Skip to main content
Log in

Feasible private set intersection in quantum domain

  • Published:
Quantum Information Processing Aims and scope Submit manuscript

Abstract

In the context of secure multi-party computation, private set intersection (PSI) is an important cryptographic primitive for performing joint operations on datasets in a privacy preserving manner. In particular, it allows the participants to privately determine the intersection of their private datasets. Most of the existing PSI protocols are based on traditional classical cryptosystems, which are proven to be vulnerable in quantum domain. This makes the requirement of quantum computer resistant PSI. Applying quantum cryptography in the design of PSI is an ideal approach to address these issues. In this paper, we present a quantum PSI (QPSI) relying on the basic quantum mechanics principles, which are resistant against well-known quantum attacks. Quantum resources in our QPSI are considered as single photons and we require to perform only simple single-particle projective measurements. These features make our QPSI more feasible to implement with the present technology, compared to the existing QPSI protocols, which adopt multi-particle entangled states and complicated quantum operators. On a more positive note, in our QPSI, only one time quantum communication and quantum computation allows execution of set intersection functionality multiple number of times, provided the client’s set size remains same, while the existing QPSI protocols do not achieve this property.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, A., Terzis, S., Dong, C.: O-psi: delegated private set intersection on outsourced datasets. In IFIP International Information Security Conference, pp. 3–17. Springer, Berlin (2015)

  2. Abadi, A., Terzis, S., Dong, C.: Vd-psi: verifiable delegated private set intersection on outsourced private datasets. Finanacial Cryptography and Data Security (2016)

  3. Abadi, A., Terzis, S., Metere, R., Dong, C.: Efficient delegated private set intersection on outsourced private datasets. IEEE Trans. Dependable Secure Comput. (2017)

  4. Cheng, X., Guo, R., Chen, Y.: Cryptanalysis and improvement of a quantum private set intersection protocol. Quantum Inf. Process. 16(2), 37 (2017)

    Article  ADS  MathSciNet  Google Scholar 

  5. Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In Advances in Cryptology-EUROCRYPT 2004, pp. 1–19. Springer, Berlin (2004)

  6. Fuchs, C.A.: Distinguishability and accessible information in quantum theory. arXiv preprint arXiv:quant-ph/9601020 (1996)

  7. Gao, F., Liu, B., Wen, Q.-Y., Chen, H.: Flexible quantum private queries based on quantum key distribution. Opt. Express 20(16), 17411–17420 (2012)

    Article  ADS  Google Scholar 

  8. Hazay, C., Venkitasubramaniam, M.: Scalable multi-party private set-intersection. In IACR International Workshop on Public Key Cryptography, pp. 175–203. Springer, Berlin (2017)

  9. Helstrom, C.W., Helstrom, C.W.: Quantum detection and estimation theory, vol. 3. Academic press, New York (1976)

    MATH  Google Scholar 

  10. Herzog, U., Bergou, J.A.: Optimum unambiguous discrimination of two mixed quantum states. Phys. Rev. A 71(5), 050301 (2005)

    Article  ADS  MathSciNet  Google Scholar 

  11. Inbar, R., Omri, E., Pinkas, B.: Efficient scalable multiparty private set-intersection via garbled bloom filters. In International Conference on Security and Cryptography for Networks, pp. 235–252. Springer, Berlin (2018)

  12. Jakobi, M., Simon, C., Gisin, N., Bancal, J.-D., Branciard, C., Walenta, N., Zbinden, H.: Practical private database queries based on a quantum-key-distribution protocol. Phys. Rev. A 83(2), 022301 (2011)

    Article  ADS  Google Scholar 

  13. Kamara, S., Mohassel, P., Raykova, M., Sadeghian, S.: Scaling private set intersection to billion-element sets. In International Conference on Financial Cryptography and Data Security, pp. 195–215. Springer, Berlin (2014)

  14. Kavousi, A., Mohajeri, J., Salmasizadeh, M.: Improved secure efficient delegated private set intersection. arXiv preprint arXiv:2004.03976 (2020)

