Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model (Extended version)

The problem of fair and privacy-preserving ordered set reconciliation arises in a variety of applications like auctions, e-voting, and appointment reconciliation. While several multi-party protocols have been proposed that solve this problem in the semi-honest model, there are no multi-party protocols that are secure in the malicious model so far. In this paper, we close this gap. Our newly proposed protocols are shown to be secure in the malicious model based on a variety of novel non-interactive zero-knowledge-proofs. We describe the implementation of our protocols and evaluate their performance in comparison to protocols solving the problem in the semi-honest case

Design and Implementation of Privacy-Preserving Reconciliation Protocols

Privacy-preserving reconciliation protocols on ordered sets are protocols that solve a particular subproblem of secure multiparty computation. Here, each party holds a private input set of equal size in which the elements are ordered according to the party’s preferences. The goal of a reconciliation protocol on these ordered sets is then to find all common elements in the parties ’ input sets that maximize the joint preferences of the parties. In this paper, we present two main contributions that improve on the current state of the art. First, we propose two new protocols for privacypreserving reconciliation and prove their correctness and security properties. We implement and evaluate our protocols as well as two previously published multi-party reconciliation protocols. Our implementation is the first practical solution to reconciliation problems in the multi-party setting. Our comparison shows that our new protocols outperform the original protocols. The basic optimization idea is to reduce the highest degree polynomial in the protocol design. Second, we generalize privacy-preserving reconciliation protocols, i.e., relaxing the input constraint from totally ordered input sets of equal size to pre-ordered input sets of arbitrary size