Paper 2021/1116

Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication

Kelong Cong, Radames Cruz Moreno, Mariana Botelho da Gama, Wei Dai, Ilia Iliashenko, Kim Laine, and Michael Rosenberg

Abstract

It is known that fully homomorphic encryption (FHE) can be used to build efficient (labeled) Private Set Intersection protocols in the unbalanced setting, where one of the sets is much larger than the other (Chen et al. (CCS'17, CCS'18)). In this paper we demonstrate multiple algorithmic improvements upon these works. In particular, our protocol has an asymptotically better computation cost, requiring only $O(\sqrt{|X|})$ homomorphic multiplications, and communication complexity sublinear in the larger set size $|X|$. We demonstrate that our protocol is significantly better than that of Chen et al. (CCS'18) for many practical parameters, especially in terms of online communication cost. For example, when intersecting $$ and $$ item sets, our protocol reduces the online computation time by more than 83% and communication by more than 32%. When intersecting $$ and $$ item sets, our protocol reduces the online computation time by 50% and communication by 52%. Our comparison to other state-of-the-art unbalanced PSI protocols shows that our protocol has the best total communication complexity when $$. For labeled PSI our protocol also outperforms Chen et al. (CCS'18). When intersecting $$ and $$ item sets, with the larger set having associated $$-byte labels, our protocol reduces the online computation time by more than 85% and communication by 36%. Finally, we demonstrate a modification that results in nearly constant communication cost in the larger set size $$, but impractically high computation complexity on today's CPUs. For example, to intersect a $$-item set with sets of size $$, $$, or $$, our proof-of-concept implementation requires only $$ MB of online communication, which is more than a $$-fold improvement over Chen et al. (CCS'18).