Bounded Size-Hiding Private Set Intersection

Private Set Intersection (PSI) and other private set operations have many current and emerging applications. Numerous PSI techniques have been proposed that vary widely in terms of underlying cryptographic primitives, security assumptions as well as complexity. One recent strand of PSI-related research focused on an additional privacy property of hiding participants’ input sizes. Despite some interesting results, only one (comparatively) practical size-hiding PSI (SH-PSI) has been demonstrated thus far [1]. One legitimate general criticism of size-hiding private set intersection is that the party that hides its input size can attempt to enumerate the entire (and possibly limited) domain of set elements, thus learning the other party’s entire input set. Although this “attack” goes beyond the honest-but-curious model, it motivates investigation of techniques that simultaneously hide and limit a participant’s input size. To this end, this paper explores the design of bounded size-hiding PSI techniques that allow one party to hide the size of its input while allowing the other party to limit that size. Its main contribution is a reasonably efficient (quasi-quadratic in input size) bSH-PSI protocol based on bounded keyed accumulators. This paper also studies the relationships between several flavors of the “Strong Diffie-Hellman” (SDH) problem

Private Projections & Variants

There are many realistic settings where two mutually suspicious parties need to share some specific information while keeping everything else private. Various privacy-preserving techniques (such as Private Set Intersection) have been proposed as general solutions. Based on timely real-world examples, this paper motivates the need for a new privacy tool, called Private Set Intersection with Projection (PSI-P). In it, Server has (at least) a two-attribute table and Client has a set of values. At the end of the protocol, based on all matches between Client\u27s set and values in one (search) attribute of Server’s database, Client should learn the set of elements corresponding to the second attribute, and nothing else. In particular the intersection of Client\u27s set and the set of values in the search attribute must remain hidden. We construct several efficient (linear complexity) protocols that approximate privacy required by PSI-P and suffice in many practical scenarios. We also provide a new construction for PSI-P with full privacy, albeit slightly less efficient. Its key building block is a new primitive called Existential Private Set Intersection (PSI-X) which yields a binary flag indicating whether the intersection of two private sets is empty or non-empty

Rich Queries on Encrypted Data: Beyond Exact Matches

We extend the searchable symmetric encryption (SSE) protocol of [Cash et al., Crypto\u2713] adding support for range, substring, wildcard, and phrase queries, in addition to the Boolean queries supported in the original protocol. Our techniques apply to the basic single-client scenario underlying the common SSE setting as well as to the more complex Multi-Client and Outsourced Symmetric PIR extensions of [Jarecki et al., CCS\u2713]. We provide performance information based on our prototype implementation, showing the practicality and scalability of our techniques to very large databases, thus extending the performance results of [Cash et al., NDSS\u2714] to these rich and comprehensive query types

Conclave: secure multi-party computation on big data (extended TR)

Secure Multi-Party Computation (MPC) allows mutually distrusting parties to run joint computations without revealing private data. Current MPC algorithms scale poorly with data size, which makes MPC on "big data" prohibitively slow and inhibits its practical use. Many relational analytics queries can maintain MPC's end-to-end security guarantee without using cryptographic MPC techniques for all operations. Conclave is a query compiler that accelerates such queries by transforming them into a combination of data-parallel, local cleartext processing and small MPC steps. When parties trust others with specific subsets of the data, Conclave applies new hybrid MPC-cleartext protocols to run additional steps outside of MPC and improve scalability further. Our Conclave prototype generates code for cleartext processing in Python and Spark, and for secure MPC using the Sharemind and Obliv-C frameworks. Conclave scales to data sets between three and six orders of magnitude larger than state-of-the-art MPC frameworks support on their own. Thanks to its hybrid protocols, Conclave also substantially outperforms SMCQL, the most similar existing system.Comment: Extended technical report for EuroSys 2019 pape

Storage Efficient Substring Searchable Symmetric Encryption

We address the problem of substring searchable encryption. A single user produces a big stream of data and later on wants to learn the positions in the string that some patterns occur. Although current techniques exploit auxiliary data structures to achieve efficient substring search on the server side, the cost at the user side may be prohibitive. We revisit the work of substring searchable encryption in order to reduce the storage cost of auxiliary data structures. Our solution entails a suffix array based index design, which allows optimal storage cost O (n) with small hidden factor at the size of the string n. We analyze the security of the protocol in the real ideal framework. Moreover, we implemented our scheme and the state of the art protocol [7] to demonstrate the performance advantage of our solution with precise benchmark results

Variants of Privacy Preserving Set Intersection and their Practical Applications

Private Set Intersection (PSI) is a cryptographic primitive that allows two network connected parties with hidden inputs to jointly compute the intersection of these inputs while keeping their specific inputs secret. PSI can be used as a building block for a variety of applications, most notably querying a remote relational database without revealing the query or the database. Many constructions of PSI exist, each building off of a subset of an assortment of cryptographic primitives such as: oblivious transfer, hash functions, garbled circuits, public key encryption and signature schemes, and basic number theoretic hardness assumptions. In this dissertation, we study variations of PSI and their practicality to modern day applications. Specifically, we study new security constraints for PSI that arise from applications such as genomics, consumer applications, and inter-agency information sharing. These constraints lead to several novel secure computation protocols. Through actualized prototypes of these schemes we conclude that, specialized PSI protocols are fast enough for use today, even on resource constrained hardware

Variants of Privacy Preserving Set Intersection and their Practical Applications

Private Set Intersection (PSI) is a cryptographic primitive that allows two network connected parties with hidden inputs to jointly compute the intersection of these inputs while keeping their specific inputs secret. PSI can be used as a building block for a variety of applications, most notably querying a remote relational database without revealing the query or the database. Many constructions of PSI exist, each building off of a subset of an assortment of cryptographic primitives such as: oblivious transfer, hash functions, garbled circuits, public key encryption and signature schemes, and basic number theoretic hardness assumptions. In this dissertation, we study variations of PSI and their practicality to modern day applications. Specifically, we study new security constraints for PSI that arise from applications such as genomics, consumer applications, and inter-agency information sharing. These constraints lead to several novel secure computation protocols. Through actualized prototypes of these schemes we conclude that, specialized PSI protocols are fast enough for use today, even on resource constrained hardware