## Cryptology ePrint Archive: Report 2020/1011

Private Join and Compute from PIR with Default

Tancrède Lepoint and Sarvar Patel and Mariana Raykova and Karn Seth and Ni Trieu

Abstract: The private join and compute (PJC) functionality enables secure computation over data distributed across different databases, which is a functionality with a wide range of applications, many of which address settings where the input databases are of significantly different sizes.

We introduce the notion of private information retrieval (PIR) with default, which enables two-party PJC functionalities in a way that hides the size of the intersection of the two databases and incurs sublinear communication cost in the size of the bigger database. We provide two constructions for this functionality, one of which requires offline linear communication, which can be amortized across queries, and one that provides sublinear cost for each query but relies on more computationally expensive tools. We construct inner-product PJC, which has applications to ads conversion measurement and contact tracing, relying on an extension of PIR with default. We evaluate the efficiency of our constructions, which can enable $\mathbf{2^{12}}$ PIR with default lookups on a database of size $\mathbf{2^{30}}$ (or inner-product PJC on databases with such sizes) with the communication of $\mathbf{945}$MB, which costs less than $\mathbf{\$0.04}$for the client and$\mathbf{\$5.22}$ for the server.

Category / Keywords: cryptographic protocols /

Date: received 21 Aug 2020, last revised 22 Aug 2020

Contact author: nitrieu at asu edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/1011

[ Cryptology ePrint archive ]