Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model
Private Set Intersection (PSI) protocols allow one party ("Client") to compute an intersection of its input set with that of another party ("Server"), such that the client learns nothing other than the set intersection and the server learns nothing beyond client input size. Prior work yielded a range of PSI protocols secure under different cryptographic assumptions. Protocols operating in the semi-honest model offer better (linear) complexity while those in the malicious model are often significantly more costly. In this paper, the authors construct PSI and Authorized PSI (APSI) protocols secure in the malicious model under standard cryptographic assumptions, with both linear communication and computational complexities. To the best of the knowledge, the APSI is the first solution to do so.