Efficient Linear Multiparty PSI and Extensions to Circuit/Quorum PSI

Multiparty Private Set Intersection (mPSI), enables n parties, each holding private sets (each of size m) to securely compute the intersection of these private sets. While several protocols are known for this task, the only concretely efficient protocol is due to the work of Kolesnikov et al. (KMPRT, CCS 2017), who gave a semi-honest secure protocol with communication complexity O (nmt lambda), where t < n is the number of corrupt parties and lambda is the security parameter. In this work, we make the following contributions: - First, for the natural adversarial setting of semi-honest honest majority (i.e. t < n/2), we asymptotically improve upon the above result and provide a concretely efficient protocol with total communication of O(nm lambda). - Second, concretely, our protocol has 6 (t + 2)/5 times lesser communication than KMPRT and is up to 5x and 6.2x faster than KMPRT in the LAN and WAN setting even for 15 parties. - Finally, we introduce and consider two important variants of mPSI - circuit PSI (that allows the parties to compute a function over the intersection set without revealing the intersection itself) and quorum PSI (that allows P-1 to learn all the elements in his/her set that are present in at least k other sets) and provide concretely efficient protocols for these variants.