Fair private set intersection with a semi-trusted arbiter

Dong, Changyu and Chen, Liqun and Camenisch, Jan and Russello, Giovanni; Wang, Lingyu and Shafiq, Basit, eds. (2013) Fair private set intersection with a semi-trusted arbiter. In: Data and Applications Security and Privacy XXVII. Lecture Notes in Computer Science, 7964 . Springer, pp. 128-144. (https://doi.org/10.1007/978-3-642-39256-6_9)

[thumbnail of Dong-etal-IFIP2013-fair-private-set-intersection-with-a-semi-trusted-arbiter] PDF. Filename: Dong_etal_IFIP2013_fair_private_set_intersection_with_a_semi_trusted_arbiter.pdf

Download (668kB)


A private set intersection (PSI) protocol allows two parties to compute the intersection of their input sets privately. Most of the previous PSI protocols only output the result to one party and the other party gets nothing from running the protocols. However, a mutual PSI protocol in which both parties can get the output is highly desirable in many applications. A major obstacle in designing a mutual PSI protocol is how to ensure fairness. In this paper we present the first fair mutual PSI protocol which is efficient and secure. Fairness of the protocol is obtained in an optimistic fashion, i.e. by using an offline third party arbiter. In contrast to many optimistic protocols which require a fully trusted arbiter, in our protocol the arbiter is only required to be semi-trusted, in the sense that we consider it to be a potential threat to both parties' privacy but believe it will follow the protocol. The arbiter can resolve disputes without knowing any private information belongs to the two parties. This feature is appealing for a PSI protocol in which privacy may be of ultimate importance.