Cryptology ePrint Archive: Report 2020/193

PSI from PaXoS: Fast, Malicious Private Set Intersection

Benny Pinkas and Mike Rosulek and Ni Trieu and Avishay Yanai

Abstract: We present a 2-party private set intersection (PSI) protocol which provides security against malicious participants, yet is almost as fast as the fastest known semi-honest PSI protocol of Kolesnikov et al. (CCS 2016).

Our protocol is based on a new approach for two-party PSI, which can be instantiated to provide security against either malicious or semi-honest adversaries. The protocol is unique in that the only difference between the semi-honest and malicious versions is an instantiation with different parameters for a linear error-correction code. It is also the first PSI protocol which is concretely efficient while having linear communication and security against malicious adversaries, while running in the OT-hybrid model (assuming a non-programmable random oracle).

State of the art semi-honest PSI protocols take advantage of cuckoo hashing, but it has proven a challenge to use cuckoo hashing for malicious security. Our protocol is the first to use cuckoo hashing for malicious-secure PSI. We do so via a new data structure, called a probe-and-XOR of strings (PaXoS), which may be of independent interest. This abstraction captures important properties of previous data structures, most notably garbled Bloom filters. While an encoding by a garbled Bloom filter is larger by a factor of $O(\lambda)$ than the original data, we describe a significantly improved PaXoS based on cuckoo hashing that achieves constant rate while being no worse in other relevant efficiency measures.

Category / Keywords: cryptographic protocols / private set intersection

Date: received 16 Feb 2020, last revised 16 Feb 2020

Contact author: ay yanay at gmail com,benny@pinkas net,rosulekm@oregonstate edu,trieun@oregonstate edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2020/193

[ Cryptology ePrint archive ]