Efficient Set Intersection with Simulation-Based Security

Michael J. Freedman; Carmit Hazay; Kobbi Nissim; Benny Pinkas

doi:10.1007/s00145-014-9190-0

Efficient Set Intersection with Simulation-Based Security

Michael J. Freedman, Carmit Hazay, Kobbi Nissim, Benny Pinkas

Research output: Contribution to journal › Article › peer-review

103 Scopus citations

Abstract

We consider the problem of computing the intersection of private datasets of two parties, where the datasets contain lists of elements taken from a large domain. This problem has many applications for online collaboration. In this work, we present protocols based on the use of homomorphic encryption and different hashing schemes for both the semi-honest and malicious environments. The protocol for the semi-honest environment is secure in the standard model, while the protocol for the malicious environment is secure in the random oracle model. Our protocols obtain linear communication and computation overhead. We further implement different variants of our semi-honest protocol. Our experiments show that the asymptotic overhead of the protocol is affected by different constants. (In particular, the degree of the polynomials evaluated by the protocol matters less than the number of polynomials that are evaluated.) As a result, the protocol variant with the best asymptotic overhead is not necessarily preferable for inputs of reasonable size.

Original language	English
Pages (from-to)	115-155
Number of pages	41
Journal	Journal of Cryptology
Volume	29
Issue number	1
Early online date	24 Oct 2014
DOIs	https://doi.org/10.1007/s00145-014-9190-0
State	Published - 1 Jan 2016

Bibliographical note

Publisher Copyright:
© 2014, International Association for Cryptologic Research.

Funding

Research partially supported by a grant from the Israel Ministry of Science and Technology (Grant No. 3-10883). Research partially supported by the Israel Science Foundation (Grant No. 860/06). Research partially supported by the European Unions 7th Framework Program (FP7/2007-2013) under Grant Agreement No. 609611 (PRACTICE) and by a grant from the Israel Ministry of Science and Technology (Grant No. 3-9094).

Funders	Funder number
European Unions 7th Framework Program
FP7/2007	609611, 3-9094
Seventh Framework Programme	208173
Israel Science Foundation	860/06
Ministry of science and technology, Israel	3-10883

Access to Document

10.1007/s00145-014-9190-0

Cite this

@article{3a509c4c4efe44b48a0e2a87d64ca6ba,

title = "Efficient Set Intersection with Simulation-Based Security",

abstract = "We consider the problem of computing the intersection of private datasets of two parties, where the datasets contain lists of elements taken from a large domain. This problem has many applications for online collaboration. In this work, we present protocols based on the use of homomorphic encryption and different hashing schemes for both the semi-honest and malicious environments. The protocol for the semi-honest environment is secure in the standard model, while the protocol for the malicious environment is secure in the random oracle model. Our protocols obtain linear communication and computation overhead. We further implement different variants of our semi-honest protocol. Our experiments show that the asymptotic overhead of the protocol is affected by different constants. (In particular, the degree of the polynomials evaluated by the protocol matters less than the number of polynomials that are evaluated.) As a result, the protocol variant with the best asymptotic overhead is not necessarily preferable for inputs of reasonable size.",

author = "Freedman, {Michael J.} and Carmit Hazay and Kobbi Nissim and Benny Pinkas",

note = "Publisher Copyright: {\textcopyright} 2014, International Association for Cryptologic Research.",

year = "2016",

month = jan,

day = "1",

doi = "10.1007/s00145-014-9190-0",

language = "אנגלית",

volume = "29",

pages = "115--155",

journal = "Journal of Cryptology",

issn = "0933-2790",

publisher = "Springer New York",

number = "1",

}

TY - JOUR

T1 - Efficient Set Intersection with Simulation-Based Security

AU - Freedman, Michael J.

AU - Hazay, Carmit

AU - Nissim, Kobbi

AU - Pinkas, Benny

PY - 2016/1/1

Y1 - 2016/1/1

N2 - We consider the problem of computing the intersection of private datasets of two parties, where the datasets contain lists of elements taken from a large domain. This problem has many applications for online collaboration. In this work, we present protocols based on the use of homomorphic encryption and different hashing schemes for both the semi-honest and malicious environments. The protocol for the semi-honest environment is secure in the standard model, while the protocol for the malicious environment is secure in the random oracle model. Our protocols obtain linear communication and computation overhead. We further implement different variants of our semi-honest protocol. Our experiments show that the asymptotic overhead of the protocol is affected by different constants. (In particular, the degree of the polynomials evaluated by the protocol matters less than the number of polynomials that are evaluated.) As a result, the protocol variant with the best asymptotic overhead is not necessarily preferable for inputs of reasonable size.

AB - We consider the problem of computing the intersection of private datasets of two parties, where the datasets contain lists of elements taken from a large domain. This problem has many applications for online collaboration. In this work, we present protocols based on the use of homomorphic encryption and different hashing schemes for both the semi-honest and malicious environments. The protocol for the semi-honest environment is secure in the standard model, while the protocol for the malicious environment is secure in the random oracle model. Our protocols obtain linear communication and computation overhead. We further implement different variants of our semi-honest protocol. Our experiments show that the asymptotic overhead of the protocol is affected by different constants. (In particular, the degree of the polynomials evaluated by the protocol matters less than the number of polynomials that are evaluated.) As a result, the protocol variant with the best asymptotic overhead is not necessarily preferable for inputs of reasonable size.

UR - http://www.scopus.com/inward/record.url?scp=84955414958&partnerID=8YFLogxK

U2 - 10.1007/s00145-014-9190-0

DO - 10.1007/s00145-014-9190-0

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

SN - 0933-2790

VL - 29

SP - 115

EP - 155

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 1

ER -

Efficient Set Intersection with Simulation-Based Security

Abstract

Bibliographical note

Funding

Access to Document

Other files and links

Fingerprint

Cite this