SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension

Benny Pinkas; Mike Rosulek; Ni Trieu; Avishay Yanai

doi:10.1007/978-3-030-26954-8_13

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension

Benny Pinkas
, Mike Rosulek
, Ni Trieu
, Avishay Yanai

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

174 Scopus citations

Abstract

We describe a novel approach for two-party private set intersection (PSI) with semi-honest security. Compared to existing PSI protocols, ours has a more favorable balance between communication and computation. Specifically, our protocol has the lowest monetary cost of any known PSI protocol, when run over the Internet using cloud-based computing services (taking into account current rates for CPU + data). On slow networks (e.g., 10 Mbps) our protocol is actually the fastest. Our novel underlying technique is a variant of oblivious transfer (OT) extension that we call sparse OT extension. Conceptually it can be thought of as a communication-efficient multipoint oblivious PRF evaluation. Our sparse OT technique relies heavily on manipulating high-degree polynomials over large finite fields (i.e. elements whose representation requires hundreds of bits). We introduce extensive algorithmic and engineering improvements for interpolation and multi-point evaluation of such polynomials, which we believe will be of independent interest. Finally, we present an extensive empirical comparison of state-of-the-art PSI protocols in several application scenarios and along several dimensions of measurement: running time, communication, peak memory consumption, and—arguably the most relevant metric for practice—monetary cost.

Original language	English
Title of host publication	Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings
Editors	Daniele Micciancio, Alexandra Boldyreva
Publisher	Springer Verlag
Pages	401-431
Number of pages	31
ISBN (Print)	9783030269531
DOIs	https://doi.org/10.1007/978-3-030-26954-8_13
State	Published - 2019
Event	39th Annual International Cryptology Conference, CRYPTO 2019 - Santa Barbara, United States Duration: 18 Aug 2019 → 22 Aug 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11694 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	39th Annual International Cryptology Conference, CRYPTO 2019
Country/Territory	United States
City	Santa Barbara
Period	18/08/19 → 22/08/19

Bibliographical note

Publisher Copyright:
© 2019, International Association for Cryptologic Research.

Funding

B. Pinkas—Supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office, and by a grant from the Israel Science Foundation. M. Rosulek—Partially supported by NSF award 1617197, a Google faculty award, and a Visa faculty award. B. Pinkas?Supported by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister?s Office, and by a grant from the Israel Science Foundation. M. Rosulek?Partially supported by NSF award 1617197, a Google faculty award, and a Visa faculty award.

Funders	Funder number
Google faculty
Israel National Cyber Bureau
National Science Foundation	1617197
National Sleep Foundation
Google
Israel Science Foundation
Center for Research in Applied Cryptography and Cyber Security, Bar-Ilan University

Access to Document

10.1007/978-3-030-26954-8_13

Cite this

Pinkas, B., Rosulek, M., Trieu, N., & Yanai, A. (2019). SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension. In D. Micciancio, & A. Boldyreva (Eds.), Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings (pp. 401-431). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11694 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-26954-8_13

Pinkas, Benny ; Rosulek, Mike ; Trieu, Ni et al. / SpOT-Light : Lightweight Private Set Intersection from Sparse OT Extension. Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings. editor / Daniele Micciancio ; Alexandra Boldyreva. Springer Verlag, 2019. pp. 401-431 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{d959c57fd5c7437ea53887f44bc174d8,

title = "SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension",

abstract = "We describe a novel approach for two-party private set intersection (PSI) with semi-honest security. Compared to existing PSI protocols, ours has a more favorable balance between communication and computation. Specifically, our protocol has the lowest monetary cost of any known PSI protocol, when run over the Internet using cloud-based computing services (taking into account current rates for CPU + data). On slow networks (e.g., 10 Mbps) our protocol is actually the fastest. Our novel underlying technique is a variant of oblivious transfer (OT) extension that we call sparse OT extension. Conceptually it can be thought of as a communication-efficient multipoint oblivious PRF evaluation. Our sparse OT technique relies heavily on manipulating high-degree polynomials over large finite fields (i.e. elements whose representation requires hundreds of bits). We introduce extensive algorithmic and engineering improvements for interpolation and multi-point evaluation of such polynomials, which we believe will be of independent interest. Finally, we present an extensive empirical comparison of state-of-the-art PSI protocols in several application scenarios and along several dimensions of measurement: running time, communication, peak memory consumption, and—arguably the most relevant metric for practice—monetary cost.",

