Privacy preserving set intersection based on bilinear groups

Abstract

We propose a more efficient privacy preserving set intersection protocol which improves the previously known result by a factor of O(N) in both the computation and communication complexities (N is the number of parties in the protocol). Our protocol is obtained in the malicious model, in which we assume a probabilistic polynomial-time bounded adversary actively controls a fixed set of t (t < N/2) parties. We use a (t + 1,N)-threshold version of the Boneh-Goh-Nissim (BGN) cryptosystem whose underlying group supports bilinear maps. The BGN cryptosystem is generally used in applications where the plaintext space should be small, because there is still a Discrete Logarithm (DL) problem after the decryption. In our protocol the plaintext space can be as large as bounded by the security parameter τ, and the intractability of DL problem is utilized to protect the private datasets. Based on the bilinear map, we also construct some efficient non-interactive proofs. The security of our protocol can be reduced to the common intractable problems including the random oracle, subgroup decision and discrete logarithm problems. The computation complexity of our protocol is O(NS2τ3) (S is the cardinality of each party's dataset), and the communication complexity is O(NS2τ) bits. A similar work by Kissner et al. (2006) needs O(N2S2τ3) computation complexity and O(N2S2τ) communication complexity for the same level of correctness as ours.