Inferensys

Glossary

Private Set Intersection (PSI)

A cryptographic protocol allowing two parties to compute the intersection of their private datasets without revealing any elements outside the intersection to the other party.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
CRYPTOGRAPHIC PROTOCOL

What is Private Set Intersection (PSI)?

A cryptographic protocol enabling two parties to compute the intersection of their private datasets without revealing any elements outside the intersection to the other party.

Private Set Intersection (PSI) is a secure multi-party computation (SMPC) protocol where two parties, each holding a private set, jointly compute the intersection of their sets while revealing nothing about the non-intersecting elements. The protocol ensures that Party A learns only the elements it shares with Party B, and Party B learns only the elements it shares with Party A, with neither gaining any information about the other's exclusive data.

PSI protocols are foundational for privacy-preserving computation in regulated industries like healthcare, enabling use cases such as federated cohort discovery across hospitals without exposing patient lists. Implementations rely on cryptographic primitives including oblivious transfer, homomorphic encryption, and Diffie-Hellman key exchange to guarantee computational security against semi-honest or malicious adversaries.

CRYPTOGRAPHIC PRIMITIVES

Key Features of PSI Protocols

Private Set Intersection (PSI) enables two parties to discover common data points without exposing their full datasets. These core features define modern PSI implementations in healthcare federated learning.

01

Asymmetric Data Protection

PSI protocols enforce one-sided output, where only the querying party learns the intersection result. The responding party receives no information about the querying party's set beyond what can be inferred from the intersection size.

  • Sender Privacy: The responder's non-intersecting elements remain cryptographically hidden
  • Receiver Privacy: The querying party's set elements outside the intersection are never revealed
  • Prevents data leakage in clinical trial patient matching where only the sponsor should discover overlapping cohorts
02

Computational Efficiency Trade-offs

PSI protocols balance communication complexity against computational overhead based on the underlying cryptographic primitive:

  • Diffie-Hellman PSI: O(n) computation with minimal communication, ideal for small to medium sets
  • Cuckoo Hashing + OPRF: Reduces asymptotic complexity to near-linear while handling sets of 2^20+ elements
  • Fully Homomorphic PSI: Enables computation on encrypted sets but incurs 1000x+ computational overhead
  • Modern labeled PSI extends intersection to retrieve associated metadata without additional leakage
03

Malicious Security Guarantees

Production PSI deployments in healthcare require security against active adversaries who may deviate from the protocol:

  • Semi-honest security: Assumes parties follow the protocol but may try to learn additional information from transcripts
  • Malicious security: Protects against arbitrary deviations using zero-knowledge proofs to enforce honest behavior
  • Covert security: Detects cheating with a configurable probability, offering a practical middle ground
  • Real-world genomic data matching requires malicious security to prevent input substitution attacks
04

Cardinality-Only Variants

PSI-Cardinality (PSI-CA) reveals only the size of the intersection, not the elements themselves. This weaker primitive is sufficient for many healthcare analytics use cases:

  • Clinical trial feasibility: Determine how many patients match criteria across institutions without identifying them
  • Epidemiological surveillance: Count overlapping disease cases between jurisdictions
  • PSI-CA protocols are typically 10-100x faster than full PSI
  • Can be combined with differential privacy to add calibrated noise to the intersection count
05

Delegated PSI Architectures

Delegated PSI offloads computation to untrusted cloud servers while preserving input privacy from the servers themselves:

  • Clients encrypt their sets and send them to a semi-honest cloud that performs the intersection
  • Relies on secret sharing or homomorphic encryption to keep inputs hidden from the delegate
  • Enables resource-constrained medical devices to participate in PSI without heavy local computation
  • Critical for cross-silo federated learning where hospitals lack dedicated cryptographic hardware
06

Quantum Resistance Considerations

Standard Diffie-Hellman-based PSI protocols are vulnerable to Shor's algorithm on sufficiently large quantum computers. Post-quantum PSI constructions are emerging:

  • Lattice-based OPRFs replace discrete log assumptions with Learning With Errors (LWE) hardness
  • Oblivious Transfer from lattice assumptions enables quantum-secure PSI building blocks
  • NIST PQC standardization drives adoption of Kyber and Dilithium primitives in PSI frameworks
  • Healthcare data with multi-decade sensitivity mandates cryptographic agility for future quantum threats
PRIVATE SET INTERSECTION EXPLAINED

Frequently Asked Questions

Clear, technically precise answers to the most common questions about Private Set Intersection (PSI) protocols, their cryptographic foundations, and their critical role in privacy-preserving healthcare computation.

Private Set Intersection (PSI) is a cryptographic protocol that allows two parties, each holding a private dataset, to jointly compute the intersection of their sets—the elements they have in common—without revealing any other elements to the opposing party. The fundamental guarantee is that Party A learns only the elements present in both sets, while Party B learns the same intersection, and neither gains any information about the other's exclusive elements.

PSI protocols are typically constructed using one of three cryptographic primitives:

  • Diffie-Hellman-based PSI: Utilizes the computational hardness of the discrete logarithm problem. Each party hashes and exponentiates their set elements with a secret key, exchanges the blinded values, and re-exponentiates. Matching ciphertexts reveal intersection membership.
  • Oblivious Transfer (OT)-based PSI: Leverages OT extensions for efficiency at scale, representing sets as bit vectors or Cuckoo hash tables and performing private equality checks.
  • Fully Homomorphic Encryption (FHE)-based PSI: Encrypts one party's set under an FHE scheme, allowing the other party to homomorphically evaluate a polynomial representing their set and return only encrypted matches.

In a healthcare context, PSI enables a hospital to discover which of its patients are also enrolled in a clinical trial at another institution without exposing its full patient roster, satisfying both operational needs and HIPAA compliance.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.