Paper 2025/162

Learning from Functionality Outputs: Private Join and Compute in the Real World

Francesca Falzon, ETH Zurich
Tianxin Tang, Eindhoven University of Technology
Abstract

Private Join and Compute (PJC) is a two-party protocol recently proposed by Google for various use-cases, including ad conversion (Asiacrypt 2021) and which generalizes their deployed private set intersection sum (PSI-SUM) protocol (EuroS&P 2020). PJC allows two parties, each holding a key-value database, to privately evaluate the inner product of the values whose keys lie in the intersection. While the functionality output is not typically considered in the security model of the MPC literature, it may pose real-world privacy risks, thus raising concerns about the potential deployment of protocols like PJC. In this work, we analyze the risks associated with the PJC functionality output. We consider an adversary that is a participating party of PJC and describe four practical attacks that break the other party's input privacy, and which are able to recover both membership of keys in the intersection and their associated values. Our attacks consider the privacy threats associated with deployment and highlight the need to include the functionality output as part of the MPC security model.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Minor revision. USENIX Security 2025
Keywords
private set intersectionprivate join and computeMPC
Contact author(s)
ffalzon @ ethz ch
ac tianxin tang @ gmail com
History
2025-02-05: approved
2025-02-03: received
See all versions
Short URL
https://ia.cr/2025/162
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/162,
      author = {Francesca Falzon and Tianxin Tang},
      title = {Learning from Functionality Outputs: Private Join and Compute in the Real World},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/162},
      year = {2025},
      url = {https://eprint.iacr.org/2025/162}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.