  15. Kolesnikov, V., Matania, N., Pinkas, B., Rosulek, M., Trieu, N.: Practical multi-party private set intersection from symmetric-key techniques. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1257–1272. ACM, (2017)

  16. Li, F., Niu, B., Wang, Y. et al.: Server-aided private set intersection based on reputation. Information Sciences (2016)

  17. Maitra, A.: Quantum secure two-party computation for set intersection with rational players. Quantum Inf. Process. 17(8), 197 (2018)

    Article  ADS  MathSciNet  Google Scholar 

  18. Miyaji, A., Nishida, S.: A scalable multiparty private set intersection. In International Conference on Network and System Security, pp. 376–385. Springer, Berlin (2015)

  19. Raynal, P.: Unambiguous state discrimination of two density matrices in quantum information theory. arXiv preprint arXiv:quant-ph/0611133 (2006)

  20. Shi, R., Yi, M., Zhong, H., Cui, J., Zhang, S.: Two quantum protocols for oblivious set-member decision problem. Sci. Rep. 5, 15914 (2015)

    Article  ADS  Google Scholar 

  21. Shi, R., Yi, M., Zhong, H., Cui, J., Zhang, S.: An efficient quantum scheme for private set intersection. Quantum Inf. Process. 15(1), 363–371 (2016)

    Article  ADS  MathSciNet  Google Scholar 

  22. Shi, R., Yi, M., Zhong, H., Zhang, S.: Quantum oblivious set-member decision protocol. Phys. Rev. A 92(2), 022309 (2015)

    Article  ADS  Google Scholar 

  23. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999)

    Article  ADS  MathSciNet  Google Scholar 

  24. Wang, Q., Zhou, F., Xu, J., Peng, S.: Tag-based verifiable delegated set intersection over outsourced private datasets. IEEE Trans. Cloud Comput. (2020)

  25. Yang, X., Luo, X., Wang, X.A., Zhang, S.: Improved outsourced private set intersection protocol based on polynomial interpolation. Concurr. Comput. Pract. Exp. 30(1), e4329 (2018)

    Article  Google Scholar 

  26. Zhang, E., Jin, G.: Cloud outsourcing multiparty private set intersection protocol based on homomorphic encryption and bloom filter. J. Comput. Appl. (8):20 (2018)

  27. Zhang, E., Li, F., Niu, B., Wang, Y.: Server-aided private set intersection based on reputation. Inf. Sci. 387, 180–194 (2017)

    Article  Google Scholar 

  28. Zhang, E., Liu, F.-H., Lai, Q., Jin, G., Li, Y.: Efficient multi-party private set intersection against malicious adversaries. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, pp. 93–104, (2019)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sumit Kumar Debnath.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Toy example

Toy example

Let \(N=22\), \(\lambda =2\), \(X=\{c_1,c_2,c_3,c_4\}=\{3,7,10,12\}\) and \(Y=\{s_1,\ldots ,s_8\}=\{1,3,4,7,9,11,14,15\}\). Then \(u=4\), \(v=8\).

  • Raw Key Sharing Phase

    1. 1.

      The asymmetric key distribution technique of [7] can be applied by setting \(\theta =\pi /4\) so that C can learn only \((N+\lambda )\sin ^2\theta /2=24/4=6=(u+\lambda )\) bits (namely \(K_C\)) of the whole key \(\mathsf{Key}_1\) of size \((N+\lambda )=24\). Let \(\mathsf{Key}_1=(k_1=1,k_2=1,k_3=0,k_4=0,k_5=1,k_6=1,k_7=0,k_8=0,k_9=1,k_{10}=1,k_{11}=0,k_{12}=0,k_{13}=1 k_{14}=1,k_{15}=0,k_{16}=0,k_{17}=1,k_{18}=1,k_{19}=0,k_{20}=0,k_{21}=1,k_{22}=1,k_{23}=0,k_{24}=0)\) and \(K_C=(k_1=1,k_3=0,k_4=0,k_6=1,k_{10}=1,k_{13}=1)\).