author = "Benny Pinkas and Mike Rosulek and Ni Trieu and Avishay Yanai",

note = "Publisher Copyright: {\textcopyright} 2019, International Association for Cryptologic Research.; 39th Annual International Cryptology Conference, CRYPTO 2019 ; Conference date: 18-08-2019 Through 22-08-2019",

year = "2019",

doi = "10.1007/978-3-030-26954-8\_13",

language = "אנגלית",

isbn = "9783030269531",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "401--431",

editor = "Daniele Micciancio and Alexandra Boldyreva",

booktitle = "Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings",

address = "גרמניה",

}

Pinkas, B, Rosulek, M, Trieu, N & Yanai, A 2019, SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension. in D Micciancio & A Boldyreva (eds), Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11694 LNCS, Springer Verlag, pp. 401-431, 39th Annual International Cryptology Conference, CRYPTO 2019, Santa Barbara, United States, 18/08/19. https://doi.org/10.1007/978-3-030-26954-8_13

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension. / Pinkas, Benny; Rosulek, Mike; Trieu, Ni et al.
Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings. ed. / Daniele Micciancio; Alexandra Boldyreva. Springer Verlag, 2019. p. 401-431 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11694 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SpOT-Light

T2 - 39th Annual International Cryptology Conference, CRYPTO 2019

AU - Pinkas, Benny

AU - Rosulek, Mike

AU - Trieu, Ni

AU - Yanai, Avishay

PY - 2019

Y1 - 2019

N2 - We describe a novel approach for two-party private set intersection (PSI) with semi-honest security. Compared to existing PSI protocols, ours has a more favorable balance between communication and computation. Specifically, our protocol has the lowest monetary cost of any known PSI protocol, when run over the Internet using cloud-based computing services (taking into account current rates for CPU + data). On slow networks (e.g., 10 Mbps) our protocol is actually the fastest. Our novel underlying technique is a variant of oblivious transfer (OT) extension that we call sparse OT extension. Conceptually it can be thought of as a communication-efficient multipoint oblivious PRF evaluation. Our sparse OT technique relies heavily on manipulating high-degree polynomials over large finite fields (i.e. elements whose representation requires hundreds of bits). We introduce extensive algorithmic and engineering improvements for interpolation and multi-point evaluation of such polynomials, which we believe will be of independent interest. Finally, we present an extensive empirical comparison of state-of-the-art PSI protocols in several application scenarios and along several dimensions of measurement: running time, communication, peak memory consumption, and—arguably the most relevant metric for practice—monetary cost.

AB - We describe a novel approach for two-party private set intersection (PSI) with semi-honest security. Compared to existing PSI protocols, ours has a more favorable balance between communication and computation. Specifically, our protocol has the lowest monetary cost of any known PSI protocol, when run over the Internet using cloud-based computing services (taking into account current rates for CPU + data). On slow networks (e.g., 10 Mbps) our protocol is actually the fastest. Our novel underlying technique is a variant of oblivious transfer (OT) extension that we call sparse OT extension. Conceptually it can be thought of as a communication-efficient multipoint oblivious PRF evaluation. Our sparse OT technique relies heavily on manipulating high-degree polynomials over large finite fields (i.e. elements whose representation requires hundreds of bits). We introduce extensive algorithmic and engineering improvements for interpolation and multi-point evaluation of such polynomials, which we believe will be of independent interest. Finally, we present an extensive empirical comparison of state-of-the-art PSI protocols in several application scenarios and along several dimensions of measurement: running time, communication, peak memory consumption, and—arguably the most relevant metric for practice—monetary cost.

UR - https://www.scopus.com/pages/publications/85071658206

U2 - 10.1007/978-3-030-26954-8_13

DO - 10.1007/978-3-030-26954-8_13

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

SN - 9783030269531

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 401

EP - 431

BT - Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings

A2 - Micciancio, Daniele

A2 - Boldyreva, Alexandra

PB - Springer Verlag

Y2 - 18 August 2019 through 22 August 2019

ER -

Pinkas B, Rosulek M, Trieu N, Yanai A. SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension. In Micciancio D, Boldyreva A, editors, Advances in Cryptology – CRYPTO 2019 - 39th Annual International Cryptology Conference, Proceedings. Springer Verlag. 2019. p. 401-431. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-26954-8_13

SpOT-Light: Lightweight Private Set Intersection from Sparse OT Extension

Abstract

Publication series

Conference

Bibliographical note

Funding

Access to Document

Other files and links

Fingerprint

Cite this