Private Set Intersection (PSI) is a secure multi-party computation protocol where two parties, each holding a private set of elements, jointly compute the intersection of their sets while revealing only the overlapping elements to each other. No non-intersecting elements are disclosed, ensuring mutual data privacy.
Glossary
Private Set Intersection (PSI)

What is Private Set Intersection (PSI)?
A cryptographic protocol enabling two parties to compute the intersection of their private datasets without revealing any elements outside that intersection.
PSI protocols leverage cryptographic primitives such as oblivious transfer, homomorphic encryption, or garbled circuits to perform the matching computation without a trusted third party. In financial fraud analytics, PSI enables institutions to discover shared bad actors or compromised accounts across organizational boundaries without exposing their full customer databases.
Key Cryptographic Properties
The core cryptographic guarantees and architectural patterns that define how PSI protocols enable collaborative computation without exposing sensitive data.
Input Secrecy
The fundamental property ensuring that each party learns nothing about the other party's private set beyond the elements in the intersection. A malicious participant cannot extract non-intersecting items, even by deviating from the protocol. This is formalized through simulation-based security proofs in the semi-honest and malicious adversary models, guaranteeing that the protocol reveals no more information than an ideal functionality where a trusted third party computes the intersection.
Hiding Set Size
In standard PSI, the size of each party's set may be leaked. Fully private PSI variants extend the protocol to conceal even the cardinality of the intersection and the individual set sizes. This is critical in applications like watchlist screening, where revealing that a query set contains thousands of entries could itself be a sensitive metadata leak. Achieving this property typically requires additional cryptographic overhead, such as padding sets to a fixed upper bound or using additively homomorphic encryption to mask counts.
Efficient Oblivious Transfer Foundation
Modern high-performance PSI protocols are built on Oblivious Transfer (OT) extension, which dramatically reduces computational overhead. Key mechanisms include:
- Base OTs: A small number of expensive public-key operations used to bootstrap the protocol
- OT Extension: Efficiently expands a few base OTs into millions of symmetric-key OTs using hash functions
- Cuckoo Hashing: A data structure that maps elements to bins, enabling sub-linear communication complexity This foundation allows PSI to scale to sets containing billions of items with practical latency.
Malicious Security
Protocols secure against active adversaries who may arbitrarily deviate from the specification to extract private information. Achieving malicious security requires additional integrity checks:
- Cut-and-choose techniques: One party proves correct behavior by opening a random subset of commitments
- Consistency checks: Verifying that OT inputs are used consistently across multiple invocations
- Zero-knowledge proofs: Proving correct encryption or hashing without revealing secrets This contrasts with semi-honest security, which assumes parties follow the protocol but may attempt to learn from received messages.
Post-Quantum Readiness
Traditional PSI relies on assumptions like the Decisional Diffie-Hellman problem, which is vulnerable to Shor's algorithm on a sufficiently large quantum computer. Post-quantum PSI variants are being developed using:
- Lattice-based cryptography: Leveraging the Learning With Errors (LWE) problem for OT primitives
- Code-based constructions: Using syndrome decoding hardness assumptions
- Isogeny-based protocols: Exploiting the difficulty of finding paths in supersingular isogeny graphs These ensure long-term confidentiality of intersection results against future quantum adversaries.
Delegated PSI Architecture
A variant where computationally weak clients outsource the heavy cryptographic lifting to untrusted cloud servers without revealing their private sets. The architecture splits trust:
- Client: Encrypts its set and uploads ciphertexts to the server
- Server: Performs the computationally intensive PSI computation on encrypted data
- Result delivery: The server returns encrypted results that only the client can decrypt The server learns nothing about the sets or the intersection, enabling mobile devices and IoT sensors to participate in privacy-preserving matching at scale.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Frequently Asked Questions
Clear, technical answers to the most common questions about Private Set Intersection protocols and their role in privacy-preserving fraud analytics.
Private Set Intersection (PSI) is a cryptographic protocol that allows two parties, each holding a private dataset, to compute the intersection of their sets without revealing any elements outside that intersection to the other party. The fundamental mechanism relies on representing each party's set elements as encrypted or hashed values that can be compared without decryption. In a typical Diffie-Hellman-based PSI protocol, both parties agree on a cyclic group and a generator. Party A hashes each of its elements and exponentiates them with its private key a, sending H(x)^a to Party B. Party B then exponentiates these received values with its own private key b, producing H(x)^(ab), and also computes H(y)^b for its own elements, sending both sets back. Party A exponentiates the received H(y)^b values with a to produce H(y)^(ab). The intersection is revealed by comparing the doubly-exponentiated hashes. Neither party learns elements unique to the other's set because they only see values obscured by the other's private exponent. Modern implementations often use Cuckoo hashing for efficient data structure representation and Oblivious Transfer (OT) extensions for improved computational complexity, reducing the overhead from quadratic to near-linear in the set sizes.
Related Terms
Private Set Intersection is part of a broader ecosystem of privacy-enhancing technologies. These related protocols and primitives form the cryptographic foundation for collaborative fraud analytics without exposing sensitive data.
Oblivious Transfer (OT)
A fundamental building block of many PSI protocols. In OT, a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious as to which piece was selected. Modern PSI constructions rely heavily on OT extension techniques to achieve practical performance at scale.
- Underpins the most efficient PSI implementations
- Enables 1-out-of-N oblivious selection
- Critical for scaling PSI to million-element sets
Differential Privacy
A mathematical framework that provides provable privacy guarantees by adding calibrated noise to computation outputs. When combined with PSI, differential privacy ensures that the intersection result itself does not leak information about any single individual's membership in the underlying datasets.
- Protects against membership inference on intersection results
- Controlled by the privacy budget (epsilon) parameter
- Essential for regulatory compliance in financial data sharing
Garbled Circuits
A two-party computation protocol where a function is represented as a boolean circuit with encrypted wires. Early PSI protocols used garbled circuits to evaluate set membership, though modern constructions favor more efficient OT-based and hash-based approaches for the specific intersection functionality.
- Represents computation as encrypted logic gates
- Historically important for PSI development
- Still used for complex predicates beyond simple intersection

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us