PIR-PSI: Scaling Private Contact Discovery

Daniel Demmler 1 , Peter Rindal 2 , Mike Rosulek 3 , and Ni Trieu 4
  • 1 TU Darmstadt,
  • 2 Oregon State University,
  • 3 Oregon State University,
  • 4 Oregon State University,


An important initialization step in many social-networking applications is contact discovery, which allows a user of the service to identify which of its existing social contacts also use the service. Naïve approaches to contact discovery reveal a user’s entire set of social/professional contacts to the service, presenting a significant tension between functionality and privacy. In this work, we present a system for private contact discovery, in which the client learns only the intersection of its own contact list and a server’s user database, and the server learns only the (approximate) size of the client’s list. The protocol is specifically tailored to the case of a small client set and large user database. Our protocol has provable security guarantees and combines new ideas with state-of-the-art techniques from private information retrieval and private set intersection.

We report on a highly optimized prototype implementation of our system, which is practical on real-world set sizes. For example, contact discovery between a client with 1024 contacts and a server with 67 million user entries takes 1.36 sec (when using server multi-threading) and uses only 4.28 MiB of communication.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] C. Aguilar-Melchor, J. Barrier, L. Fousse, and M.-O. Killijian. XPIR : Private Information Retrieval for Everyone. In: PoPETs 2016.2 (2016), pp. 155–174.

  • [2] S. Angel and S. Setty. Unobservable Communication over Fully Untrusted Infrastructure. In: OSDI. 2016, pp. 551–569.

  • [3] S. Angel, H. Chen, K. Laine, and S. Setty. PIR with compressed queries and amortized query processing. In: Proceedings of the 2018 IEEE Symposium on Security and Privacy. SP ’18. IEEE Computer Society, 2018.

  • [4] E. Boyle, N. Gilboa, and Y. Ishai. Function Secret Sharing. In: EUROCRYPT 2015, Part II. Vol. 9057. LNCS. Springer, Heidelberg, 2015, pp. 337–367.

  • [5] E. Boyle, N. Gilboa, and Y. Ishai. Function Secret Sharing: Improvements and Extensions. In: ACM CCS 16. ACM Press, 2016, pp. 1292–1303.

  • [6] C. Cachin, S. Micali, and M. Stadler. Computationally Private Information Retrieval with Polylogarithmic Communication. In: EUROCRYPT’99. Vol. 1592. LNCS. Springer, Heidelberg, 1999, pp. 402–414.

  • [7] G. S. Cetin et al. Private Queries on Encrypted Genomic Data. In: IACR Cryptology ePrint Archive 2017 (2017), p. 207. url: http://eprint.iacr.org/2017/207.

  • [8] H. Chen, K. Laine, and P. Rindal. Fast Private Set Intersection from Homomorphic Encryption. In: ACM CCS 17. ACM Press, 2017, pp. 1243–1255.

  • [9] B. Chor, N. Gilboa, and M. Naor. Private Information Retrieval by Keywords. Cryptology ePrint Archive, Report 1998/003. http://eprint.iacr.org/1998/003. 1998.

  • [10] B. Chor, E. Kushilevitz, O. Goldreich, and M. Sudan. Private Information Retrieval. In: J. ACM 45.6 (1998), pp. 965–981.

  • [11] E. De Cristofaro, J. Kim, and G. Tsudik. Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model. In: ASIACRYPT 2010. Vol. 6477. LNCS. Springer, Heidelberg, 2010, pp. 213–231.

  • [12] E. De Cristofaro and G. Tsudik. Practical Private Set Intersection Protocols with Linear Complexity. In: FC 2010. Vol. 6052. LNCS. Springer, Heidelberg, 2010, pp. 143–159.

  • [13] D. Demmler, A. Herzberg, and T. Schneider. RAID-PIR: Practical Multi-Server PIR. In: ACM Workshop on Cloud Computing Security. CCSW ’14. ACM, 2014, pp. 45–56.

  • [14] C. Devet, I. Goldberg, and N. Heninger. Optimally Robust Private Information Retrieval. In: Proceedings of the 21st USENIX Conference on Security Symposium. Security’12. USENIX Association, 2012, pp. 13–13. url: http://dl.acm.org/citation.cfm?id=2362793.2362806.

  • [15] M. Dietzfelbinger et al. Tight thresholds for cuckoo hashing via XORSAT. In: International Colloquium on Automata, Languages, and Programming. Springer. 2010, pp. 213–225.

  • [16] C. Dong and L. Chen. A Fast Single Server Private Information Retrieval Protocol with Low Communication Cost. In: ESORICS 2014, Part I. Vol. 8712. LNCS. Springer, Heidelberg, 2014, pp. 380–399.

  • [17] C. Dong, L. Chen, and Z. Wen. When private set intersection meets big data: an efficient and scalable protocol. In: ACM CCS 13. ACM Press, 2013, pp. 789–800.

  • [18] M. J. Freedman, K. Nissim, and B. Pinkas. Efficient Private Matching and Set Intersection. In: EUROCRYPT 2004. Vol. 3027. LNCS. Springer, Heidelberg, 2004, pp. 1–19.

  • [19] A. Frieze, P. Melsted, and M. Mitzenmacher. An analysis of random-walk cuckoo hashing. In: Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques. Springer, 2009, pp. 490–503.

  • [20] C. Gentry and Z. Ramzan. Single-Database Private Information Retrieval with Constant Communication Rate. In: ICALP 2005. Vol. 3580. LNCS. Springer, Heidelberg, 2005, pp. 803–815.

