![Page 1: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/1.jpg)
1
Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)
Author : Michael J.Freedman Kobbi Nissim
Benny Pinkas
Presentered by Chia Jui Hsu Date : 2009-02-10
![Page 2: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/2.jpg)
2
Outline
IntroductionPrivate Matching SchemeAdversary modelsSecurityConclusionReferences
![Page 3: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/3.jpg)
3
Introduction (1/3)
DataSets
A B
Intersection
![Page 4: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/4.jpg)
4
Introduction (2/3)
Oblivious Transfer( 忘卻式傳輸 / 模糊傳送 )
Sender Receiver
模糊傳送
OR
1. 傳送者不知道接收者是否得到密文2. 接收者只能得到他選擇的密文
M. Rabin, "How to Exchange Secrets by Oblivious Transfer", Technical Report TR-81,Aiken Computation Laboratory, Harvard Univ.,1981.
1 out of 2 OT
![Page 5: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/5.jpg)
5
Introduction (3/3)
Homomorphic encryption systemE(m1)⊙E(m2)= E(m1 m2)c=E(m), ck=E(km)
Θ
![Page 6: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/6.jpg)
6
Private Matching Scheme (1/4)
PM Schemeclient/chooser (C) and server/sender (S)C inputs X = {x1,…,xkc} and S inputs Y = {y1,
…,yks} C learns X∩Y : PM(X,Y)
Polynomial
讓 S 算的變數C
input of size
![Page 7: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/7.jpg)
7
Private Matching Scheme (2/4)
Horner scheme
example
若 y=3 ,則 P(y)=5
kckc yayayaayP ...)( 2
210
)...)))(...((()( 13210 kckc yaayayayayayP
1262)( 23 yyyyP
![Page 8: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/8.jpg)
8
Private Matching Scheme (3/4)
法二
法三
1)2)62(()(
1262)( 23
yyyyP
yyyyP
y=3,P(y)=5
![Page 9: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/9.jpg)
9
Private Matching Scheme (4/4)
uu
kcu yayP 0)(
)}(),...,({ 0 kcaEncaEnc
Client ServerX={x1,…xkc} Y={y1,…yks}
1. 內插法算出多項式
2. 對多項式的係數做同態加密
3. 上傳至 Server
4. 選擇一個亂數值 γ
))((
)())((
yyrPEnc
yEncyPEncr
5.
6. 重新排列後回傳 KS 個7. 解密,若一樣,則解出 y 不一樣,則解出亂數
![Page 10: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/10.jpg)
10
Adversary models
Semi-honest1.pretecting the client
indistinguishability2.protecting the sender
comparison to the ideal model
Maliciousadversary may behave arbitrarily
1. 拒絕參與協定 (PM)2. 用任意值代替輸入3. 過早中止協定 (PM)
![Page 11: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/11.jpg)
11
Security
Correctness
C’s privacy is preserved
S’s privacy is preserved
![Page 12: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/12.jpg)
12
Conclusion
use homomorphic encryption and balanced hashing for both semi-honest (standard model) and malicious (random oracle model) environments.
list length k, communication O(k), and computation is OO((kklnlnlnlnkk))..
![Page 13: Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)](https://reader036.vdocuments.pub/reader036/viewer/2022081702/56812f2c550346895d94bfb0/html5/thumbnails/13.jpg)
13
References
Efficient Private Matching and Set Intersection, 2004
http://en.wikipedia.org/wiki/Horner_scheme