VD-PSI : verifiable delegated private set intersection on outsourced private datasets

Abadi, Aydin and Terzis, Sotirios and Dong, Changyu; Grossklags, Jens and Preneel, Bart, eds. (2016) VD-PSI : verifiable delegated private set intersection on outsourced private datasets. In: Financial Cryptography and Data Security. Lecture Notes in Computer Science, 9603 . Springer-Verlag Berlin, BRB, pp. 149-168. ISBN 978-3-662-54969-8 (https://doi.org/10.1007/978-3-662-54970-4)

[thumbnail of Abadi-etal-FC16-2016-VD-PSI-verifiable-delegated-private-set-intersection-on-outsourced]
Text. Filename: Abadi_etal_FC16_2016_VD_PSI_verifiable_delegated_private_set_intersection_on_outsourced.pdf
Accepted Author Manuscript

Download (465kB)| Preview


Private set intersection (PSI) protocols have many real world applications. With the emergence of cloud computing the need arises for PSI protocols on outsourced datasets where the computation is delegated to the cloud. However, due to the possibility of cloud misbehaviors, it is essential to verify the correctness of any delegated computation, and the integrity of any outsourced datasets. Verifiable Computation on private datasets that does not leak any information about the data is very challenging, especially when the datasets are outsourced independently by different clients. In this paper we present VD-PSI, a protocol that allows multiple clients to outsource their private datasets and delegate computation of set intersection to the cloud, while being able to verify the correctness of the result. Clients can independently prepare and upload their datasets, and with their agreement can verifiably delegate the computation of set intersection an unlimited number of times, without the need to download or maintain a local copy of their data. The protocol ensures that the cloud learns nothing about the datasets and the intersection. VD-PSI is efficient as its verification cost is linear to the intersection cardinality, and its computation and communication costs are linear to the dataset cardinality. Also, we provide a formal security analysis in the standard model.