  • [21] R. Gilad-Bachrach et al. Secure Data Exchange: A Marketplace in the Cloud. In: (2016).

  • [22] N. Gilboa and Y. Ishai. Distributed Point Functions and Their Applications. In: EUROCRYPT 2014. Vol. 8441. LNCS. Springer, Heidelberg, 2014, pp. 640–658.

  • [23] O. Goldreich, S. Micali, and A. Wigderson. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In: 19th ACM STOC. ACM Press, 1987, pp. 218–229.

  • [24] J. Groth, A. Kiayias, and H. Lipmaa. Multi-query Computationally-Private Information Retrieval with Constant Communication Rate. In: PKC 2010. Vol. 6056. LNCS. Springer, Heidelberg, 2010, pp. 107–123.

  • [25] R. Henry. Polynomial Batch Codes for Efficient IT-PIR. In: PoPETs 2016.4 (2016), pp. 202–218. url: https://doi.org/10.1515/popets-2016-0036.

  • [26] R. Henry, Y. Huang, and I. Goldberg. One (Block) Size Fits All: PIR and SPIR with Variable-Length Records via Multi-Block Queries. In: NDSS 2013. The Internet Society, 2013.

  • [27] R. Henry, F. G. Olumofin, and I. Goldberg. Practical PIR for electronic commerce. In: ACM CCS 11. ACM Press, 2011, pp. 677–690.

  • [28] Huffington Post. Nach Gerichtsurteil: WhatsApp-Nutzern können Abmahnkosten drohen (German). http://www.huffingtonpost.de/2017/06/27/whatsapp-abmahnunganwalt-medien-gericht-nutzer_n_17302734.html. 2017.

  • [29] Á. Kiss et al. Private Set Intersection for Unequal Set Sizes with Mobile Applications. In: PoPETs 2017.4 (2017), pp. 177–197.

  • [30] V. Kolesnikov, R. Kumaresan, M. Rosulek, and N. Trieu. Efficient Batched Oblivious PRF with Applications to Private Set Intersection. In: ACM CCS 16. ACM Press, 2016, pp. 818–829.

  • [31] M. Lambæk. Breaking and Fixing Private Set Intersection Protocols. https://eprint.iacr.org/2016/665. MA thesis. Aarhus University, 2016.

  • [32] Large-Scale Data & Systems (LSDS) Group, Imperial College, London. spectre-attack-sgx. Github Repository. https://github.com/lsds/spectre-attack-sgx. 2017.

  • [33] W. Lueks and I. Goldberg. Sublinear Scaling for Multi-Client Private Information Retrieval. In: FC 2015. Vol. 8975. LNCS. Springer, Heidelberg, 2015, pp. 168–186.

  • [34] M. Marlinspike. Technology preview: Private contact discovery for Signal. Signal blog post. https://signal.org/blog/private-contact-discovery/. 2017.

  • [35] M. Marlinspike. The Difficulty Of Private Contact Discovery. Whisper Systems blog post. https://whispersystems.org/blog/contact-discovery/. 2014.

  • [36] T. Mayberry, E.-O. Blass, and A. H. Chan. PIRMAP: Efficient Private Information Retrieval for MapReduce. In: FC 2013. Vol. 7859. LNCS. Springer, Heidelberg, 2013, pp. 371–385.

  • [37] M. Orrù, E. Orsini, and P. Scholl. Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection. In: Topics in Cryptology – CT-RSA 2017: The Cryptographers’ Track at the RSA Conference 2017, San Francisco, CA, USA, February 14–17, 2017, Proceedings. Springer International Publishing, 2017, pp. 381–396.

  • [38] B. Pinkas, T. Schneider, and M. Zohner. Faster Private Set Intersection Based on OT Extension. In: USENIX Security 14. SEC’14. USENIX Association, 2014, pp. 797–812.

  • [39] B. Pinkas, T. Schneider, and M. Zohner. Scalable Private Set Intersection Based on OT Extension. Cryptology ePrint Archive, Report 2016/930. http://eprint.iacr.org/2016/930. 2016.

  • [40] B. Pinkas, T. Schneider, G. Segev, and M. Zohner. Phasing: Private Set Intersection Using Permutation-based Hashing. In: USENIX Security 15. USENIX Association, 2015, pp. 515–530.

  • [41] A. C. D. Resende and D. F. Aranha. Faster Unbalanced Private Set Intersection. In: FC 2018. LNCS. Springer, Heidelberg, 2018.

  • [42] P. Rindal. libOTe: an efficient, portable, and easy to use Oblivious Transfer Library. https://github.com/osu-crypto/libOTe.

  • [43] P. Rindal. libPSI: A repository for private set intersection. https://github.com/osu-crypto/libPSI.

  • [44] P. Rindal and M. Rosulek. Improved Private Set Intersection Against Malicious Adversaries. In: EUROCRYPT 2017, Part I. Vol. 10210. LNCS. Springer, Heidelberg, 2017, pp. 235–259.

  • [45] A. Smith. 6 new facts about Facebook. Pew Research Center Fact Tank. http://www.pewresearch.org/facttank/2014/02/03/6-new-facts-about-facebook/. 2014.

  • [46] J. T. Trostle and A. Parrish. Efficient Computationally Private Information Retrieval from Anonymity or Trapdoor Groups. In: ISC 2010. Vol. 6531. LNCS. Springer, Heidelberg, 2011, pp. 114–128.

  • [47] A. C.-C. Yao. Protocols for Secure Computations (Extended Abstract). In: 23rd FOCS. IEEE Computer Society Press, 1982, pp. 160–164.


Journal + Issues