    2. 2.

      Suppose C selects third bit \(k_3=0\) and sixth bit \(k_6=1\), and asks S to announce the bits of the corresponding positions. S then announces \(k_3=0\) and \(k_6=1\). The client C then compares the announced bits with its record to check S’s honesty.

    3. 3.

      Both of C and S delete the compared bits \(k_3=0\) and \(k_6=1\) from their recorded parts so that C remains with \(u=4\) bits \((k_1=1,k_4=0,k_{10}=1,k_{13}=1)\) and S remains with \(N=22\) bits \((k_1=1,k_2=1,k_4=0,k_5=1,k_7=0,k_8=0,k_9=1,k_{10}=1,k_{11}=0,k_{12}=0,k_{13}=1 k_{14}=1,k_{15}=0,k_{16}=0,k_{17}=1,k_{18}=1,k_{19}=0,k_{20}=0,k_{21}=1,k_{22}=1,k_{23}=0,k_{24}=0)\).

    4. 4.

      Therefore, \(\mathsf{Key}_2=({\overline{k}}_1=k_1=1,{\overline{k}}_2=k_2=1,{\overline{k}}_3=k_4=0,{\overline{k}}_4=k_5=1,{\overline{k}}_5=k_7=0, {\overline{k}}_6=k_8=0,{\overline{k}}_7=k_9=1,{\overline{k}}_8=k_{10}=1,{\overline{k}}_9=k_{11}=0,{\overline{k}}_{10}=k_{12}=0, {\overline{k}}_{11}=k_{13}=1,{\overline{k}}_{12}=k_{14}=1,{\overline{k}}_{13}=k_{15}=0,{\overline{k}}_{14}=k_{16}=0, {\overline{k}}_{15}=k_{17}=1,{\overline{k}}_{16}=k_{18}=1,{\overline{k}}_{17}=k_{19}=0,{\overline{k}}_{18}=k_{20}=0, {\overline{k}}_{19}=k_{21}=1,{\overline{k}}_{20}=k_{22}=1,{\overline{k}}_{21}=k_{23}=0,{\overline{k}}_{22}=k_{24}=0)\), \({\overline{K}}_C=(b_1,b_2,b_3,b_4)=({\overline{k}}_1=k_1=1,{\overline{k}}_3=k_4=0,{\overline{k}}_8=k_{10}=1, {\overline{k}}_{11}=k_{13}=1)\) and \(p_1=1,p_2=3,p_3=8,p_4=11\).

  • Asymmetric Key Sharing Phase

    1. 1.

      The client C randomly chooses a permutation \(\psi \) over \(\{1,\ldots , 22\}\) so that the elements of \(\{p_1,p_2,p_3,p_4\}=\{1,3,8,11\}\) are mapped to the elements of \(\{c_1,c_2,c_3,c_4\}=\{3,7,10,12\}\) in a random order. Let \(\psi (p_1)=c_2\), \(\psi (p_2)=c_3\), \(\psi (p_3)=c_1\), \(\psi (p_4)=c_4\) and \(\psi (i)=j\) for \(i\in \{1,\ldots ,22\}\setminus \{1,3,8,11\}\) and \(j\in \{1,\ldots ,22\}\setminus \{3,7,10,12\}\) in some order. Then \(\psi (1)=7\), \(\psi (3)=10\), \(\psi (8)=3\) and \(\psi (11)=12\). The client C applies the permutation \(\psi \) to the position set \(\{p_1,p_2,p_3,p_4\}=\{1,3,8,11\}\) of its bit-string \({\overline{K}}_C=({\overline{k}}_1=1,{\overline{k}}_3=0,{\overline{k}}_8=1, {\overline{k}}_{11}=1)\) to get the updated bit-string as \(\widehat{K}_C=({\widehat{k}}_{\psi (1)},{\widehat{k}}_{\psi (3)},{\widehat{k}}_{\psi (8)},{\widehat{k}}_{\psi (11)})\) \(=({\widehat{k}}_7,{\widehat{k}}_{10},{\widehat{k}}_3,{\widehat{k}}_{12})\) \(=({\overline{k}}_1,{\overline{k}}_3,{\overline{k}}_8, {\overline{k}}_{11})=(1,0,1,1)\). Therefore, \({\widehat{k}}_7=1,{\widehat{k}}_{10}=0,{\widehat{k}}_3=1,{\widehat{k}}_{12}=1\).

