Fair private set intersection with a semi-trusted arbiter

Changyu Dong; Liqun Chen; Jan Camenisch; Giovanni Russello

doi:10.1007/978-3-642-39256-6_9

Fair private set intersection with a semi-trusted arbiter

Changyu Dong, Liqun Chen, Jan Camenisch, Giovanni Russello

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution book

32 Citations (Scopus)

271 Downloads (Pure)

Abstract

A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties' privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance.

Original language	English
Title of host publication	Data and Applications Security and Privacy XXVII
Subtitle of host publication	27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings
Editors	Lingyu Wang, Basit Shafiq
Publisher	Springer
Pages	128-144
Number of pages	17
Volume	7964
DOIs	https://doi.org/10.1007/978-3-642-39256-6_9
Publication status	Published - 2013

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	7964
ISSN (Print)	0302-9743

Keywords

data encryption
communication networks
private set intersection

Access to Document

10.1007/978-3-642-39256-6_9

Dong-etal-IFIP2013-fair-private-set-intersection-with-a-semi-trusted-arbiterSubmitted manuscript, 653 KB

Cite this

Dong, C., Chen, L., Camenisch, J., & Russello, G. (2013). Fair private set intersection with a semi-trusted arbiter. In L. Wang, & B. Shafiq (Eds.), Data and Applications Security and Privacy XXVII: 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings (Vol. 7964, pp. 128-144). (Lecture Notes in Computer Science; Vol. 7964). Springer. https://doi.org/10.1007/978-3-642-39256-6_9

Dong, Changyu ; Chen, Liqun ; Camenisch, Jan et al. / Fair private set intersection with a semi-trusted arbiter. Data and Applications Security and Privacy XXVII: 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings. editor / Lingyu Wang ; Basit Shafiq. Vol. 7964 Springer, 2013. pp. 128-144 (Lecture Notes in Computer Science).

@inproceedings{9427dcf5bd2c4da2a9d59faeca206e30,

title = "Fair private set intersection with a semi-trusted arbiter",

abstract = "A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties' privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance.",

keywords = "data encryption, communication networks, private set intersection",

author = "Changyu Dong and Liqun Chen and Jan Camenisch and Giovanni Russello",

note = "This is a pre-print of an article accepted to 27th Annual IFIP WG 11.3 Conference. The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-39256-6_9",

year = "2013",

doi = "10.1007/978-3-642-39256-6_9",

language = "English",

volume = "7964",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "128--144",

editor = "Lingyu Wang and Basit Shafiq",

booktitle = "Data and Applications Security and Privacy XXVII",

}

Dong, C, Chen, L, Camenisch, J & Russello, G 2013, Fair private set intersection with a semi-trusted arbiter. in L Wang & B Shafiq (eds), Data and Applications Security and Privacy XXVII: 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings. vol. 7964, Lecture Notes in Computer Science, vol. 7964, Springer, pp. 128-144. https://doi.org/10.1007/978-3-642-39256-6_9

Fair private set intersection with a semi-trusted arbiter. / Dong, Changyu; Chen, Liqun; Camenisch, Jan et al.
Data and Applications Security and Privacy XXVII: 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings. ed. / Lingyu Wang; Basit Shafiq. Vol. 7964 Springer, 2013. p. 128-144 (Lecture Notes in Computer Science; Vol. 7964).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution book

TY - GEN

T1 - Fair private set intersection with a semi-trusted arbiter

AU - Dong, Changyu

AU - Chen, Liqun

AU - Camenisch, Jan

AU - Russello, Giovanni

N1 - This is a pre-print of an article accepted to 27th Annual IFIP WG 11.3 Conference. The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-39256-6_9

PY - 2013

Y1 - 2013

N2 - A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties' privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance.

AB - A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties' privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance.

KW - data encryption

KW - communication networks

KW - private set intersection

UR - http://www.scopus.com/inward/record.url?scp=84881161658&partnerID=8YFLogxK

UR - http://eprint.iacr.org/2012/252

U2 - 10.1007/978-3-642-39256-6_9

DO - 10.1007/978-3-642-39256-6_9

M3 - Conference contribution book

VL - 7964

T3 - Lecture Notes in Computer Science

SP - 128

EP - 144

BT - Data and Applications Security and Privacy XXVII

A2 - Wang, Lingyu

A2 - Shafiq, Basit

PB - Springer

ER -

Dong C, Chen L, Camenisch J, Russello G. Fair private set intersection with a semi-trusted arbiter. In Wang L, Shafiq B, editors, Data and Applications Security and Privacy XXVII: 27th Annual IFIP WG 11.3 Conference, DBSec 2013, Newark, NJ, USA, July 15-17, 2013. Proceedings. Vol. 7964. Springer. 2013. p. 128-144. (Lecture Notes in Computer Science). doi: 10.1007/978-3-642-39256-6_9

Fair private set intersection with a semi-trusted arbiter

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Cite this