Cryptology ePrint Archive: Report 2018/120

Efficient Circuit-based PSI via Cuckoo Hashing

Benny Pinkas and Thomas Schneider and Christian Weinert and Udi Wieder

Abstract: While there has been a lot of progress in designing efficient custom protocols for computing Private Set Intersection (PSI), there has been less research on using generic Multi-Party Computation (MPC) protocols for this task. However, there are many variants of the set intersection functionality that are not addressed by the existing custom PSI solutions and are easy to compute with generic MPC protocols (e.g., comparing the cardinality of the intersection with a threshold or measuring ad conversion rates).

Generic PSI protocols work over circuits that compute the intersection. For sets of size $n$, the best known circuit constructions conduct $O(n \log n)$ or $O(n \log n / \log\log n)$ comparisons (Huang et al., NDSS'12 and Pinkas et al., USENIX Security'15). In this work, we propose new circuit-based protocols for computing variants of the intersection with an almost linear number of comparisons. Our constructions are based on new variants of Cuckoo hashing in two dimensions.

We present an asymptotically efficient protocol as well as a protocol with better concrete efficiency. For the latter protocol, we determine the required sizes of tables and circuits experimentally, and show that the run-time is concretely better than that of existing constructions.

The protocol can be extended to a larger number of parties. The proof technique for analyzing Cuckoo hashing in two dimensions is new and can be generalized to analyzing standard Cuckoo hashing as well as other new variants of it.

Category / Keywords: cryptographic protocols / Private Set Intersection, Secure Computation

Original Publication (with major differences): IACR-EUROCRYPT-2018

Date: received 31 Jan 2018, last revised 14 May 2018

Contact author: christian weinert at crisp-da de

Available format(s): PDF | BibTeX Citation

Version: 20180514:220205 (All versions of this report)

Short URL: ia.cr/2018/120

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]