Cryptology ePrint Archive: Report 2018/238

Private Set Intersection with Linear Communication from General Assumptions

Brett Hemenway Falk and Daniel Noble and Rafail Ostrovsky

Abstract: This work presents an improved hashing-based algorithm for Private Set Intersection (PSI) in the honest-but-curious setting. The protocol is generic, modular and provides both asymptotic and concrete efficiency improvements over existing PSI protocols.

If each player has $m$ elements, our scheme requires only $O(m \lambda)$ communication between the parties, where $\lambda$ is a security parameter. This is the first protocol to achieve PSI using only asymptotically linear communication under standard cryptographic assumptions and without Random Oracles. Our protocol also provides 10-15\% reduction in communication costs under real-world parameter choices.

Our protocol builds on the hashing-based PSI protocol of Pinkas et al. (USENIX 2014, USENIX 2015), but we replace one of the sub-protocols (handling the cuckoo ``stash'') with a special-purpose PSI protocol that is optimized for comparing sets of unbalanced size. This brings the asymptotic communication complexity of the overall protocol down from $\omega(m \lambda)$ to $O(m\lambda)$, and provides concrete performance improvements over the most efficient existing PSI protocols.

Our protocol is simple, generic and benefits from the permutation-hashing optimizations of Pinkas et al. (USENIX 2015) and the Batched, Relaxed Oblivious Pseudo Random Functions of Kolesnikov (CCS 2016).

Category / Keywords: cryptographic protocols /

Date: received 1 Mar 2018, last revised 14 May 2018

Contact author: fbrett at cis upenn edu

Available format(s): PDF | BibTeX Citation

Note: Fixed typos. Updated references to include comparisons to new PSI protocols.

Version: 20180514:151824 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]