Efficient Linear Multiparty PSI and Extensions to Circuit/Quorum PSI

ABSTRACTMultiparty Private Set Intersection (mPSI), enables n parties, each holding private sets (each of size m) to securely compute the intersection of these private sets. While several protocols are known for this task, the only concretely efficient protocol is due to the work of Kolesnikov et al. (KMPRT, CCS 2017), who gave a semi-honest secure protocol with communication complexity O(nmtƛ), where t < n is the number of corrupt parties and ƛ is the security parameter. In this work, we make the following contributions: –First, for the natural adversarial setting of semi-honest honest majority (i.e. t –Second, concretely, our protocol has 6(t+2)/5 times lesser communication than KMPRT and is up to 5× and 6.2× faster than KMPRT in the LAN and WAN setting even for 15 parties. –Finally, we introduce and consider two important variants of mPSI - circuit PSI (that allows the parties to compute a function over the intersection set without revealing the intersection itself) and quorum PSI (that allows P1 to learn all the elements in his/her set that are present in at least k other sets) and provide concretely efficient protocols for these variants.