1-2 PSI 在隐私计算中的发展和应用.pdf

1、安全求交集在隐私计算中的发展和应用段普蚂蚁集团共享智能2022年7月Roadmap安全求交集(PSI)定义PSI功能和分类PSI最新进展PSI和其他隐私计算技术结合ReferencesRoadmap安全求交集(PSI)定义定义我们还需要什么？PSI功能和分类PSI最新进展PSI和其他隐私计算技术结合References安全求交集(PSI)定义Private Set IntersectionAlice has set X and Bob has set Y.After PSI computation,Alice learns X Y and nothing elseAlice cannot kn

2、ow Bobs elements that dont belong to X YProvable security我们还需要什么？Normally different methods should be presented for PSI at this pointLets do something elseAssume there is a PSI protocolWhat else do we need from PSI?Roadmap安全求交集(PSI)定义PSI功能和分类PSI最新进展PSI和其他隐私计算技术结合ReferencesTwo-Party Semi-Honest PSIOn

3、ly for the intersectionIntersection is disclosed and non-intersection is kept secretOnly for two partiesAlice and BobOnly semi-honest secureAttacker strictly follow protocol,but is curious for the other partys secret information Two-Party Semi-Honest PSI(contd)Challenge 1:隐藏非交集元素(hiding)Cryptographi

4、cally secure“hiding”When two elements are not equal,some kind of“noise”must be attached such that unmatched elements cannot be exhaustively computedChallenge 2:计算交集元素(comparing)When two elements are equal,their equality should be able to disclosed in some wayChallenge 3:效率高(efficiency)PSI protocol i

5、s practical for large-scale applicationMethod1:PSI Based on Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange PSI 3Basic Idea:“double encryption”with commutative propertyHiding:“Encryption”hides elementComparing:commutative propertyEfficiencyLinear to communication costStill a mainstream implem

6、entation of PSIMany enhancements on crypto primitives Design a crypto method that can meet all the requirements Diffie-Hellman Key Exchange(contd)Discrete Logarithm Problem(DLP):given g,x and y as three large positive integers,assume gx=y mod p,given y,g,p,how to find x is a“hard problem”It is effic