Inferensys

Glossary

Private Set Intersection (PSI)

A cryptographic protocol that allows two parties, each holding a private dataset, to compute the intersection of their sets without revealing any elements outside that intersection to the other party.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
CRYPTOGRAPHIC PROTOCOL

What is Private Set Intersection (PSI)?

A cryptographic protocol enabling two parties to compute the intersection of their private datasets without revealing any elements outside that intersection.

Private Set Intersection (PSI) is a secure multi-party computation protocol where two parties, each holding a private set of elements, jointly compute the intersection of their sets while revealing only the overlapping elements to each other. No non-intersecting elements are disclosed, ensuring mutual data privacy.

PSI protocols leverage cryptographic primitives such as oblivious transfer, homomorphic encryption, or garbled circuits to perform the matching computation without a trusted third party. In financial fraud analytics, PSI enables institutions to discover shared bad actors or compromised accounts across organizational boundaries without exposing their full customer databases.

PRIVATE SET INTERSECTION

Key Cryptographic Properties

The core cryptographic guarantees and architectural patterns that define how PSI protocols enable collaborative computation without exposing sensitive data.

01

Input Secrecy

The fundamental property ensuring that each party learns nothing about the other party's private set beyond the elements in the intersection. A malicious participant cannot extract non-intersecting items, even by deviating from the protocol. This is formalized through simulation-based security proofs in the semi-honest and malicious adversary models, guaranteeing that the protocol reveals no more information than an ideal functionality where a trusted third party computes the intersection.

02

Hiding Set Size

In standard PSI, the size of each party's set may be leaked. Fully private PSI variants extend the protocol to conceal even the cardinality of the intersection and the individual set sizes. This is critical in applications like watchlist screening, where revealing that a query set contains thousands of entries could itself be a sensitive metadata leak. Achieving this property typically requires additional cryptographic overhead, such as padding sets to a fixed upper bound or using additively homomorphic encryption to mask counts.

03

Efficient Oblivious Transfer Foundation

Modern high-performance PSI protocols are built on Oblivious Transfer (OT) extension, which dramatically reduces computational overhead. Key mechanisms include:

  • Base OTs: A small number of expensive public-key operations used to bootstrap the protocol
  • OT Extension: Efficiently expands a few base OTs into millions of symmetric-key OTs using hash functions
  • Cuckoo Hashing: A data structure that maps elements to bins, enabling sub-linear communication complexity This foundation allows PSI to scale to sets containing billions of items with practical latency.
04

Malicious Security

Protocols secure against active adversaries who may arbitrarily deviate from the specification to extract private information. Achieving malicious security requires additional integrity checks:

  • Cut-and-choose techniques: One party proves correct behavior by opening a random subset of commitments
  • Consistency checks: Verifying that OT inputs are used consistently across multiple invocations
  • Zero-knowledge proofs: Proving correct encryption or hashing without revealing secrets This contrasts with semi-honest security, which assumes parties follow the protocol but may attempt to learn from received messages.
05

Post-Quantum Readiness

Traditional PSI relies on assumptions like the Decisional Diffie-Hellman problem, which is vulnerable to Shor's algorithm on a sufficiently large quantum computer. Post-quantum PSI variants are being developed using:

  • Lattice-based cryptography: Leveraging the Learning With Errors (LWE) problem for OT primitives
  • Code-based constructions: Using syndrome decoding hardness assumptions
  • Isogeny-based protocols: Exploiting the difficulty of finding paths in supersingular isogeny graphs These ensure long-term confidentiality of intersection results against future quantum adversaries.
06

Delegated PSI Architecture

A variant where computationally weak clients outsource the heavy cryptographic lifting to untrusted cloud servers without revealing their private sets. The architecture splits trust:

  • Client: Encrypts its set and uploads ciphertexts to the server
  • Server: Performs the computationally intensive PSI computation on encrypted data
  • Result delivery: The server returns encrypted results that only the client can decrypt The server learns nothing about the sets or the intersection, enabling mobile devices and IoT sensors to participate in privacy-preserving matching at scale.
PSI EXPLAINED

Frequently Asked Questions

Clear, technical answers to the most common questions about Private Set Intersection protocols and their role in privacy-preserving fraud analytics.

Private Set Intersection (PSI) is a cryptographic protocol that allows two parties, each holding a private dataset, to compute the intersection of their sets without revealing any elements outside that intersection to the other party. The fundamental mechanism relies on representing each party's set elements as encrypted or hashed values that can be compared without decryption. In a typical Diffie-Hellman-based PSI protocol, both parties agree on a cyclic group and a generator. Party A hashes each of its elements and exponentiates them with its private key a, sending H(x)^a to Party B. Party B then exponentiates these received values with its own private key b, producing H(x)^(ab), and also computes H(y)^b for its own elements, sending both sets back. Party A exponentiates the received H(y)^b values with a to produce H(y)^(ab). The intersection is revealed by comparing the doubly-exponentiated hashes. Neither party learns elements unique to the other's set because they only see values obscured by the other's private exponent. Modern implementations often use Cuckoo hashing for efficient data structure representation and Oblivious Transfer (OT) extensions for improved computational complexity, reducing the overhead from quadratic to near-linear in the set sizes.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.