PSI/README.md
2015-06-09 17:11:57 +02:00

3.9 KiB
Raw Blame History

Private Set Intersection (PSI)

Faster Private Set Intersection Based on OT Extension

By Benny Pinkas, Thomas Schneider and Michael Zohner in USENIX Security Symposium 2014 [1]. Please note that the code is currently being restructured and not all routines might work correctly. The PSI code is licensed under AGPLv3, see the LICENSE file for a copy of the license.

Features


  • An implementation of different PSI protocols:
    • the naive hashing solutions where elements are hashed and compared
    • the server-aided protocol of [2]
    • the Diffie-Hellman-based PSI protocol of [3]
    • the OT-based PSI protocol of [1]

This code is provided as a experimental implementation for testing purposes and should not be used in a productive environment. We cannot guarantee security and correctness.

Requirements


  • A Linux distribution of your choice (the code was developed and tested with recent versions of Ubuntu).

  • Required packages:

    Install these packages with your favorite package manager, e.g, sudo apt-get install <package-name>.

Building the Project

  1. Clone a copy of the main git repository and its submodules by running:

    git clone --recursive git://github.com/encryptogroup/PSI
    
  2. Enter the Framework directory: cd PSI/

  3. Call make in the root directory to compile all dependencies, tests, and examples and create the executables: bench.exe and demo.exe.

Executing the Code

An example demo is included and can be run by opening two terminals in the root directory. Execute in the first terminal:

./demo.exe -r 0 -p 0 -f sample_sets/emails_alice.txt

and in the second terminal:

./demo.exe -r 1 -p 0 -f sample_sets/emails_bob.txt

This should print the following output in the second terminal:

	Computation finished. Found 3 intersecting elements:
	Michael.Zohner@ec-spride.de
	Evelyne.Wagener@tvcablenet.be
	Ivonne.Pfisterer@mail.ru

These commands will run the naive hashing protocol and compute the intersection on the 1024 randomly generated emails in sample_sets/emails_alice.txt and sample_sets/emails_bob.txt (where 3 intersecting elements were altered). To use a different protocol, the ['-p'] option can be varied as follows:

  • -p 0: the naive hashing protocol
  • -p 1: the server-aided protocol of [2]
  • -p 2: the Diffie-Hellman-based PSI protocol of [3]
  • -p 3: the OT-based PSI protocol of [1]

For further information about the program options, run ./demo.exe -h.

Testing the Protocols

The protocols will automatically be tested on randomly generated data when invoking:

	make test

WARNING: Some tests can still fail since the code is currently being debugged.

Generating Random Email Adresses

Further random email adresses can be generated by navigating to /sample_sets/emailgenerator/ and invoking:

	./emailgenerator.py "number_of_emails"

The generator uses the first names, family names, and email providers listed in the corresponding files in sample_sets/emailgenerator/ as base for the generation.

References

[1] B. Pinkas, T. Schneider, M. Zohner. Faster Private Set Intersection Based on OT Extension. USENIX Security 2014: 797-812. Full version available at http://eprint.iacr.org/2014/447.

[2] S. Kamara, P. Mohassel, M. Raykova, and S. Sadeghian. Scaling private set intersection to billion-element sets. In Financial Cryptography and Data Security (FC14) , LNCS. Springer, 2014.

[3] C. Meadows. A more efficient cryptographic matchmaking protocol for use in the absence of a continuously available third party. In IEEE S&P86, pages 134137. IEEE, 1986.