Fuzzy Private Set Union via Oblivious Key Homomorphic Encryption Retrieval

Private Set Multi-Party Computations are protocols that allow parties to jointly and securely compute functions: apart from what is deducible from the output of the function, the input sets are kept private. Then, a Private Set Union (PSU), resp. Intersection (PSI), is a protocol that allows parties to jointly compute the union, resp. the intersection, between their private sets. Now a structured PSI, is a PSI where some structure of the sets can allow for more efficient protocols. For instance in Fuzzy PSI, elements only need to be close enough, instead of equal, to be part of the intersection. We present in this paper, Fuzzy PSU protocols (FPSU), able to efficiently take into account approximations in the union. For this, we introduce a new efficient sub-protocol, called Oblivious Key Homomorphic Encryption Retrieval (OKHER), improving on Oblivious Key-Value Retrieval (OKVR) techniques in our setting. In the fuzzy context, the receiver set $X={x_i}_{1..n}$ is replaced by ${\mathcal B}_δ(X)$, the union of $n$ balls of dimension $d$ with radius $δ$, centered at the $x_i$. The sender set is just its $m$ points of dimension $d$. Then the FPSU functionality corresponds to $X \sqcup {y \in Y, y \notin {\mathcal B}δ(X)}$. Thus, we formally define the FPSU functionality and security properties, and propose several protocols tuned to the patterns of the balls using the $l\infty$ distance. Using our OKHER routine and homomorphic encryption, we are for instance able to obtain a FPSU protocols with an asymptotic communication volume bound ranging from $O(dm\log(δ{n}))$ to $O(d^2m\log(δ^2n))$, depending on the receiver data set structure.

💡 Research Summary

This paper introduces the problem of Fuzzy Private Set Union (FPSU), a novel primitive in the realm of secure multi‑party computation. While prior work has largely focused on fuzzy private set intersection (FPSI), the union operation poses a distinct challenge: the receiver must obtain all elements of its own set X together with those elements of the sender’s set Y that are not “close enough” to any element of X, according to a distance threshold δ. Formally, given a receiver set X = {x₁,…,xₙ} ⊂ ℝᵈ and a sender set Y = {y₁,…,yₘ} ⊂ ℝᵈ, the FPSU functionality returns X ⊔ { y ∈ Y | y ∉ ⋃_{i=1}ⁿ B_δ(xᵢ) } where B_δ(x) denotes the L∞‑ball of radius δ centered at x. The receiver learns this union, while the sender learns nothing about X or the result.

The authors propose a new sub‑protocol called Oblivious Key Homomorphic Encryption Retrieval (OKHER). In OKHER the server holds a large key‑value database KV = {(kᵢ, vᵢ)}_{i∈