CMU-CS-04-182 Computer Science Department School of Computer Science, Carnegie Mellon University CMU-CS-04-182 Private and Threshold Set-Intersection Lea Kissner, Dawn Song November 2004 Keywords: Set-intersection, secure multi-party computation, privacy, cardinality, threshold In this paper we consider the problem of privately computing the intersection of sets (set-intersection), as well as several variations on this problem: cardinality set-intersection, threshold set-intersection, and over-threshold set-intersection. Cardinality set-intersection is the problem of determining the size of the intersection set, without revealing the actual threshold set. In threshold set-intersection, only the elements which appear at least a threshold number t times in the players private inputs are revealed. Over-threshold set-intersection is a variation on threshold set-intersection in which not only the threshold set is revealed, but also the number of times each element in the threshold set appeared in the private inputs. We propose protocols that are more e cient than those previously known for set-intersection in the malicious case, as well as new protocols for problems which had no previous solution that did not utilize general secure circuit computation: Set-intersection protocols for the case of: n = 2 malicious parties that do not utilize the cut-and-choose technique; n ≥ 3; malicious parties, for which there was no previous efficient solution; and multisets, in which elements may appear more than once. Cardinality set-intersection protocols secure against n ≥ 2 malicious parties and n ≥ 3 honest-but-curious parties, for which there were no previous efficient solutions Threshold set-intersection protocols for n ≥ 2 honest-but-curious parties, for which there was no previous efficient solution Over-threshold set-intersection protocols for the case of n ≥ 2 honest-but-curious parties and the case of n ≥ 2 malicious parties, for which there was no previous efficient solution Fair protocols for all problems (when fairness in decryption is enforced) Protocols which are secure against even n − 1 dishonest colluding parties 43 pages Return to: SCS Technical Report Collection School of Computer Science homepage This page maintained by reports@cs.cmu.edu