来自Ring-OLE的PSI

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2022-11-07 DOI:10.1145/3548606.3559378

Wutichai Chongchitmate, Y. Ishai, Steve Lu, R. Ostrovsky

{"title":"来自Ring-OLE的PSI","authors":"Wutichai Chongchitmate, Y. Ishai, Steve Lu, R. Ostrovsky","doi":"10.1145/3548606.3559378","DOIUrl":null,"url":null,"abstract":"Private set intersection (PSI) is one of the most extensively studied instances of secure computation. PSI allows two parties to compute the intersection of their input sets without revealing anything else. Other useful variants include PSI-Payload, where the output includes payloads associated with members of the intersection, and PSI-Sum, where the output includes the sum of the payloads instead of individual ones. In this work, we make two related contributions. First, we construct simple and efficient protocols for PSI and PSI-Payload from a ring version of oblivious linear function evaluation (ring-OLE) that can be efficiently realized using recent ring-LPN based protocols. A standard OLE over a field F allows a sender with a,b F to deliver ax + b to a receiver who holds x F. Ring-OLE generalizes this to a ring F, in particular, a polynomial ring over F. Our second contribution is an efficient general reduction of a variant of PSI-Sum to PSI-Payload and secure inner product. Our protocols have better communication cost than state-of-the-art PSI protocols, especially when requiring security against malicious parties and when allowing input-independent preprocessing. Compared to previous maliciously secure PSI protocols that have a similar computational cost, our online communication is 2x better for small sets (28-212 elements) and 20% better for large sets (220 -224). Our protocol is also simpler to describe and implement. We obtain even bigger improvements over the state of the art (4-5x better running time) for our variant of PSI-Sum.","PeriodicalId":435197,"journal":{"name":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"PSI from Ring-OLE\",\"authors\":\"Wutichai Chongchitmate, Y. Ishai, Steve Lu, R. Ostrovsky\",\"doi\":\"10.1145/3548606.3559378\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Private set intersection (PSI) is one of the most extensively studied instances of secure computation. PSI allows two parties to compute the intersection of their input sets without revealing anything else. Other useful variants include PSI-Payload, where the output includes payloads associated with members of the intersection, and PSI-Sum, where the output includes the sum of the payloads instead of individual ones. In this work, we make two related contributions. First, we construct simple and efficient protocols for PSI and PSI-Payload from a ring version of oblivious linear function evaluation (ring-OLE) that can be efficiently realized using recent ring-LPN based protocols. A standard OLE over a field F allows a sender with a,b F to deliver ax + b to a receiver who holds x F. Ring-OLE generalizes this to a ring F, in particular, a polynomial ring over F. Our second contribution is an efficient general reduction of a variant of PSI-Sum to PSI-Payload and secure inner product. Our protocols have better communication cost than state-of-the-art PSI protocols, especially when requiring security against malicious parties and when allowing input-independent preprocessing. Compared to previous maliciously secure PSI protocols that have a similar computational cost, our online communication is 2x better for small sets (28-212 elements) and 20% better for large sets (220 -224). Our protocol is also simpler to describe and implement. We obtain even bigger improvements over the state of the art (4-5x better running time) for our variant of PSI-Sum.\",\"PeriodicalId\":435197,\"journal\":{\"name\":\"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3548606.3559378\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3548606.3559378","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

私有集交叉(PSI)是安全计算中研究最广泛的实例之一。PSI允许双方在不透露任何其他信息的情况下计算其输入集的交集。其他有用的变体包括PSI-Payload，其中输出包括与交集成员相关的有效载荷，以及PSI-Sum，其中输出包括有效载荷的总和而不是单个有效载荷。在这项工作中，我们做出了两个相关的贡献。首先，我们从一个环版本的遗忘线性函数求值(ring- ole)构造了简单有效的PSI和PSI- payload协议，该协议可以使用最近的基于环lpn的协议有效地实现。域F上的标准OLE允许具有A,b F的发送方向持有x F的接收方传递ax + b。ring -OLE将其推广到环F，特别是F上的多项式环。我们的第二个贡献是将PSI-Sum的变体有效地一般简化为PSI-Payload和安全内积。我们的协议比最先进的PSI协议具有更好的通信成本，特别是在需要针对恶意方的安全性和允许独立于输入的预处理时。与以前具有类似计算成本的恶意安全PSI协议相比，我们的在线通信在小集合(28-212个元素)上提高了2倍，在大集合(220 -224个)上提高了20%。我们的协议也更易于描述和实现。对于我们的PSI-Sum变体，我们获得了比最先进的状态更大的改进(运行时间提高4-5倍)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

PSI from Ring-OLE

Private set intersection (PSI) is one of the most extensively studied instances of secure computation. PSI allows two parties to compute the intersection of their input sets without revealing anything else. Other useful variants include PSI-Payload, where the output includes payloads associated with members of the intersection, and PSI-Sum, where the output includes the sum of the payloads instead of individual ones. In this work, we make two related contributions. First, we construct simple and efficient protocols for PSI and PSI-Payload from a ring version of oblivious linear function evaluation (ring-OLE) that can be efficiently realized using recent ring-LPN based protocols. A standard OLE over a field F allows a sender with a,b F to deliver ax + b to a receiver who holds x F. Ring-OLE generalizes this to a ring F, in particular, a polynomial ring over F. Our second contribution is an efficient general reduction of a variant of PSI-Sum to PSI-Payload and secure inner product. Our protocols have better communication cost than state-of-the-art PSI protocols, especially when requiring security against malicious parties and when allowing input-independent preprocessing. Compared to previous maliciously secure PSI protocols that have a similar computational cost, our online communication is 2x better for small sets (28-212 elements) and 20% better for large sets (220 -224). Our protocol is also simpler to describe and implement. We obtain even bigger improvements over the state of the art (4-5x better running time) for our variant of PSI-Sum.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量