Private Set Intersection (PSI) is a secure multi-party computation (SMPC) protocol where two parties, each holding a private set, jointly compute the intersection of their sets while revealing nothing about the non-intersecting elements. The protocol ensures that Party A learns only the elements it shares with Party B, and Party B learns only the elements it shares with Party A, with neither gaining any information about the other's exclusive data.
Glossary
Private Set Intersection (PSI)

What is Private Set Intersection (PSI)?
A cryptographic protocol enabling two parties to compute the intersection of their private datasets without revealing any elements outside the intersection to the other party.
PSI protocols are foundational for privacy-preserving computation in regulated industries like healthcare, enabling use cases such as federated cohort discovery across hospitals without exposing patient lists. Implementations rely on cryptographic primitives including oblivious transfer, homomorphic encryption, and Diffie-Hellman key exchange to guarantee computational security against semi-honest or malicious adversaries.
Key Features of PSI Protocols
Private Set Intersection (PSI) enables two parties to discover common data points without exposing their full datasets. These core features define modern PSI implementations in healthcare federated learning.
Asymmetric Data Protection
PSI protocols enforce one-sided output, where only the querying party learns the intersection result. The responding party receives no information about the querying party's set beyond what can be inferred from the intersection size.
- Sender Privacy: The responder's non-intersecting elements remain cryptographically hidden
- Receiver Privacy: The querying party's set elements outside the intersection are never revealed
- Prevents data leakage in clinical trial patient matching where only the sponsor should discover overlapping cohorts
Computational Efficiency Trade-offs
PSI protocols balance communication complexity against computational overhead based on the underlying cryptographic primitive:
- Diffie-Hellman PSI: O(n) computation with minimal communication, ideal for small to medium sets
- Cuckoo Hashing + OPRF: Reduces asymptotic complexity to near-linear while handling sets of 2^20+ elements
- Fully Homomorphic PSI: Enables computation on encrypted sets but incurs 1000x+ computational overhead
- Modern labeled PSI extends intersection to retrieve associated metadata without additional leakage
Malicious Security Guarantees
Production PSI deployments in healthcare require security against active adversaries who may deviate from the protocol:
- Semi-honest security: Assumes parties follow the protocol but may try to learn additional information from transcripts
- Malicious security: Protects against arbitrary deviations using zero-knowledge proofs to enforce honest behavior
- Covert security: Detects cheating with a configurable probability, offering a practical middle ground
- Real-world genomic data matching requires malicious security to prevent input substitution attacks
Cardinality-Only Variants
PSI-Cardinality (PSI-CA) reveals only the size of the intersection, not the elements themselves. This weaker primitive is sufficient for many healthcare analytics use cases:
- Clinical trial feasibility: Determine how many patients match criteria across institutions without identifying them
- Epidemiological surveillance: Count overlapping disease cases between jurisdictions
- PSI-CA protocols are typically 10-100x faster than full PSI
- Can be combined with differential privacy to add calibrated noise to the intersection count
Delegated PSI Architectures
Delegated PSI offloads computation to untrusted cloud servers while preserving input privacy from the servers themselves:
- Clients encrypt their sets and send them to a semi-honest cloud that performs the intersection
- Relies on secret sharing or homomorphic encryption to keep inputs hidden from the delegate
- Enables resource-constrained medical devices to participate in PSI without heavy local computation
- Critical for cross-silo federated learning where hospitals lack dedicated cryptographic hardware
Quantum Resistance Considerations
Standard Diffie-Hellman-based PSI protocols are vulnerable to Shor's algorithm on sufficiently large quantum computers. Post-quantum PSI constructions are emerging:
- Lattice-based OPRFs replace discrete log assumptions with Learning With Errors (LWE) hardness
- Oblivious Transfer from lattice assumptions enables quantum-secure PSI building blocks
- NIST PQC standardization drives adoption of Kyber and Dilithium primitives in PSI frameworks
- Healthcare data with multi-decade sensitivity mandates cryptographic agility for future quantum threats
Frequently Asked Questions
Clear, technically precise answers to the most common questions about Private Set Intersection (PSI) protocols, their cryptographic foundations, and their critical role in privacy-preserving healthcare computation.
Private Set Intersection (PSI) is a cryptographic protocol that allows two parties, each holding a private dataset, to jointly compute the intersection of their sets—the elements they have in common—without revealing any other elements to the opposing party. The fundamental guarantee is that Party A learns only the elements present in both sets, while Party B learns the same intersection, and neither gains any information about the other's exclusive elements.
PSI protocols are typically constructed using one of three cryptographic primitives:
- Diffie-Hellman-based PSI: Utilizes the computational hardness of the discrete logarithm problem. Each party hashes and exponentiates their set elements with a secret key, exchanges the blinded values, and re-exponentiates. Matching ciphertexts reveal intersection membership.
- Oblivious Transfer (OT)-based PSI: Leverages OT extensions for efficiency at scale, representing sets as bit vectors or Cuckoo hash tables and performing private equality checks.
- Fully Homomorphic Encryption (FHE)-based PSI: Encrypts one party's set under an FHE scheme, allowing the other party to homomorphically evaluate a polynomial representing their set and return only encrypted matches.
In a healthcare context, PSI enables a hospital to discover which of its patients are also enrolled in a clinical trial at another institution without exposing its full patient roster, satisfying both operational needs and HIPAA compliance.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Explore the cryptographic primitives and privacy-enhancing technologies that form the foundation of Private Set Intersection and secure collaborative computation in healthcare.
Homomorphic Encryption (HE)
A cryptographic primitive that allows computations to be performed directly on encrypted ciphertexts, producing an encrypted result that matches operations on plaintext. While PSI computes intersections, HE can be used to perform arbitrary analytics on the intersected data without decryption. In federated healthcare networks, HE often complements PSI to enable private computation on the matched cohort.
Differential Privacy
A mathematical framework that quantifies the privacy guarantee of a randomized algorithm. When combined with PSI, differential privacy ensures that the intersection output itself does not leak information about any single individual. Key parameters:
- Epsilon (ε): The privacy loss parameter; smaller values indicate stronger guarantees
- Privacy Budget: The total allowable privacy loss across multiple queries This prevents membership inference attacks on the intersected set.
Oblivious Transfer (OT)
A fundamental cryptographic protocol where a sender transfers one of potentially many pieces of information to a receiver, but remains oblivious to which piece was transferred. OT serves as a core building block for many PSI protocols, particularly in OT-based PSI constructions. It enables efficient private matching without revealing non-matching elements to either party.
Bloom Filters
A space-efficient probabilistic data structure used to test whether an element is a member of a set. In PSI protocols, Garbled Bloom Filters enable efficient private set intersection by allowing parties to encode their sets in a way that supports oblivious querying. False positives are possible but can be cryptographically controlled, making them suitable for large-scale patient record matching.
Secure Aggregation
A protocol in federated learning that computes the sum of model updates from multiple clients without revealing individual contributions. While distinct from PSI, secure aggregation shares the same privacy-preserving multi-party computation foundations. In healthcare federated learning, PSI can first identify overlapping patient cohorts across institutions, and secure aggregation then combines their model updates privately.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us