Nearly Optimal Protocols for Computing Multi-party Private Set Union

Private Set Operations (PSO) are a hot research topic and one of the most extensive research problems in data mining. In the PSO, Multi-party Private Set Union (MPSU) is one of the fundamental problems. It allows some participants to learn the union of their data sets without leaking any useful information. However, most of the existing works have high communication, computation and round complexities. In this paper, we first propose a novel and efficient protocol to securely compute MPSU under the semi-honest model. In our system model, there exist n participants where each participant has a set of size k (k could be different among participants). There are also up to t (0 ≤ t < n) participants which could collude with each other. We suppose the communication channels among participants are insecure and can easily suffer from eavesdropping attacks. Our first protocol using element computing algorithm and Homomorphic Encryption, i.e., HE-MPSU, only requires O(1) rounds and has O(nNλ) communication complexity which almost matches the communication lower bound Ω(nN/log n) for the MPSU problem, where λ is a security parameter and N (k ≤ N ≤ nk) is the set union cardinality. In addition, we note that for the two-party case, i.e., n = 2, our HE-MPSU protocol has the same complexities as the state-of-the-art work in [1]. For this special case, i.e., two-party Private Set Union (PSU), we further optimize and design a more efficient protocol using oblivious transfer (OT) protocol, i.e., OT-PSU. It only requires O(1) rounds and O(kλ) communication complexity which almost matches the communication lower bound Ω(k). More importantly, it avoids using computationally expensive public-key operations (exponentiations). In other words, the number of exponentiations in this protocol is independent of the size of the data sets. Compared with the existing protocols, our two protocols have the lowest communication, computation and round complexities.