TY - GEN
T1 - Secure set intersection with untrusted hardware tokens
AU - Fischlin, Marc
AU - Pinkas, Benny
AU - Sadeghi, Ahmad Reza
AU - Schneider, Thomas
AU - Visconti, Ivan
N1 - Place of conference:San Francisco, CA, USA
PY - 2011
Y1 - 2011
N2 - Secure set intersection protocols are the core building block for a manifold of privacy-preserving applications. In a recent work, Hazay and Lindell (ACM CCS 2008) introduced the idea of using trusted hardware tokens for the set intersection problem, devising protocols which improve over previous (in the standard model of two-party computation) protocols in terms of efficiency and secure composition. Their protocol uses only a linear number of symmetrickey computations and the amount of data stored in the token does not depend on the sizes of the sets. The security proof of the protocol is in the universal composability model and is based on the strong assumption that the token is trusted by both parties. In this paper we revisit the idea and model of hardware-based secure set intersection, and in particular consider a setting where tokens are not necessarily trusted by both participants to additionally cover threats like side channel attacks, firmware trapdoors and malicious hardware. Our protocols are very efficient and achieve the same level of security as those by Hazay and Lindell for trusted tokens. For untrusted tokens, our protocols ensure privacy against malicious adversaries, and correctness facing covert adversaries.
AB - Secure set intersection protocols are the core building block for a manifold of privacy-preserving applications. In a recent work, Hazay and Lindell (ACM CCS 2008) introduced the idea of using trusted hardware tokens for the set intersection problem, devising protocols which improve over previous (in the standard model of two-party computation) protocols in terms of efficiency and secure composition. Their protocol uses only a linear number of symmetrickey computations and the amount of data stored in the token does not depend on the sizes of the sets. The security proof of the protocol is in the universal composability model and is based on the strong assumption that the token is trusted by both parties. In this paper we revisit the idea and model of hardware-based secure set intersection, and in particular consider a setting where tokens are not necessarily trusted by both participants to additionally cover threats like side channel attacks, firmware trapdoors and malicious hardware. Our protocols are very efficient and achieve the same level of security as those by Hazay and Lindell for trusted tokens. For untrusted tokens, our protocols ensure privacy against malicious adversaries, and correctness facing covert adversaries.
KW - cryptographic protocols
KW - set intersection
KW - untrusted hardware
UR - http://www.scopus.com/inward/record.url?scp=79951794503&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-19074-2_1
DO - 10.1007/978-3-642-19074-2_1
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:79951794503
SN - 9783642190735
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 16
BT - Topics in Cryptology - CT-RSA 2011 - The Cryptographers' Track at the RSA Conference 2011, Proceedings
T2 - 11th Cryptographers' Track at the RSA Conference 2011: Topics in Cryptology, CT-RSA 2011
Y2 - 14 February 2011 through 18 February 2011
ER -