Private set intersection: A systematic literature review

Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.This work has been partially supported by the projects: BIGPrivDATA (UMA20-FEDERJA-082) from the FEDER Andalucía 2014– 2020 Program and SecTwin 5.0 funded by the Ministry of Science and Innovation, Spain, and the European Union (Next Generation EU) (TED2021-129830B-I00). The first author has been funded by the Spanish Ministry of Education under the National F.P.U. Program (FPU19/01118). Funding for open access charge: Universidad de Málaga/CBU

Efficient Delegated Private Set Intersection on Outsourced Private Datasets

Private set intersection (PSI) is an essential cryptographic protocol that has many real world applications. As cloud computing power and popularity have been swiftly growing, it is now desirable to leverage the cloud to store private datasets and delegate PSI computation to it. Although a set of efficient PSI protocols have been designed, none support outsourcing of the datasets and the computation. In this paper, we propose two protocols for delegated PSI computation on outsourced private datasets. Our protocols have a unique combination of properties that make them particularly appealing for a cloud computing setting. Our first protocol, O-PSI, satisfies these properties by using additive homomorphic encryption and point-value polynomial representation of a set. Our second protocol, EO-PSI, is mainly based on a hash table and point-value polynomial representation and it does not require public key encryption; meanwhile, it retains all the desirable properties and is much more efficient than the first one. We also provide a formal security analysis of the two protocols in the semi-honest model and we analyze their performance utilizing prototype implementations we have developed. Our performance analysis shows that EO-PSI scales well and is also more efficient than similar state-of-the-art protocols for large set sizes

Improved Secure Efficient Delegated Private Set Intersection

Private Set Intersection (PSI) is a vital cryptographic technique used for securely computing common data of different sets. In PSI protocols, often two parties hope to find their common set elements without needing to disclose their uncommon ones. In recent years, the cloud has been playing an influential role in PSI protocols which often need huge computational tasks. In 2017, Abadi et al. introduced a scheme named EO-PSI which uses a cloud to pass on the main computations to it and does not include any public-key operations. In EO-PSI, parties need to set up secure channels beforehand; otherwise, an attacker can easily eavesdrop on communications between honest parties and find private information. This paper presents an improved EO-PSI scheme which has the edge on the previous scheme in terms of privacy and complexity. By providing possible attacks on the prior scheme, we show the necessity of using secure channels between parties. Also, our proposed protocol is secure against passive attacks without having to have any secure channels. We measure the protocol's overhead and show that computational complexity is considerably reduced and also is fairer compared to the previous scheme.Comment: 6 pages, presented in proceedings of the 28th Iranian Conference on Electrical Engineering (ICEE 2020). Final version of the paper has been adde

Verifiable Delegated Set Intersection Operations on Outsourced Encrypted Data

We initiate the study of the following problem: Suppose Alice and Bob would like to outsource their encrypted private data sets to the cloud, and they also want to conduct the set intersection operation on their plaintext data sets. The straightforward solution for them is to download their outsourced ciphertexts, decrypt the ciphertexts locally, and then execute a commodity two-party set intersection protocol. Unfortunately, this solution is not practical. We therefore motivate and introduce the novel notion of {\em Verifiable Delegated Set Intersection on outsourced encrypted data} (VDSI). The basic idea is to delegate the set intersection operation to the cloud, while (i) not giving the decryption capability to the cloud, and (ii) being able to hold the misbehaving cloud accountable. We formalize security properties of VDSI and present a construction. In our solution, the computational and communication costs on the users are linear to the size of the intersection set, meaning that the efficiency is optimal up to a constant factor

A Practical, Secure, and Verifiable Cloud Computing for Mobile Systems

Cloud computing systems, in which clients rent and share computing resources of third party platforms, have gained widespread use in recent years. Furthermore, cloud computing for mobile systems (i.e., systems in which the clients are mobile devices) have too been receiving considerable attention in technical literature. We propose a new method of delegating computations of resource-constrained mobile clients, in which multiple servers interact to construct an encrypted program known as garbled circuit. Next, using garbled inputs from a mobile client, another server executes this garbled circuit and returns the resulting garbled outputs. Our system assures privacy of the mobile client's data, even if the executing server chooses to collude with all but one of the other servers. We adapt the garbled circuit design of Beaver et al. and the secure multiparty computation protocol of Goldreich et al. for the purpose of building a secure cloud computing for mobile systems. Our method incorporates the novel use of the cryptographically secure pseudo random number generator of Blum et al. that enables the mobile client to efficiently retrieve the result of the computation, as well as to verify that the evaluator actually performed the computation. We analyze the server-side and client-side complexity of our system. Using real-world data, we evaluate our system for a privacy preserving search application that locates the nearest bank/ATM from the mobile client. We also measure the time taken to construct and evaluate the garbled circuit for varying number of servers, demonstrating the feasibility of our secure and verifiable cloud computing for mobile systems

The legal framework for corporate governance: explaining the development of contract law in Germany and the United States

