Paper 2024/789

Maliciously Secure Circuit-PSI via SPDZ-Compatible Oblivious PRF

Abstract

Circuit Private Set Intersection (Circuit-PSI) allows two parties to compute any functionality $f$ on items in the intersection of their input sets without revealing any information about the intersection set. It is a well-known variant of PSI and has numerous practical applications. However, existing circuit-PSI protocols only provide security against \textit{semi-honest} adversaries. One straightforward solution is to extend a pure garbled-circuit-based PSI (NDSS'12) to a maliciously secure circuit-PSI, but it will result in non-concrete complexity. Another is converting state-of-the-art semi-honest circuit-PSI protocols (EUROCRYPT'21; PoPETS'22) to be secure in the malicious setting. However, it will come across \textit{the consistency issue} since parties can not guarantee the inputs of functionality $f$ stay unchanged as obtained from the last step. This paper addresses the aforementioned issue by introducing the first maliciously secure circuit-PSI protocol. The central building block named Distributed Dual-key Oblivious PRF (DDOPRF), provides an oblivious evaluation of secret-shared inputs with dual keys. Additionally, we ensure the compatibility of DDOPRF with SPDZ, enhancing the versatility of our circuit-PSI protocol. Notably, our construction allows us to guarantee fairness within circuit-PSI effortlessly. Importantly, our circuit-PSI protocol also achieves online linear computation and communication complexities.