Scalable Private Set Intersection Cardinality for Capture-Recapture with Multiple Private Datasets

In many scenarios it is beneficial to share private data among parties without mutual trust. One such scenario is the use of capture-recapture (CR) techniques to estimate population sizes from multiple private data sources of observed individuals. With Private Set Intersection Cardinality (PSIC) techniques, we can use CR with datasets from multiple parties while ensuring the privacy of the data of each party. However, existing PSIC techniques have limitations, for example they only work for two parties, and they do not scale well for large datasets. We propose an improved technique based on commutative encryption and deterministic hash-based sampling that is secure and scalable, and also prevents so-called probing attacks. We demonstrate with a prototype that our technique scales easily to datasets of at least 1–2 billion entries at the cost of a small sampling error.