How are new forms of industrial organization accommodated into a countryslegal frameworks, and what effect does this have on the ability of firms toinnovate. Variations in the broad institutional organization of the German andUS political economies result in different processes of contract lawmodernization in the two countries, with important implications for innovation trajectories. The German institutional infrastructure encourages firms todevelop cooperative diversified quality production (DQP) inter-firm strategies.This is promoted through highly regulative contract laws and the existence ofstrong trade associations that firms engage to create standardized industryframeworks. These contracting arrangements allow the diffusion ofstandardized governance structures showing firms how to create rules neededto manage complex new forms of organization. While strongly supporting DQPstrategies and discouraging opportunistic product market strategies, Germanpatterns of contract law regulation place important constraints against moreinnovative product market strategies. In the United States legal resources aredecentralized across firms, trade associations have few law-makingcompetencies, and courts do not regulate the distribution of risks across firms.Contractual frameworks are developed on a firm-by-firm basis and slowlyaccommodated within the legal system through the generation of courtprecedent. This system encourages radical innovation in the law, an importantprerequisite for innovative product market strategies more generally. However,the paper shows that a necessary trade-off of legal innovation in the US is thatcourts cannot implement German-style contract law regulation to constrainopportunism, while the decentralization of legal resource inhibits the creation ofstandardized contractual frameworks needed for DQP strategies. Through anextensive game theory analysis of bargaining between courts and large firms,the paper explains why these equilibria are maintained, despite strong incentives in the German case for some large firms to deviate. -- Wie sind neue Formen industrieller Organisation an die rechtliche Verfaßtheiteines Landes angepaßt und welche Folgen hat dies für die Innovationsfähigkeitvon Unternehmen . Generelle Unterschiede in der institutionellen Organisationder jeweiligen politischen Ökonomie in Deutschland und in den USA führen zu unterschiedlichen Formen der Modernisierung des Vertragsrechts in beidenLändern. Dies hat wichtige Auswirkungen auf den Typus der Innovations-Entwicklung.Die spezifische Ausprägung des Institutionengefüges in Deutschlandbegünstigt vor allem eine kooperativ angelegte diversifizierteQualitätsproduktion (DQP), an der mehrere Unternehmen beteiligt sind. Dieswird gestützt durch ein hochreguliertes Vertragsrecht und starkeGewerkschaften; die Verbände nutzen dies, um für alle Unternehmen geltendeRegelungen zu entwickeln. Diese Art, vertragliche Vereinbarungen zuentwickeln und zu gestalten, führt zu einer allmählichen Verbreitung allgemeingültiger Governance-Strukturen, durch die die Unternehmen erfahren, wie sie Regelungen entwickeln können, um neue, komplexe Formen der Zusammenarbeit zu managen. Das in Deutschland verbreitete Vertragsrecht erweist sich als vorteilhaft für DQP-Strategien und als hinderlich für kurzfristigorientierte Produktmarktstrategien; es führt aber auch zu schwerwiegenden Einschränkungen bei der Entwicklung innovationsorientierter Produktmarktstrategien.In den USA ist die juristische Kompetenz, gerade auch, was die Klärung juristischer Grundsatzfragen angeht, auf viele Unternehmen verteilt.Gewerkschaften haben nur geringe Möglichkeiten, die Gesetzgebung zubeeinflussen und die Gerichte regulieren nicht, wie die Risiken aus derZusammenarbeit von Unternehmen aufgeteilt werden. Die rechtlichen Rahmungen vertraglicher Vereinbarungen werden fallweise in Unternehmenentwickelt; gerichtliche Musterentscheidungen passen sie dann Schritt fürSchritt an die bestehenden gesetzlichen Regeln an. Dies begünstigt radikalereInnovationen in der Gesetzgebung; sie wiederum sind generell eine wichtige Voraussetzung für innovative Produktmarktstrategien. In dem Papier wird gezeigt, daß der schnellen Innovationskraft des amerikanischenGesetzgebungssystems als Nachteil gegenübersteht, daß die Gerichte keine Regulierungen einführen können, die dem in Deutschland entwickelten Vertragsrecht vergleichbar und durch das sehr schnelle, quasi opportunistische Marktorientierungen einzuschränken wären. Die Dezentralisierung juristischerKompetenz in den USA verhindert die Schaffung eines allgemein gültigenrechtlichen Rahmens, der wiederum Voraussetzung für eine diversifizierte Qualitätsproduktion ist.Durch eine ausführliche spieltheoretische Analyse von Aushandlungsprozessen zwischen Großunternehmen und Gerichten wirderklärt, warum sich die jeweils spezifischen Gleichgewichtssituationen erhalten, auch wenn es in Deutschland für einige Großunternehmen starke Anreize gibt, davon abzuweichen.