    2. 2.

      On receiving \(\psi \), the server S applies \(\psi \) to the position set \(\{1,\ldots ,22\}\) of its key \(\mathsf{Key}_2\) to get the updated key as \(\mathsf{Key}_3=({\widehat{k}}_1,\ldots ,{\widehat{k}}_{22})\), where \({\widehat{k}}_j={\overline{k}}_i\) if \(\psi (i)=j\) for all \(i,j\in \{1,\ldots ,22\}\). Therefore, in \(\mathsf{Key}_3\), we have \({\widehat{k}}_3=1,{\widehat{k}}_7=1,{\widehat{k}}_{10}=0,{\widehat{k}}_{12}=1\).

  • Set Intersection Phase

    1. 1.

      The server S creates \(F=(f_1=1,f_2=0,f_3=1,f_4=1,f_5=0,f_6=0,f_7=1,f_8=0,f_9=1,f_{10}=0,f_{11}=1,f_{12}=0,f_{13}=0 f_{14}=1,f_{15}=1,f_{16}=0,f_{17}=0,f_{18}=0,f_{19}=0,f_{20}=0,f_{21}=0,f_{22}=0)\). It then computes \(G=F\oplus \mathsf{Key}_3=(f_1\oplus {\widehat{k}}_{1},\ldots ,f_{22}\oplus {\widehat{k}}_{22})=(g_1,\ldots ,g_{22})\) sends G to C. Note that \(g_3=1\oplus 1=0\), \(g_7=1\oplus 1=0\), \(g_{10}=0\oplus 0=0\) and \(g_{12}=0\oplus 1=1\) since \({\widehat{k}}_3=1, {\widehat{k}}_7=1,{\widehat{k}}_{10}=0,{\widehat{k}}_{12}=1\).

    2. 2.

      Note that the client knows only \({\widehat{k}}_3=1, {\widehat{k}}_7=1,{\widehat{k}}_{10}=0,{\widehat{k}}_{12}=1\). The client C, on receiving \(G=(g_1,\ldots ,g_{22})\), computes \(h_1=g_{\psi (p_1)}\oplus {\widehat{k}}_{\psi (p_1)}=g_7\oplus {\widehat{k}}_7=0\oplus 1=1\), \(h_2=g_{\psi (p_2)}\oplus {\widehat{k}}_{\psi (p_2)}=g_{10}\oplus {\widehat{k}}_{10}=0\oplus 0=0\), \(h_3=g_{\psi (p_3)}\oplus {\widehat{k}}_{\psi (p_3)}=g_3\oplus {\widehat{k}}_3=0\oplus 1=1\) and \(h_4=g_{\psi (p_4)}\oplus {\widehat{k}}_{\psi (p_4)}=g_{12}\oplus {\widehat{k}}_{12}=1\oplus 1=0\). Since \(h_1=1\) and \(h_3=1\), therefore \(\xi =\{\psi (p_1),\psi (p_3)\}=\{\psi (1),\psi (8)\}=\{7,3\}=\{3,7\}\) is \(X\cap Y\)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Debnath, S.K., Dey, K., Kundu, N. et al. Feasible private set intersection in quantum domain. Quantum Inf Process 20, 41 (2021). https://doi.org/10.1007/s11128-021-02987-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11128-021-02987-4

Keywords

Navigation