DP-PSI: Private and Secure Set Intersection

One way to classify private set intersection (PSI) for secure 2-party computation is whether the intersection is (a) revealed to both parties or (b) hidden from both parties while only the computing function of the matched payload is exposed. Both aim to provide cryptographic security while avoiding exposing the unmatched elements of the other. They may, however, be insufficient to achieve security and privacy in one practical scenario: when the intersection is required and the information leaked through the function's output must be considered for legal, ethical, and competitive reasons. Two parties, such as the advertiser and the ads supplier, hold sets of users for PSI computation, for example, to reveal common users to the ads supplier in joint marketing applications. In addition to the security guarantees required by standard PSIs to secure unmatched elements, neither party is allowed to "single out" whether an element/user belongs to the other party or not, even though common users are required for joint advertising. This is a fascinating problem for which none of the PSI techniques have provided a solution. In light of this shortcoming, we compose differential privacy (DP) and S2PC to provide the best of both worlds and propose differentially-private PSI (DP-PSI), a new privacy model that shares PSI's strong security protection while adhering to the GDPR's recent formalization of the notion of excluding "signaling out" attacks by each party except with very low probability.