Smarter Data Availability Checks in the Cloud: Proof of Storage via Blockchain

Cloud computing offers clients flexible and cost-effective resources. Nevertheless, past incidents indicate that the cloud may misbehave by exposing or tampering with clients' data. Therefore, it is vital for clients to protect the confidentiality and integrity of their outsourced data. To address these issues, researchers proposed cryptographic protocols called “proof of storage” that let a client efficiently verify the integrity or availability of its data stored in a remote cloud server. However, in these schemes, the client either has to be online to perform the verification itself or has to delegate the verification to a fully trusted auditor. In this chapter, a new scheme is proposed that lets the client distribute its data replicas among multiple cloud servers to achieve high availability without the need for the client to be online for the verification and without a trusted auditor's involvement. The new scheme is mainly based on blockchain smart contracts. It illustrates how a combination of cloud computing and blockchain technology can resolve real-world problems

Outsourcing Multi-Party Computation

We initiate the study of secure multi-party computation (MPC) in a server-aided setting, where the parties have access to a single server that (1) does not have any input to the computation; (2) does not receive any output from the computation; but (3) has a vast (but bounded) amount of computational resources. In this setting, we are concerned with designing protocols that minimize the computation of the parties at the expense of the server. We develop new definitions of security for this server-aided setting, that generalize the standard simulation-based definitions for MPC, and allow us to formally capture the existence of dishonest but non-colluding participants. This requires us to introduce a formal characterization of non-colluding adversaries that may be of independent interest. We then design general and special-purpose server-aided MPC protocols that are more efficient (in terms of computation and communication) for the parties than the alternative of running a standard MPC protocol (i.e., without the server). Our main general-purpose protocol provides security when there is at least one honest party with input. We also construct a new and efficient server-aided protocol for private set intersection and give a general transformation from any secure delegated computation scheme to a server-aided two-party protocol

Secure Computation in Heterogeneous Environments: How to Bring Multiparty Computation Closer to Practice?

Many services that people use daily require computation that depends on the private data of multiple parties. While the utility of the final result of such interactions outweighs the privacy concerns related to output release, the inputs for such computations are much more sensitive and need to be protected. Secure multiparty computation (MPC) considers the question of constructing computation protocols that reveal nothing more about their inputs than what is inherently leaked by the output. There have been strong theoretical results that demonstrate that every functionality can be computed securely. However, these protocols remain unused in practical solutions since they introduce efficiency overhead prohibitive for most applications. Generic multiparty computation techniques address homogeneous setups with respect to the resources available to the participants and the adversarial model. On the other hand, realistic scenarios present a wide diversity of heterogeneous environments where different participants have different available resources and different incentives to misbehave and collude. In this thesis we introduce techniques for multiparty computation that focus on heterogeneous settings. We present solutions tailored to address different types of asymmetric constraints and improve the efficiency of existing approaches in these scenarios. We tackle the question from three main directions: New Computational Models for MPC - We explore different computational models that enable us to overcome inherent inefficiencies of generic MPC solutions using circuit representation for the evaluated functionality. First, we show how we can use random access machines to construct MPC protocols that add only polylogarithmic overhead to the running time of the insecure version of the underlying functionality. This allows to achieve MPC constructions with computational complexity sublinear in the size for their inputs, which is very important for computations that use large databases. We also consider multivariate polynomials which yield more succinct representations for the functionalities they implement than circuits, and at the same time a large collection of problems are naturally and efficiently expressed as multivariate polynomials. We construct an MPC protocol for multivariate polynomials, which improves the communication complexity of corresponding circuit solutions, and provides currently the most efficient solution for multiparty set intersection in the fully malicious case. Outsourcing Computation - The goal in this setting is to utilize the resources of a single powerful service provider for the work that computationally weak clients need to perform on their data. We present a new paradigm for constructing verifiable computation (VC) schemes, which enables a computationally limited client to verify efficiently the result of a large computation. Our construction is based on attribute-based encryption and avoids expensive primitives such as fully homomorphic encryption andprobabilistically checkable proofs underlying existing VC schemes. Additionally our solution enjoys two new useful properties: public delegation and verification. We further introduce the model of server-aided computation where we utilize the computational power of an outsourcing party to assist the execution and improve the efficiency of MPC protocols. For this purpose we define a new adversarial model of non-collusion, which provides room for more efficient constructions that rely almost completely only on symmetric key operations, and at the same time captures realistic settings for adversarial behavior. In this model we propose protocols for generic secure computation that offload the work of most of the parties to the computation server. We also construct a specialized server-aided two party set intersection protocol that achieves better efficiencies for the two participants than existing solutions. Outsourcing in many cases concerns only data storage and while outsourcing the data of a single party is useful, providing a way for data sharing among different clients of the service is the more interesting and useful setup. However, this scenario brings new challenges for access control since the access control rules and data accesses become private data for the clients with respect to the service provide. We propose an approach that offers trade-offs between the privacy provided for the clients and the communication overhead incurred for each data access. Efficient Private Search in Practice - We consider the question of private search from a different perspective compared to traditional settings for MPC. We start with strict efficiency requirements motivated by speeds of available hardware and what is considered acceptable overhead from practical point of view. Then we adopt relaxed definitions of privacy, which still provide meaningful security guarantees while allowing us to meet the efficiency requirements. In this setting we design a security architecture and implement a system for data sharing based on encrypted search, which achieves only 30% overhead compared to non-secure solutions on realistic workloads