not to mention secure constructions for it. In this paper, we first present an efficient MPSI-CA protocol with two non-colluding parties. This protocol significantly decreases the number of parties involved in expensive interactive procedures, leading to a significant enhancement in runtime efficiency. Our numeric results demonstrate that the running time of this protocol is merely one-quarter of the time required by our proposed MPSI-CA protocol that is secure against arbitrary collusion. Therefore, in scenarios where performance is a priority, this protocol stands out as an excellent choice. Second, we successfully construct the first MPSI-CA protocol that achieves simultaneous practicality and security against arbitrary collusion. Additionally, we also conduct implementation to verify its practicality (while the previous results under arbitrary collusion only present theoretical analysis of performance, lacking real implementation). Numeric results show that by shifting the costly operations to an offline phase, the online computation can be completed in just 12.805 seconds, even in the dishonest majority setting, where 15 parties each hold a set of size 2 16 . Third, we formalize the concept of MPSI-CA-sum and present the first realization that ensures simultaneous practicality and security against arbitrary collusion. The computational complexity of this protocol is roughly twice that of our MPSI-CA protocol. Besides the main results, we introduce the concepts and efficient constructions of two novel building blocks: multi-party secret-shared shuffle and multi-party oblivious zero-sum check, which may be of independent interest.

查看原文本刊更多论文

任意串通下的实用多方私有集合交集明细表和交集和协议1

私有集合交集-明细度（PSI-CA）和私有交集-明细度和（PSI-CA-sum）是使数据所有者能够了解其数据集的交集-明细度的两种原语，不同之处在于 PSI-CA-sum 还能输出属于交集的所有数据的相关整数值之和（即交集-和）。然而，据我们所知，所有现有的多方 PSI-CA （MPSI-CA）协议要么受限于高计算成本，要么面临任意串通下的安全挑战。至于多方 PSI-CA-求和（MPSI-CA-sum），目前甚至还没有形式化的概念，更不用说它的安全构造了。在本文中，我们首先提出了一种有两个非共谋方的高效 MPSI-CA 协议。该协议大大减少了昂贵的交互式程序中的参与方数量，从而显著提高了运行效率。我们的数值结果表明，该协议的运行时间仅为我们提出的 MPSI-CA 协议所需时间的四分之一，而 MPSI-CA 协议是安全的，可防止任意串通。因此，在性能优先的情况下，该协议是一个极佳的选择。其次，我们成功地构建了首个同时实现实用性和安全性的 MPSI-CA 协议，以对抗任意串通。此外，我们还进行了实施以验证其实用性（而之前的任意串通下的结果只提供了性能的理论分析，缺乏实际实施）。数值结果表明，通过将代价高昂的操作转移到离线阶段，在线计算只需 12.805 秒就能完成，即使是在不诚实多数设置中，即 15 方各自持有一个大小为 2 16 的集合。第三，我们正式提出了 MPSI-CA-sum 的概念，并首次实现了同时确保实用性和安全性以防止任意串通的协议。该协议的计算复杂度大约是我们的 MPSI-CA 协议的两倍。除了主要结果，我们还介绍了两个新构件的概念和高效构造：多方秘密共享洗牌和多方遗忘零和校验，这两个构件可能会引起独立的兴趣。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

1.70

自引率

0.00%

发文量

期刊介绍： The Journal of Computer Security presents research and development results of lasting significance in the theory, design, implementation, analysis, and application of secure computer systems and networks. It will also provide a forum for ideas about the meaning and implications of security and privacy, particularly those with important consequences for the technical community. The Journal provides an opportunity to publish articles of greater depth and length than is possible in the proceedings of various existing conferences, while addressing an audience of researchers in computer security who can be assumed to have a more specialized background than the readership of other archival publications.