Paper 2021/1009

Polynomial Representation Is Tricky: Maliciously Secure Private Set Intersection Revisited

Aydin Abadi, Steven J. Murdoch, and Thomas Zacharias

Abstract

Private Set Intersection protocols (PSIs) allow parties to compute the intersection of their private sets, such that nothing about the sets’ elements beyond the intersection is revealed. PSIs have a variety of applications, primarily in efficiently supporting data sharing in a privacy-preserving manner. At Eurocrypt 2019, Ghosh and Nilges pro- posed three efficient PSIs based on the polynomial representation of sets and proved their security against active adversaries. In this work, we show that these three PSIs are susceptible to several serious attacks. The attacks let an adversary (1) learn the correct intersection while making its victim believe that the intersection is empty, (2) learn a certain element of its victim’s set beyond the intersection, and (3) delete multiple elements of its victim’s input set. We explain why the proofs did not identify these attacks and propose a set of mitigations

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Private Set IntersectionMulti-party ComputationCryptographic ProtocolsCryptanalysis
Contact author(s)
aydin abadi @ ucl ac uk
s murdoch @ ucl ac uk
thomas zacharias @ ed ac uk
History
2021-08-06: received
Short URL
https://ia.cr/2021/1009
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1009,
      author = {Aydin Abadi and Steven J.  Murdoch and Thomas Zacharias},
      title = {Polynomial Representation Is Tricky: Maliciously Secure Private Set Intersection Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1009},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1009}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.