Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Authenticated Private Set Intersection: A Merkle Tree-Based Approach for Enhancing Data Integrity

Zixian Gong, Zhiyong Zheng, Zhe Hu, Kun Tian, Yi Zhang, Zhedanov Oleksiy, Fengxia Liu

TL;DR

This paper defines data integrity for Private Set Intersection (PSI) and introduces authenticated PSI by embedding Merkle-tree commitments into PSI primitives. It presents two constructions: a two-party authenticated PSI built atop volePSI and a multi-party authenticated PSI built atop mPSI, with communication costs of $\\mathcal{O}(n \\lambda + n \\log n)$ and $\\mathcal{O}(n \\kappa + n \\log n)$, respectively. The authors provide formal integrity/security definitions, theoretical proofs, and practical reference implementations, and they assess robustness against small-domain integrity attacks. While integrity verification incurs overhead, the approach offers concrete protection against data manipulation in PSI applications, with potential extensions including alternative authentication blocks and broader deployment scenarios.

Abstract

Private Set Intersection (PSI) enables secure computation of set intersections while preserving participant privacy, standard PSI existing protocols remain vulnerable to data integrity attacks allowing malicious participants to extract additional intersection information or mislead other parties. In this paper, we propose the definition of data integrity in PSI and construct two authenticated PSI schemes by integrating Merkle Trees with state-of-the-art two-party volePSI and multi-party mPSI protocols. The resulting two-party authenticated PSI achieves communication complexity $\mathcal{O}(n λ+n \log n)$, aligning with the best-known unauthenticated PSI schemes, while the multi-party construction is $\mathcal{O}(n κ+n \log n)$ which introduces additional overhead due to Merkle tree inclusion proofs. Due to the incorporation of integrity verification, our authenticated schemes incur higher costs compared to state-of-the-art unauthenticated schemes. We also provide efficient implementations of our protocols and discuss potential improvements, including alternative authentication blocks.

Authenticated Private Set Intersection: A Merkle Tree-Based Approach for Enhancing Data Integrity

TL;DR

This paper defines data integrity for Private Set Intersection (PSI) and introduces authenticated PSI by embedding Merkle-tree commitments into PSI primitives. It presents two constructions: a two-party authenticated PSI built atop volePSI and a multi-party authenticated PSI built atop mPSI, with communication costs of and , respectively. The authors provide formal integrity/security definitions, theoretical proofs, and practical reference implementations, and they assess robustness against small-domain integrity attacks. While integrity verification incurs overhead, the approach offers concrete protection against data manipulation in PSI applications, with potential extensions including alternative authentication blocks and broader deployment scenarios.

Abstract

Private Set Intersection (PSI) enables secure computation of set intersections while preserving participant privacy, standard PSI existing protocols remain vulnerable to data integrity attacks allowing malicious participants to extract additional intersection information or mislead other parties. In this paper, we propose the definition of data integrity in PSI and construct two authenticated PSI schemes by integrating Merkle Trees with state-of-the-art two-party volePSI and multi-party mPSI protocols. The resulting two-party authenticated PSI achieves communication complexity , aligning with the best-known unauthenticated PSI schemes, while the multi-party construction is which introduces additional overhead due to Merkle tree inclusion proofs. Due to the incorporation of integrity verification, our authenticated schemes incur higher costs compared to state-of-the-art unauthenticated schemes. We also provide efficient implementations of our protocols and discuss potential improvements, including alternative authentication blocks.

Paper Structure

This paper contains 31 sections, 4 theorems, 30 equations, 3 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Contribution
  4. Notation
  5. Outline
  6. Motivation and Merkle Tree
  7. Data Integrity
  8. Data Integrity Attacks on PSI
  9. PSI with Merkle Tree
  10. Preliminaries
  11. Private Set Intersection (PSI)
  12. Authenticated PSI
  13. Merkle Tree
  14. Oblivious Key-Value Store (OKVS)
  15. Vector Oblivious Linear Evaluation (VOLE)
  16. ...and 16 more sections

Key Result

Theorem 1

$\mathbf{Correctness\,of\, Construction\,1:}$ First, we are going to analyze the correctness of this protocol. Before doing so, we need to examine the construction of the OKVS proposed in RR22. Let us define $\mathrm{row}(k_i) = \mathrm{row'}(k_i)||\hat{\mathrm{row}}(k_i)$, where $\mathrm{row'}(k_i) The RR22 uses the Triangulate and Back-substitution to obtain the $\mathbf{P}$ satisfies the above

Figures (3)

  • Figure 1: Diagram Illustrating Data Integrity Attacks on PSI
  • Figure 2: Merkle Tree
  • Figure 3: Attack effectiveness and utility for small-domain probing. Left: leakage grows with probe budget while authenticated PSI remains at zero. Right: the net advantage of substitution depends on deletion penalty $\tau$.

Theorems & Definitions (20)

  • Definition 1
  • Definition 2
  • Definition 3
  • Definition 4
  • Definition 5
  • Definition 6
  • Definition 7
  • Definition 8
  • Definition 9
  • Definition 10
  • ...and 10 more