半可信云服务器辅助的高效隐私交集计算协议  被引量：6

作　　者：魏立斐[1] 王勤 张蕾[1] 陈聪聪 陈玉娇 宁建廷 WEI Li-Fei;WANG Qin;ZHANG Lei;CHEN Cong-Cong;CHEN Yu-Jiao;NING Jian-Ting(College of Information Technology,Shanghai Ocean University,Shanghai 201306,China;College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350117,China;State Key Laboratory of Information Security(Institute of Information Engineering,Chinese Academy of Sciences),Beijing 100093,China)

机构地区：[1]上海海洋大学信息学院,上海201306 [2]福建师范大学计算机与网络空间安全学院(软件学院),福建福州350117 [3]信息安全国家重点实验室(中国科学院信息工程研究所),北京100093

出　　处：《软件学报》2023年第2期932-944,共13页Journal of Software

基　　金：国家自然科学基金(61972241,61802248,61972094,62032005);上海市自然科学基金(18ZR1417300);上海市高等学校青年骨干教师国内访问学者项目(A1-2007-00-000503);上海海洋大学骆肇荛大学生科技创新基金(A1-2004-20-201312,A1-2004-21-201311);福建省科协第二届青年人才托举工程。

摘　　要：隐私集合交集(private set intersection,PSI)是隐私计算中的热点,其允许参与两方在不泄露任何额外信息的要求下计算交集.现有的隐私集合交集计算方案对参与双方的计算能力要求高,且计算能力差的参与方无法在保证集合数据隐私的前提下将计算安全外包给云服务器.设计了一种新的不经意两方分布式伪随机函数,允许半可信的云服务器参与相等性测试,又不泄露参与方任何集合信息.基于该不经意伪随机函数构建了半可信云服务器辅助的隐私集合交集计算协议,将主要计算量外包给云服务器.在半诚实模型下证明了协议的安全性.同时,该协议可保密地计算隐私集合交集的基数.通过与现有协议分析与实验性能比较,该协议效率高,计算复杂度与通信复杂度均与集合大小呈线性关系,适用于客户端设备受限的应用场景.Private set intersection(PSI)is a hot topic in the privacy-preserving computation,which allows two parties computing the intersection of their sets without revealing any additional information except the resulting intersection.Prior PSI protocols mostly considers the scenario between two parties with the potential limitation of requiring expensive hardware.In addition,the weak client with low computation capability cannot outsource the computation to semi-trusted cloud without keeping the data privacy.This study designs a new oblivious two-party distributed pseudorandom function(Otd-PRF),which allows the semi-trusted cloud servers participating the equality test without any leakage of the set information.Based on Otd-PRF,a cloud-aided PSI protocol is designed which can delegate the major computation to the semi-trusted cloud.A formal security analysis is also provided in the semi-honest model and it is extended to support the computation of the private set intersection cardinality.Through the comparison with the related work,the proposed protocol is superior in the computation and communication complexity.This protocol is linear in the size of the client’s set.Its performance analysis shows that the protocol is more friendly to the client with constrained device in the semi-honest model.

关 键 词：隐私集合交集(PSI) 安全多方计算 隐私交集基数 云服务器辅助 弱客户端 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]