1 / 13

Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)

Efficient Private Matching and Set Intersection (EUROCRYPT, 2004). Author : Michael J.Freedman Kobbi Nissim Benny Pinkas. Presentered by Chia Jui Hsu Date : 2009-02-10. Outline. Introduction Private Matching Scheme Adversary models Security Conclusion

kamal-arnold
Download Presentation

Efficient Private Matching and Set Intersection (EUROCRYPT, 2004)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Efficient Private Matching and Set Intersection (EUROCRYPT, 2004) Author:Michael J.Freedman Kobbi Nissim Benny Pinkas Presentered by Chia Jui Hsu Date:2009-02-10

  2. Outline • Introduction • Private Matching Scheme • Adversary models • Security • Conclusion • References

  3. Introduction (1/3) Intersection A B DataSets

  4. Introduction (2/3) • Oblivious Transfer(忘卻式傳輸/模糊傳送) 模 糊 傳 送 OR Sender Receiver 1 out of 2 OT 1.傳送者不知道接收者是否得到密文 2.接收者只能得到他選擇的密文 M. Rabin, "How to Exchange Secrets by Oblivious Transfer", Technical Report TR-81,Aiken Computation Laboratory, Harvard Univ.,1981.

  5. Introduction (3/3) • Homomorphic encryption system • E(m1)⊙E(m2)= E(m1 m2) • c=E(m), ck=E(km) Θ

  6. Private Matching Scheme (1/4) • PM Scheme • client/chooser (C) and server/sender (S) • C inputs X = {x1,…,xkc} and S inputs Y = {y1,…,yks} • C learns X∩Y :PM(X,Y) • Polynomial input of size C 讓S算的變數

  7. Private Matching Scheme (2/4) • Horner scheme • example • 若y=3,則P(y)=5

  8. Private Matching Scheme (3/4) • 法二 • 法三 y=3,P(y)=5

  9. Private Matching Scheme (4/4) Server Client X={x1,…xkc} Y={y1,…yks} 1.內插法算出多項式 2.對多項式的係數做同態加密 4.選擇一個亂數值γ 5. 3.上傳至Server 6.重新排列後回傳KS個 7.解密,若一樣,則解出y 不一樣,則解出亂數

  10. Adversary models • Semi-honest • 1.pretecting the client • indistinguishability • 2.protecting the sender • comparison to the ideal model • Malicious • adversary may behave arbitrarily • 1.拒絕參與協定(PM) • 2.用任意值代替輸入 • 3.過早中止協定(PM)

  11. Security • Correctness • C’s privacy is preserved • S’s privacy is preserved

  12. Conclusion • use homomorphic encryption and balanced hashing for both semi-honest (standard model) and malicious (random oracle model) environments. • list length k, communication O(k), and computation is O(klnlnk).

  13. References • Efficient Private Matching and Set Intersection, 2004 • http://en.wikipedia.org/wiki/Horner_scheme

More Related