TY - GEN
T1 - Credibility in Private Set Membership
AU - Garg, Sanjam
AU - Hajiabadi, Mohammad
AU - Jain, Abhishek
AU - Jin, Zhengzhong
AU - Pandey, Omkant
AU - Shiehian, Sina
N1 - Publisher Copyright:
© 2023, International Association for Cryptologic Research.
PY - 2023
Y1 - 2023
N2 - A private set membership (PSM) protocol allows a “receiver” to learn whether its input x is contained in a large database DB held by a “sender”. In this work, we define and construct credible private set membership (C-PSM) protocols: in addition to the conventional notions of privacy, C-PSM provides a soundness guarantee that it is hard for a sender (that does not know x) to convince the receiver that x∈ DB. Furthermore, the communication complexity must be logarithmic in the size of DB. We provide 2-round (i.e., round-optimal) C-PSM constructions based on standard assumptions: We present a black-box construction in the plain model based on DDH or LWE.Next, we consider protocols that support predicates f beyond string equality, i.e., the receiver can learn if there exists w∈ DB such that f(x, w) = 1. We present two results with transparent setups: (1) A black-box protocol, based on DDH or LWE, for the class of NC 1 functions f which are efficiently searchable. (2) An LWE-based construction for all bounded-depth circuits. The only non-black-box use of cryptography in this construction is through the bootstrapping procedure in fully homomorphic encryption. As an application, our protocols can be used to build enhanced round-optimal leaked password notification services, where unlike existing solutions, a dubious sender cannot fool a receiver into changing its password.
AB - A private set membership (PSM) protocol allows a “receiver” to learn whether its input x is contained in a large database DB held by a “sender”. In this work, we define and construct credible private set membership (C-PSM) protocols: in addition to the conventional notions of privacy, C-PSM provides a soundness guarantee that it is hard for a sender (that does not know x) to convince the receiver that x∈ DB. Furthermore, the communication complexity must be logarithmic in the size of DB. We provide 2-round (i.e., round-optimal) C-PSM constructions based on standard assumptions: We present a black-box construction in the plain model based on DDH or LWE.Next, we consider protocols that support predicates f beyond string equality, i.e., the receiver can learn if there exists w∈ DB such that f(x, w) = 1. We present two results with transparent setups: (1) A black-box protocol, based on DDH or LWE, for the class of NC 1 functions f which are efficiently searchable. (2) An LWE-based construction for all bounded-depth circuits. The only non-black-box use of cryptography in this construction is through the bootstrapping procedure in fully homomorphic encryption. As an application, our protocols can be used to build enhanced round-optimal leaked password notification services, where unlike existing solutions, a dubious sender cannot fool a receiver into changing its password.
UR - http://www.scopus.com/inward/record.url?scp=85161682768&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85161682768&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-31371-4_6
DO - 10.1007/978-3-031-31371-4_6
M3 - Conference contribution
AN - SCOPUS:85161682768
SN - 9783031313707
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 159
EP - 189
BT - Public-Key Cryptography – PKC 2023 - 26th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
A2 - Boldyreva, Alexandra
A2 - Kolesnikov, Vladimir
PB - Springer Science and Business Media Deutschland GmbH
T2 - 26th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2023
Y2 - 7 May 2023 through 10 May 2023
ER -