Cryptology ePrint Archive: Report 2012/252

Fair Private Set Intersection with a Semi-trusted Arbiter

Changyu Dong and Liqun Chen and Jan Camenisch and Giovanni Russello

Abstract: A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties’ privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance.

Category / Keywords: cryptographic protocols / private set intersection, optimistic fairness, proxy re-encryption

Date: received 4 May 2012, last revised 9 May 2013

Contact author: changyu dong at strath ac uk

Available format(s): PDF | BibTeX Citation

Version: 20130509:123105 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]