Polynomial Representation Is Tricky: Maliciously Secure Private Set Intersection Revisited
نویسندگان
چکیده
Private Set Intersection protocols (PSIs) allow parties to compute the intersection of their private sets, such that nothing about sets’ elements beyond is revealed. PSIs have a variety applications, primarily in efficiently supporting data sharing privacy-preserving manner. At Eurocrypt 2019, Ghosh and Nilges proposed three efficient based on polynomial representation sets proved security against active adversaries. In this work, we show these are susceptible several serious attacks. The attacks let an adversary (1) learn correct while making its victim believe empty, (2) certain element victim’s set intersection, (3) delete multiple input set. We explain why proofs did not identify propose mitigations.
منابع مشابه
An Algebraic Approach to Maliciously Secure Private Set Intersection
Private set intersection is an important area of research and has been the focus of many works over the past decades. It describes the problem of finding an intersection between the input sets of at least two parties without revealing anything about the input sets apart from their intersection. In this paper, we present a new approach to compute the intersection between sets based on a primitiv...
متن کاملInvertible Polynomial Representation for Private Set Operations
In many private set operations, a set is represented by a polynomial over a ring Zσ for a composite integer σ, where Zσ is the message space of some additive homomorphic encryption. While it is useful for implementing set operations with polynomial additions and multiplications, a polynomial representation has a limitation due to the hardness of polynomial factorizations over Zσ. That is, it is...
متن کاملInformation Sharing Across Private Databases: Secure Union and Intersection Revisited
There is a growing demand for sharing information across multiple autonomous and private databases. The problem is usually formulated as a secure multiparty computation problem where a set of parties wish to jointly compute a function of their private inputs such that the parties learn only the result of the function but nothing else. In this paper we analyze existing and potential solutions fo...
متن کاملLinear-Complexity Private Set Intersection Protocols Secure in Malicious Model
Private Set Intersection (PSI) protocols allow one party (“client”) to compute an intersection of its input set with that of another party (“server”), such that the client learns nothing other than the set intersection and the server learns nothing beyond client input size. Prior work yielded a range of PSI protocols secure under different cryptographic assumptions. Protocols operating in the s...
متن کاملPractical Private Set Intersection Protocols
The constantly increasing dependence on anytime-anywhere availability of data and the commensurately increasing fear of losing privacy motivate the need for privacy-preserving techniques. One interesting and common problem occurs when two parties need to privately compute an intersection of their respective sets of data. In doing so, one or both parties must obtain the intersection (if one exis...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2021
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-030-88428-4_35