Cryptology ePrint Archive: Report 2021/1009

Polynomial Representation Is Tricky: Maliciously Secure Private Set Intersection Revisited

Aydin Abadi and Steven J. Murdoch and Thomas Zacharias

Abstract: Private Set Intersection protocols (PSIs) allow parties to compute the intersection of their private sets, such that nothing about the sets’ elements beyond the intersection is revealed. PSIs have a variety of applications, primarily in efficiently supporting data sharing in a privacy-preserving manner. At Eurocrypt 2019, Ghosh and Nilges pro- posed three efficient PSIs based on the polynomial representation of sets and proved their security against active adversaries. In this work, we show that these three PSIs are susceptible to several serious attacks. The attacks let an adversary (1) learn the correct intersection while making its victim believe that the intersection is empty, (2) learn a certain element of its victim’s set beyond the intersection, and (3) delete multiple elements of its victim’s input set. We explain why the proofs did not identify these attacks and propose a set of mitigations

Category / Keywords: cryptographic protocols / Private Set Intersection, Multi-party Computation, Cryptographic Protocols, Cryptanalysis

Date: received 29 Jul 2021

Contact author: aydin abadi at ucl ac uk, s murdoch at ucl ac uk, thomas zacharias at ed ac uk

Available format(s): PDF | BibTeX Citation

Version: 20210806:072102 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]